| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 10: Verdacht auf Crypto-MinerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2024, 13:56
| #1 |
 |  Windows 10: Verdacht auf Crypto-Miner Hallo  Wie schon dem Titel zu entnehmen ist, habe ich den Verdacht, mir einen Crypto-Miner oder ähnliches eingefangen zu haben. Wenn mein PC für ca. 1,5h an ist und ich nicht aktiv bin, drehen plötzlich die Lüfter auf. Sobald die Maus bewegt wird oder eine beliebige Taste gedrückt wird fahren diese fast sofort wieder runter. Ich habe den Taskmanager geöffnet um zu schauen ob ich ein Programm identifizieren kann welches das verursacht. Der Taskmanager war nach CPU-usage geordnet. Nach ca. 1,5h drehten die Lüfter wieder auf. Die GPU-Auslastung war bei 100% sobald ich aber nach dieser ordnen wollte war es wieder zu spät... Auslastung war wieder bei normalen Betriebszahlen bevor es nach größe der Auslastung sortiert werden konnte. Der Windows-Defender konnte nach einem erweiterten Scan nichts erkennen. Malwarebytes hatte ich vor etwa 2 Wochen auch schon laufen lassen. Nach erstellen dieses Posts werde ich erneut abwarten und schauen ob ich selbst herausfinden kann was meine GPU so auslastet. Vielen Dank schonmal für die Hilfe! FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27.01.2024
durchgeführt von nils (Administrator) auf NILS-PC (27-01-2024 13:39:18)
Gestartet von C:\Users\nils\Desktop\FRST\FRST64.exe
Geladene Profile: nils
Plattform: Microsoft Windows 10 Pro Version 22H2 19045.3930 (X64) Sprache: Englisch (Vereinigtes Königreich) -> Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.229.605.0_x64__zpdnekdrzrea0\Spotify.exe <6>
(8AB18DA5-65D5-493C-BD78-9F4467A7CDE8 -> Chris Andriessen) C:\Program Files\WindowsApps\40210ChrisAndriessen.FalconX_1.7.8.0_x64__y1dazs5f5wq00\Release\TaskbarX.exe
(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.exe
(C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdHelper.x64.exe
(C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairOsdLauncher.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.241.0.10\OverwolfHelper.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.241.0.10\OverwolfHelper64.exe
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\0.241.0.10\OverwolfBrowser.exe <4>
(C:\Program Files (x86)\Overwolf\Overwolf.exe ->) (Overwolf Ltd -> Overwolf LTD) C:\Users\nils\AppData\Local\Overwolf\ProcessCache\0.241.0.10\cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj\curseforge.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NvVirtualCamera\NVIDIA Broadcast.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\nils\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\106.0.4998.61\opera_crashreporter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(explorer.exe ->) (E3B4A0F6-E459-414C-8DFB-ABEAB07C9242 -> Microsoft Corporation) C:\Program Files\WindowsApps\32669SamG.ModernFlyouts_0.9.3.0_x64__pcy8vm99wrpcg\ModernFlyoutsHost.exe
(explorer.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (EPOS Group A/S -> ) C:\Program Files (x86)\EPOS\Gaming Suite\EPOSGamingSuite.exe
(explorer.exe ->) (Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.) C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\hid.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(InnoVISION Multimedia Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Norway AS -> Opera Software) C:\Users\nils\AppData\Local\Programs\Opera GX\opera.exe <29>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Overwolf Ltd -> Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Reason Cybersecurity Inc. -> Reason Cybersecurity Ltd.) C:\Program Files\ReasonLabs\Common\Client\v1.2.0\rsAppUI.exe <9>
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe
(services.exe ->) (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (EPOS Group A/S -> ) C:\Program Files (x86)\EPOS\Gaming Suite\EPOSGamingSuiteService
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_54b736e5be5b50b2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel(R) Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe <2>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3828c822366e497\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe
(services.exe ->) (Reason Cybersecurity Inc. -> Reason Software Company Inc.) C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe
(services.exe ->) (Scarlet.Crush Productions) [Datei ist nicht signiert] C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(services.exe ->) (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(services.exe ->) (SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Shrew Soft Inc -> ) C:\Program Files\ShrewSoft\VPN Client\iked.exe
(services.exe ->) (Shrew Soft Inc -> ) C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.11012.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.123.11012.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2310.8.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast UI.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3071232 2022-08-03] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Spectrum] => C:\Program Files (x86)\G.SKILL\Trident Z Lighting Control\HID.exe [1753104 2020-05-25] (G.SKILL International Enterprise Co., Ltd. -> G.SKILL Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [62636856 2020-11-13] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Inno3D] => C:\Program Files (x86)\INNO3D TuneIT\Inno3D.exe [24387584 2020-09-28] (InnoVISION Multimedia Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410728 2021-12-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3449150419-271838051-1508037707-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37188048 2024-01-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Chromium] => "c:\users\nils\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session (Keine Datei)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [DiscordPTB] => C:\Users\nils\AppData\Local\DiscordPTB\app-0.0.55\DiscordPTB.exe (Keine Datei)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1785864 2024-01-07] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [45968128 2023-12-11] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [WallpaperEngine] => D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [3223136 2023-10-28] (Skutta, Kristjan -> )
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [Opera GX Browser Assistant] => C:\Users\nils\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-02] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\Run: [MicrosoftEdgeAutoLaunch_1850AB30EF24BC4C113B74D75C151A3B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {0f23f2bb-2cd9-11ec-bd9e-00158313c5dd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {3459cdf0-13ae-11ec-bd9b-00158313c5dd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {6f4676a2-b040-11ec-bdc3-00158313c5dd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {812634e0-904f-11ee-be35-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {8c5ee76f-9f6e-11eb-bd72-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91727cc2-da62-11ea-bcee-0492265d3edd} - "F:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91776608-48b0-11ec-bdac-00158313c5dd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {91776673-48b0-11ec-bdac-00158313c5dd} - "E:\OnePlus_setup.exe" /s
HKU\S-1-5-21-3449150419-271838051-1508037707-1002\...\MountPoints2: {d80afba4-6f01-11eb-bd49-0492265d3edd} - "E:\OnePlus_setup.exe" /s
HKLM\...\Windows x64\Print Processors\OKX055PP: C:\Windows\System32\spool\prtprocs\x64\OKX055PP.DLL [52224 2015-12-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\...\Print\Monitors\EPSON WF-3540 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMJHE.DLL [120320 2011-04-19] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558080 2011-08-30] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OPPFLM64.DLL [24064 2011-07-04] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.85\Installer\chrmstp.exe [2024-01-25] (Google LLC -> Google LLC)
Startup: C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2024-01-21]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2021-02-26]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EPOS Gaming Suite.lnk [2022-06-26]
ShortcutTarget: EPOS Gaming Suite.lnk -> C:\Program Files (x86)\EPOS\Gaming Suite\EPOSGamingSuite.exe (EPOS Group A/S -> )
BootExecute: autocheck autochk /k:C *
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {D7486F2D-BB18-4E28-B718-83CF6A9FB91F} - System32\Tasks\{B557B444-21B0-41FD-B838-14D7E070A414} => c:\windows\system32\launchwinapp.exe [45056 2023-12-15] (Microsoft Windows -> Microsoft Corporation) -> hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=404
Task: {66CB8C64-C47E-4DE8-BC72-AE4F1B10190B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2144664 2023-08-02] (Avast Software s.r.o. -> Avast Software)
Task: {5E1CF42E-038C-41ED-9D10-57ADDC87DFDA} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [274912 2022-11-17] (Bluestack Systems, Inc -> BlueStack Systems, Inc.)
Task: {1CFF092D-CB8C-4697-A22E-C65E98842FAC} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002Core => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe /c (Keine Datei)
Task: {AF840AC3-BAA2-43A2-9FF4-E39C018BA346} - System32\Tasks\BraveSoftwareUpdateTaskUserS-1-5-21-3449150419-271838051-1508037707-1002UA => C:\Users\nils\AppData\Local\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {708BEC20-0B26-4F36-9C8B-B3DDB92FF7D8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5550856 2023-12-15] (Microsoft Windows -> Microsoft Corporation)
Task: {BC9D7D8A-7218-4CE4-B16D-FC573B007C44} - System32\Tasks\G2MUpdateTask-S-1-5-21-3449150419-271838051-1508037707-1002 => C:\Users\nils\AppData\Local\GoToMeeting\19950\g2mupdate.exe [33456 2022-06-03] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3C1DF0BC-B120-4C7D-BFA4-9CBFFAD5E8C0} - System32\Tasks\G2MUploadTask-S-1-5-21-3449150419-271838051-1508037707-1002 => C:\Users\nils\AppData\Local\GoToMeeting\19950\g2mupload.exe [33456 2022-06-03] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {3F10FFE7-CD67-47C7-BEB9-39F2B2A7922A} - System32\Tasks\Google Play Games Notifier => C:\Program Files\Google\Play Games\Bootstrapper.exe [374560 2024-01-21] (Google LLC -> Google LLC)
Task: {A448EED5-27DE-4BDF-837A-18BA2E930140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {BDDB2636-5C15-45B7-A849-41EBC891643A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-16] (Google Inc -> Google Inc.)
Task: {7478992B-7BB6-4BF1-A873-5E111E4C328B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {21AD196C-E033-4A17-8AB0-51729310AFC0} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {49B6BC26-85D9-47CD-8037-109C0AE32EE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Keine Datei)
Task: {D839F23C-264C-4673-8665-4F23FC4CC946} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {96E7643A-2254-4E65-9A40-2B59FC121F71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425192 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0CFFBD7-9683-4F02-BFA9-01A676277A0D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B99D3737-ED33-4665-8831-79729A69FDDD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305744 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {93F0030F-A0C7-48BB-B3D1-0DE1004E37F8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-01-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B5D32EB-4067-4EA0-A15B-43DCB47E9F82} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4434864 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AFBADC6-5A92-4AD1-B4C6-825820AA6735} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [555616 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {456D73CF-2E82-4BAA-A299-5F55636C433C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {446B1B51-DBBF-4E6C-B75D-F99B4B01EE32} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D9FAD07E-94BF-48A0-AB30-A07D6B8519AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7083C3CB-997A-4003-8627-EC98C79F90D7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16EB5C68-D80E-47A9-BCB6-A06F1C9834CC} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (Keine Datei)
Task: {700349FD-F55C-49D0-8B21-D1D2965DC750} - System32\Tasks\NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast UI.exe [11015736 2023-01-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {150A990D-50BB-44FF-88C3-76D973F44C5A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {E2F5A047-1CAB-4AB7-9378-E8E3ED8F75AB} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {430BF654-38D8-45D2-A3F7-A0CD9F537971} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A40BAFBC-F37E-4EC1-BC46-5707592376F0} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7376426-7EE8-4506-A492-135F0DCBA934} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0553C191-C11D-449D-AB8E-C28E6F624F3E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0BEE307-E357-4107-9BFA-82B875AEBBA7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B3E56FB4-A1A3-442D-BA01-2A831C6187A1} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2195C137-0EC2-4FCD-B281-8EA423B96759} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CBFD160A-267A-4AC3-B7F9-BCE4026B204F} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3449150419-271838051-1508037707-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {CD2D41E1-ACCC-4E1B-8AEA-8A21AC5C3BA3} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1614869362 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [2294176 2024-01-24] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\nils\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {3A4136F1-CC37-445D-9CE3-43BC4BE89F22} - System32\Tasks\Opera GX scheduled Autoupdate 1593451427 => C:\Users\nils\AppData\Local\Programs\Opera GX\launcher.exe [2294176 2024-01-24] (Opera Norway AS -> Opera Software)
Task: {9755D7FA-2C11-4258-B363-6A045E7D0494} - System32\Tasks\Opera scheduled Autoupdate 1555368081 => C:\Users\nils\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {CC90B01F-54A3-4F48-9A32-4D63DFA4B7B8} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd -> Overwolf LTD)
Task: {46C4D8B0-EF42-4BC5-A2B4-528E8E091BBE} - System32\Tasks\TaskbarX NILS-PCnils => C:\WINDOWS\explorer.exe [5550856 2023-12-15] (Microsoft Windows -> Microsoft Corporation)
Task: {247335EE-A7B9-443A-B7C4-14AD5DACB27E} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-13] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3449150419-271838051-1508037707-1002.job => C:\Users\nils\AppData\Local\GoToMeeting\19950\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3449150419-271838051-1508037707-1002.job => C:\Users\nils\AppData\Local\GoToMeeting\19950\g2mupload.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.101
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpNameServer] 192.168.178.101
Tcpip\..\Interfaces\{49065b68-8f61-403d-b9dc-f5281de063c8}: [DhcpDomain] local.schu.xyz
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{6101516c-66f7-4516-8d27-037ec68a3a21}: [DhcpNameServer] 192.168.178.100
Tcpip\..\Interfaces\{d9113418-f92d-4645-ad90-4606c382b8c7}: [NameServer] 141.100.54.53
Edge:
=======
Edge Profile: C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-27]
Edge Notifications: Default -> hxxps://web.snapchat.com
Edge Extension: (Google Docs Offline) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-25]
Edge Extension: (Edge relevant text changes) - C:\Users\nils\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
FireFox:
========
FF DefaultProfile: ncucdlz8.default-1584820434065
FF ProfilePath: C:\Users\nils\AppData\Roaming\Mozilla\Firefox\Profiles\ncucdlz8.default-1584820434065 [2021-03-25]
FF Plugin: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-12-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default [2024-01-21]
CHR Notifications: Default -> hxxps://www.netflix.com
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-01-21]
CHR Extension: (Metastream Remote) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakegmdomhmegokfomgmkbopjibonfcp [2023-12-19]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2024-01-21]
CHR Extension: (Bardeen - automatisiere manuelle Arbeit) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihhkmalpkhkoedlmcnilbbhhbhnicjga [2023-12-19]
CHR Extension: (Unpaywall) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2022-07-17]
CHR Extension: (Online Security) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbcnfanfmjhpedaedhbcnpgeepdnnok [2024-01-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-15]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\nils\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2024-01-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKU\S-1-5-21-3449150419-271838051-1508037707-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gpggceimbegdiddifklmeponnmkppfho]
CHR HKLM-x32\...\Chrome\Extension: [llbcnfanfmjhpedaedhbcnpgeepdnnok]
Opera:
=======
OPR Profile: C:\Users\nils\AppData\Roaming\Opera Software\Opera Stable [2021-02-18]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
StartMenuInternet: (HKU\S-1-5-21-3449150419-271838051-1508037707-1002) Opera GXStable - "C:\Users\nils\AppData\Local\Programs\Opera GX\Launcher.exe"
Brave:
=======
BRA Profile: C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-02-18]
BRA Extension: (Brave Tracking Protection Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2019-01-19]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2019-01-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2019-01-19]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2019-01-19]
BRA Extension: (PDF Viewer) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-01-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nils\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2019-01-19]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AntiCheatExpert Service; C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe [2688544 2022-07-06] (PUBG CORPORATION -> )
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.28\atkexComSvc.exe [419264 2019-01-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe [975832 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2019-01-19] (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.28\AsusFanControlService.exe [1919280 2019-01-19] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) [Datei ist nicht signiert]
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2022-12-08] (BattlEye Innovations e.K. -> )
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13777080 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2021-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [422504 2021-12-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [81512 2021-12-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2017-08-12] (Scarlet.Crush Productions) [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2022-06-08] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-09-26] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2128360 2022-09-22] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7166552 2022-09-22] (GOG Sp. z o.o. -> GOG.com)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] (Shrew Soft Inc -> )
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] (Shrew Soft Inc -> )
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10759936 2023-12-11] (Logitech Inc -> Logitech, Inc.)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [30057640 2023-05-19] (My.Com B.V. -> My.com B.V.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2199024 2023-05-18] (Rockstar Games, Inc. -> Rockstar Games)
R2 rsDNSClientSvc; C:\Program Files\ReasonLabs\DNS\rsDNSClientSvc.exe [638832 2023-06-25] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSResolver; C:\Program Files\ReasonLabs\DNS\rsDNSResolver.exe [11330416 2023-06-25] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsDNSSvc; C:\Program Files\ReasonLabs\DNS\rsDNSSvc.exe [214384 2023-06-25] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsVPNClientSvc; C:\Program Files\ReasonLabs\VPN\rsVPNClientSvc.exe [666624 2023-11-02] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
R2 rsVPNSvc; C:\Program Files\ReasonLabs\VPN\rsVPNSvc.exe [226816 2023-11-02] (Reason Cybersecurity Inc. -> Reason Software Company Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe [5084200 2024-01-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10476264 2022-08-03] () [Datei ist nicht signiert]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [12355424 2024-01-10] (KRAFTON, Inc. -> KRAFTON, Inc)
R2 EPOSGamingSuiteService; "C:\Program Files (x86)\EPOS\Gaming Suite\EPOSGamingSuiteService" /start EPOSGamingSuiteService [X]
S2 McAfee WebAdvisor; "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3828c822366e497\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3828c822366e497\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ACE-BASE; C:\WINDOWS\system32\drivers\ACE-BASE.sys [2178912 2022-09-06] (PUBG CORPORATION -> ANTICHEATEXPERT.COM)
S3 ACE-GAME; C:\WINDOWS\system32\drivers\ACE-GAME.sys [914760 2022-09-06] (PUBG CORPORATION -> ANTICHEATEXPERT.COM)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2019-01-19] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33504 2019-01-01] (ASUSTeK Computer Inc. -> )
R1 avm_nwim; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [396088 2017-03-17] (WDKTestCert shuebner,130916460956458304 -> AVM)
R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [321792 2022-11-17] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2020-09-15] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R2 CmUpx; C:\WINDOWS\system32\drivers\CmUpx.sys [30184 2021-06-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2021-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2021-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2021-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2021-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2024-01-22] (CPUID S.A.R.L.U. -> CPUID) <==== ACHTUNG
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 EPOSAudio; C:\WINDOWS\System32\drivers\eposaudio.sys [95272 2022-05-20] (EPOS Group A/S -> EPOS Group A/S)
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [19392 2018-04-23] (ASUSTeK Computer Inc. -> )
S1 googlehaxm; C:\WINDOWS\system32\drivers\GoogleHaxm.sys [200232 2023-12-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45168 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [43856 2021-03-17] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-25] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-25] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-25] (Logitech Inc -> Logitech)
R3 MpKslfcd73432; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66999F36-9524-4D49-AD59-D19E71B2D2B2}\MpKslDrv.sys [263560 2024-01-27] (Microsoft Windows -> Microsoft Corporation)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv1.sys [29287768 2023-05-19] (My.Com B.V. -> My.com B.V.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 rawaccel; C:\WINDOWS\system32\drivers\rawaccel.sys [50176 2021-09-24] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 rsDwf; C:\WINDOWS\system32\DRIVERS\rsDwf.sys [54144 2023-06-25] (Reason CyberSecurity Inc. -> Reason CyberSecurity Inc.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2017-08-12] (Bruce James -> Scarlet.Crush Productions)
S3 SennComUSB; C:\WINDOWS\System32\drivers\SennComUSB.sys [61928 2020-11-17] (Sennheiser Communications A/S -> Sennheiser Communications A/S)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2020-06-01] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2020-06-01] (Valve Corp. -> )
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [24064 2020-09-15] (Microsoft Corporation) [Datei ist nicht signiert]
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Shrew Soft Inc)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8752264 2022-08-03] (Riot Games, Inc. -> Riot Games, Inc.)
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Shrew Soft Inc)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-10] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [215864 2024-01-18] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 ALSysIO; \??\C:\Users\nils\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X] <==== ACHTUNG
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-01-27 13:39 - 2024-01-27 13:39 - 000000000 ____D C:\FRST
2024-01-27 13:38 - 2024-01-27 13:39 - 000000000 ___DC C:\Users\nils\Desktop\FRST
2024-01-22 21:30 - 2024-01-22 21:30 - 034463940 ____C C:\Users\nils\Desktop\0122.mp4
2024-01-22 21:17 - 2024-01-22 21:18 - 072533264 ____C C:\Users\nils\Desktop\HONDA.mp4
2024-01-22 20:14 - 2024-01-22 20:14 - 000000000 ____D C:\Users\nils\AppData\Local\VEDetector
2024-01-22 20:14 - 2024-01-22 20:14 - 000000000 ____D C:\Users\nils\AppData\Local\Bytedance
2024-01-22 20:07 - 2024-01-22 20:12 - 000000000 ____D C:\Users\nils\.openshot_qt
2024-01-22 20:03 - 2024-01-22 21:17 - 000000000 ____D C:\Users\nils\AppData\Local\CapCut
2024-01-22 20:03 - 2024-01-22 20:03 - 000001356 ____C C:\Users\nils\Desktop\CapCut.lnk
2024-01-22 20:03 - 2024-01-22 20:03 - 000000000 ___DC C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CapCut
2024-01-22 19:48 - 2024-01-22 19:48 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2024-01-22 00:02 - 2024-01-22 00:02 - 000000207 ____C C:\Users\nils\Desktop\Urlaubanfrage.txt
2024-01-21 18:16 - 2024-01-21 18:16 - 000002359 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic.lnk
2024-01-21 13:47 - 2024-01-21 13:47 - 000003868 _____ C:\WINDOWS\system32\Tasks\Google Play Games Notifier
2024-01-21 13:47 - 2024-01-21 13:47 - 000001091 _____ C:\Users\Public\Desktop\Google Play Games beta.lnk
2024-01-21 13:47 - 2024-01-21 13:47 - 000000000 ____D C:\Users\nils\AppData\Local\ToastNotificationManagerCompat
2024-01-21 13:47 - 2024-01-21 13:47 - 000000000 ____D C:\Users\nils\AppData\Local\HPE
2024-01-21 13:47 - 2024-01-21 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Play Games
2024-01-21 13:46 - 2024-01-21 13:46 - 000000000 ____D C:\ProgramData\Google
2024-01-21 13:46 - 2024-01-21 13:46 - 000000000 ____D C:\Program Files\Google
2024-01-21 13:44 - 2024-01-21 13:44 - 010908744 _____ (Google LLC) C:\Users\nils\Downloads\Install-Frost & Flame_ King of Avalon-GooglePlayGames-Beta.exe
2024-01-12 20:17 - 2024-01-12 20:17 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-11 20:47 - 2024-01-11 20:48 - 000000000 ___HD C:\$WinREAgent
2023-12-28 19:29 - 2023-12-28 19:29 - 000078806 _____ C:\Users\nils\Downloads\StressMyPC5.31.zip
2023-12-28 19:29 - 2023-12-28 19:29 - 000000000 ____D C:\Users\nils\AppData\Roaming\StressMyPC
2023-12-28 19:28 - 2023-12-28 19:28 - 005331520 _____ (CHIP Digital GmbH) C:\Users\nils\Downloads\StressMyPC - CHIP Installer _VNxop.exe
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-01-27 13:32 - 2021-12-18 01:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-27 13:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-27 13:32 - 2019-02-16 23:11 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-27 13:23 - 2020-09-15 07:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-27 12:25 - 2017-11-02 01:23 - 000000000 ____D C:\ProgramData\NVIDIA
2024-01-27 09:26 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-27 09:09 - 2021-02-18 21:01 - 000000000 ____D C:\Users\nils\AppData\Local\LGHUB
2024-01-27 09:09 - 2019-10-27 12:42 - 000000000 ____D C:\Users\nils\AppData\Local\Overwolf
2024-01-25 18:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-25 17:24 - 2019-02-16 23:11 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-25 17:23 - 2022-07-15 20:40 - 000001431 ____C C:\Users\nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2024-01-25 17:23 - 2020-09-15 07:58 - 000004184 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1593451427
2024-01-23 22:16 - 2023-09-01 16:52 - 000000000 ____D C:\Users\nils\AppData\Roaming\EasyAntiCheat
2024-01-22 22:55 - 2018-06-27 19:54 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-22 20:16 - 2018-06-28 22:51 - 000000000 ___DC C:\Users\nils\AppData\Local\D3DSCache
2024-01-22 20:13 - 2018-06-28 13:09 - 000000000 ___DC C:\Users\nils\AppData\Local\CrashDumps
2024-01-22 20:07 - 2020-09-15 00:33 - 000000000 ____D C:\Users\nils
2024-01-22 20:06 - 2018-06-29 12:14 - 000000000 ____D C:\ProgramData\Packages
2024-01-22 20:06 - 2018-06-27 19:45 - 000000000 ___DC C:\Users\nils\AppData\Local\Packages
2024-01-22 20:04 - 2023-09-15 18:31 - 000263672 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_3.dll
2024-01-22 20:04 - 2022-10-22 10:51 - 000095736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-01-22 20:04 - 2022-10-22 10:51 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-01-22 20:04 - 2021-11-19 17:01 - 000194040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-01-22 20:04 - 2021-11-07 13:13 - 002754152 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-01-22 20:04 - 2021-11-07 13:13 - 000644600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-01-22 20:04 - 2021-11-07 13:13 - 000214632 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-01-22 20:04 - 2021-11-07 13:13 - 000145000 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-01-22 20:04 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-01-22 19:52 - 2020-09-15 07:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-22 19:52 - 2020-09-15 00:13 - 000741554 _____ C:\WINDOWS\system32\perfh007.dat
2024-01-22 19:52 - 2020-09-15 00:13 - 000149804 _____ C:\WINDOWS\system32\perfc007.dat
2024-01-22 19:48 - 2020-09-15 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-22 19:48 - 2020-09-15 07:52 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-22 19:48 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-01-22 19:48 - 2019-01-22 14:43 - 000000000 ____D C:\Intel
2024-01-22 19:45 - 2018-06-29 15:41 - 000000000 ___DC C:\Users\nils\AppData\Local\PlaceholderTileLogoFolder
2024-01-22 17:56 - 2020-10-12 22:07 - 000000000 ____D C:\Users\nils\AppData\Roaming\discord
2024-01-22 17:39 - 2020-11-13 19:22 - 000000000 ____D C:\Users\nils\AppData\Local\Discord
2024-01-22 15:31 - 2022-11-28 18:37 - 000000000 ____D C:\Users\nils\AppData\Roaming\Microsoft\Teams
2024-01-21 13:51 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-21 13:44 - 2019-02-16 23:11 - 000000000 ____D C:\Users\nils\AppData\Local\Google
2024-01-21 11:20 - 2023-04-19 17:09 - 000000000 ___DC C:\Users\nils\Desktop\Berufsschule
2024-01-19 21:27 - 2020-09-15 07:58 - 000003926 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-01-19 21:27 - 2020-09-15 07:58 - 000003802 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-01-18 21:35 - 2020-12-03 16:58 - 000000000 ____D C:\Program Files\Common Files\PUBG
2024-01-18 21:27 - 2021-01-30 01:27 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-01-18 20:01 - 2019-03-20 22:38 - 000215864 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2024-01-16 21:51 - 2021-02-26 02:16 - 000000000 ___DC C:\Users\nils\Desktop\Nintendo
2024-01-14 21:10 - 2018-06-27 19:55 - 000000000 ___DC C:\Users\nils\AppData\Local\Steam
2024-01-13 13:26 - 2023-12-12 01:51 - 000000301 ____C C:\Users\nils\Desktop\Urlaubstage.txt
2024-01-12 21:05 - 2022-08-06 02:37 - 000000000 ____D C:\Users\nils\AppData\Roaming\Vampire_Survivors_377440891
2024-01-12 20:17 - 2019-06-21 23:19 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-12 15:20 - 2019-07-06 12:04 - 000000000 ____D C:\Users\nils\AppData\Roaming\Microsoft\Word
2024-01-12 15:13 - 2019-08-26 13:03 - 000000000 ____D C:\Users\nils\AppData\Roaming\Microsoft\Excel
2024-01-12 14:22 - 2018-06-27 19:45 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-11 20:55 - 2020-09-15 07:53 - 000647176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-11 20:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-11 20:46 - 2018-06-27 20:26 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-11 20:44 - 2018-06-27 20:26 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-08 19:17 - 2023-08-31 21:24 - 000000000 ____D C:\Users\nils\AppData\Roaming\G HUB
2024-01-08 19:16 - 2021-02-18 21:01 - 000000000 ____D C:\Users\nils\AppData\Roaming\LGHUB
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-11-12 10:58 - 2021-11-12 10:58 - 115176112 _____ (GitHub, Inc.) C:\Users\nils\GitHubDesktopSetup-x64.exe
2021-11-11 13:53 - 2021-11-11 13:53 - 032151603 _____ (gnuplot development team ) C:\Users\nils\gp542-win64-mingw.exe
2021-11-12 10:52 - 2021-11-12 10:52 - 025387808 _____ (Atlassian) C:\Users\nils\SourceTreeSetup-3.4.6.exe
2020-10-11 02:54 - 2020-10-11 03:01 - 003228672 _____ () C:\Users\nils\AppData\Roaming\ScriptHookV.dll
2021-02-16 12:59 - 2021-02-18 15:53 - 000000578 _____ () C:\Users\nils\AppData\Roaming\WiinUSoft_prefs.config
2021-02-01 18:39 - 2021-02-01 20:21 - 000000128 _____ () C:\Users\nils\AppData\Roaming\winscp.rnd
2022-05-06 17:54 - 2022-05-06 17:54 - 000002923 _____ () C:\Users\nils\AppData\Local\recently-used.xbel
2019-02-19 20:35 - 2023-10-12 23:53 - 000007607 _____ () C:\Users\nils\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addition: Der Post wird zu lang, einfügen als .txt nicht möglich da zu groß .zip ist auch nicht möglich. Beim Hochladen wird folgende Fehlermeldung angezeigt: "PHP User Warning: is_dir(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/var/www/vhosts/trojaner-board.de/:/tmp/) in ..../includes/functions_file.php on line 60" |
| Themen zu Windows 10: Verdacht auf Crypto-Miner |
| 100%, administrator, avast, computer, crypto-miner, desktop, error, fehlermeldung, google, internet, maus, mozilla, nvidia, openvpn, performance, programm, prozesse, realtek, registry, scan, services.exe, software, svchost.exe, system, taskmanager, temp, windows |
Baum-Darstellung