Jump to content

Remove Trojan (windefender.exe + rss)


Go to solution Solved by Maurice Naggar,

Recommended Posts

Hallo,

i have a problem with deleting some trojans. I scanned my pc today with AdwCleaner and it recognized 2 trojans, "windefender.exe" and "rss".

But AdwCleaner can't delete them. I hope you can help me.

I attached the "FRST.exe", "Auditions.txt" and AdwCleaner log.

Here is my FRST log:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
durchgeführt von gamin (Administrator) auf DESKTOP-M2T7DEU (18-04-2021 17:18:06)
Gestartet von C:\Users\gamin\Desktop
Geladene Profile: gamin
Platform: Windows 10 Pro Version 2004 19041.928 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\ethm17041.exe
() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\injector\injector.exe
() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\mg20201223-1.exe
() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\ml20201223.exe
() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\wup\e\ee.exe
() [Datei ist nicht signiert] C:\Users\gamin\AppData\Local\Temp\csrss\ww31.exe
() [Datei ist nicht signiert] C:\Windows\rss\csrss.exe
() [Datei ist nicht signiert] C:\Windows\System\HsMgr64.exe
() [Datei ist nicht signiert] C:\Windows\SysWOW64\HsMgr.exe
() [Datei ist nicht signiert] C:\Windows\windefender.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Alexey Nicolaychuk -> ) C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
(ASUSTeK Computer Inc. -> ) C:\Windows\System32\AsusUpdateCheck.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(CMedia) [Datei ist nicht signiert] C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Dassault Systemes SolidWorks Corp. -> Dassault Systèmes SolidWorks Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Electronic Arts, Inc. -> Electronic Arts) F:\Origin\OriginWebHelperService.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Flexera Software LLC -> Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Intel Corporation) [Datei ist nicht signiert] C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\gamin\Desktop\adwcleaner_8.2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\gamin\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.51.3002.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Opera Software AS -> Opera Software) C:\Users\gamin\AppData\Local\Programs\Opera\75.0.3969.171\opera.exe <21>
(Opera Software AS -> Opera Software) C:\Users\gamin\AppData\Local\Programs\Opera\75.0.3969.171\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Plex, Inc. -> Plex, Inc.) D:\Plex\Plex Update Service.exe
(Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Skutta, Kristjan -> ) F:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Skutta, Kristjan -> ) F:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) F:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) F:\Steam\steam.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279432 2019-07-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Sonic Studio 3] => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [Datei ist nicht signiert]
HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\Syswow64\cmicnfgp.dll [13463552 2015-08-11] (C-Media Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2008-07-11] () [Datei ist nicht signiert]
HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2008-07-11] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3518016 2021-03-16] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2020-11-30] () [Datei ist nicht signiert]
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\gamin\AppData\Local\Microsoft\Teams\Update.exe [2453728 2021-04-07] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1747288 2021-03-18] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Spotify] => C:\Users\gamin\AppData\Roaming\Spotify\Spotify.exe [24261704 2021-04-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10262696 2020-09-17] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Plex Media Server] => D:\Plex\Plex Media Server.exe [21780592 2021-04-05] (Plex, Inc. -> Plex, Inc.)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Opera Browser Assistant] => C:\Users\gamin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [GogGalaxy] => F:\GOG Galaxy\GalaxyClient.exe [14916448 2021-03-31] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [Steam] => F:\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-195203206-3453960594-1519236093-1001\...\Run: [WildSnowflake] => C:\WINDOWS\rss\csrss.exe [4613632 2021-04-18] () [Datei ist nicht signiert] <==== ACHTUNG
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3518016 2021-03-16] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-18\...\Run: [Plex Media Server] => D:\Plex\Plex Media Server.exe [21780592 2021-04-05] (Plex, Inc. -> Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2020 Fast Start.lnk [2020-12-08]
ShortcutTarget: SOLIDWORKS 2020 Fast Start.lnk -> C:\Windows\Installer\{3F4681F3-B30B-4531-ADB2-3661B531F926}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera) [Datei ist nicht signiert]

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0626DA2F-EA93-4714-822B-09D537AE789D} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1234432 2018-06-20] (ASUSTeK COMPUTER INC.) [Datei ist nicht signiert]
Task: {189DA551-C447-4975-9F8F-5B6295FC9367} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {2BAF7162-C63E-4756-9842-7894570B2789} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {42E7AE4C-AE8E-4205-8512-D057775AA66E} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4417496 2017-11-24] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {431D8EAD-2505-493C-90BB-7106B9E67530} - System32\Tasks\csrss => C:\WINDOWS\rss\csrss.exe [4613632 2021-04-18] () [Datei ist nicht signiert] <==== ACHTUNG
Task: {433505BD-5C2F-4F6B-BEBE-C69E49810038} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {44A5AEB9-BEC2-4C45-8BEB-DC11549FCB6D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {4507BA95-5241-4F91-9132-C4E4A0970018} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2018-06-20] (ASUSTeK COMPUTER INC.) [Datei ist nicht signiert]
Task: {4B422C0A-DF76-4510-8446-DA97CCC7B86E} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1448408 2018-01-12] (ASUSTeK Computer Inc. -> )
Task: {4C02E75A-0856-47A6-89F6-C225693A4009} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {50513A2B-797F-41EB-B6DF-D4F46A414F4F} - System32\Tasks\ExitLag => C:\Program Files (x86)\ExitLag\ExitLag.exe
Task: {614E0FE5-7550-4EFB-A17E-6DEED3D82D98} - System32\Tasks\ASUS\ASUS File Transfer Server Launcher => C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server Launcher.exe [1898480 2017-09-19] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {6565EB16-4CC7-413A-B615-190ED2BF6146} - System32\Tasks\RunAsStdUser_GameCenter => C:\Users\gamin\AppData\Local\GameCenter\GameCenter.exe
Task: {71B7F004-B2B6-4AC9-8411-9062D48A7F07} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {7AC390AD-5184-4F49-8F13-6729BE6ACF40} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-09-29] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {7B133876-0303-48A0-B34E-3FDBBECE1AB4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [34274696 2019-07-31] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8014329B-EDFA-4CA8-8DD0-DAC22ABF439B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9572CB7A-D996-4694-8FB6-84E41E9B7C9E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905584 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0F7F613-E243-4BA9-AE09-9E97082AC11B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3336560 2021-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B4A8DAED-BBFE-4C8B-BFDF-E89919DB3CD8} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [782320 2019-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {B513106A-436F-4B83-B57A-E4802DAE1ECA} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B753AD5B-9A73-47C9-B5C7-95F1BA9BE637} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1462256 2017-05-17] (ASUSTeK Computer Inc. -> )
Task: {BD1EAA8A-67FF-4C91-ACD3-59FF7DEF220D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE240A0D-E87D-46E3-9352-5F4911738C57} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C7272872-1882-4654-9B2A-0CDFAE84ED80} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF304101-8DB4-49E0-A1B4-81806E3ECFE5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DA5F3221-2396-4FBB-9451-17C595F36963} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DF49DFBE-226E-44F7-B9DC-9915B5E2CEBB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E33F70E0-27E3-4043-A76A-33F9AA1AA1D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5255600 2021-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {E830D91C-238A-457F-8DBE-655FDA45EFF6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {E9E6EDDC-946E-4431-B80C-CF3705741BF1} - System32\Tasks\Opera scheduled Autoupdate 1544380936 => C:\Users\gamin\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-04-13] (Opera Software AS -> Opera Software)
Task: {EB44B12E-D392-4080-9D35-AC3C636F8646} - System32\Tasks\Opera scheduled assistant Autoupdate 1576788461 => C:\Users\gamin\AppData\Local\Programs\Opera\launcher.exe [1886872 2021-04-13] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\gamin\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {F34303F5-A6FB-41BA-8748-09C9A21A9F5A} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F98431B1-B0F9-457C-8061-75C54F2C6B3B} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2096088 2018-01-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {FBF443E4-EE22-4FA0-B1B3-F3C7EB9EB8DD} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1260400 2021-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {FFEE9D26-4D9D-495F-8341-8D76478D227A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{14488940-bdab-45d2-b21e-3f0194312680}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
DownloadDir: G:\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-195203206-3453960594-1519236093-1001 -> hxxp://google.de/
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\gamin\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-18]
Edge DownloadDir: G:\Downloads
Edge HomePage: Default -> hxxp://google.de/
Edge StartupUrls: Default -> "hxxp://google.de/"
Edge DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}&ie={inputEncoding?}&oe={outputEncoding?}

FireFox:
========
FF Plugin: 3ds.com/ComposerPlayerWebPlugin_x86_64 -> C:\PROGRA~1\SOLIDW~1\SOLIDW~1\Bin\NPCOMP~1.DLL [2020-10-23] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: 3ds.com/ComposerPlayerWebPlugin -> C:\PROGRA~1\SOLIDW~1\SOLIDW~1\Bin\x86\NPCOMP~1.DLL [2020-10-23] (DASSAULT SYSTEMES SE -> Dassault Systemes)
FF Plugin-x32: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files (x86)\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-195203206-3453960594-1519236093-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\gamin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-03-24] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Opera: 
=======
OPR Profile: C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable [2021-04-18]
OPR Notifications: Opera Stable -> hxxps://ra1c3.ngthequalific.biz
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Real-Debrid extension) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\cbhlgmcclhchabkenpacjhlcjpcceljf [2020-02-17]
OPR Extension: (Daxab Ultimate) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enakmcmeealkdoeindgoeogldodhdeda [2021-02-15]
OPR Extension: (Rich Hints Agent) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-04-13]
OPR Extension: (Youtube Downloader) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enpmcplhdgmglcikkcgoeepoalooagbg [2019-11-02]
OPR Extension: (MyJDownloader Browser Erweiterung) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbclnkmbcmdfamfeaagadifibbongnmf [2019-03-25]
OPR Extension: (Install Chrome Extensions) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-13]
OPR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\gamin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2021-02-02]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.38\atkexComSvc.exe [440368 2019-12-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2018-12-06] (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.33\AsusFanControlService.exe [1340376 2018-12-06] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [522008 2021-04-18] (ASUSTeK Computer Inc. -> )
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803952 2020-05-22] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2019-01-07] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [409456 2021-03-30] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; F:\GOG Galaxy\GalaxyClientService.exe [1874272 2021-03-31] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6840672 2021-03-31] (GOG Sp. z o.o. -> GOG.com)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
S3 impi_hydra; C:\Program Files\Common Files\SolidWorks Shared\Simulation Worker Agent\hydra_service.exe [924472 2020-10-23] (Intel(R) Software Development Products -> Intel Corporation)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [506368 2017-10-26] (Intel Corporation) [Datei ist nicht signiert]
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [2668136 2019-12-16] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 mracsvc; C:\WINDOWS\System32\mracsvc.exe [18997912 2019-12-07] (Mail.Ru LLC -> LLC Mail.Ru)
R2 MSSQL$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [372408 2017-07-06] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; F:\Origin\OriginClientService.exe [2536536 2021-04-07] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [3481176 2021-04-07] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
R2 PlexUpdateService; D:\Plex\Plex Update Service.exe [1439344 2021-04-05] (Plex, Inc. -> Plex, Inc.)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [1123336 2021-03-03] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [321544 2021-03-03] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2020-12-01] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [294464 2021-03-16] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [533808 2021-01-29] (Razer USA Ltd. -> Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2020-12-08] (SolidWorks) [Datei ist nicht signiert]
S4 SQLAgent$TEW_SQLEXPRESS; C:\ProgramData\SOLIDWORKS Electrical\MSSQL12.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2017-07-06] (Microsoft Corporation -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 Wallpaper Engine Service; F:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520288 2021-03-25] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefender; C:\WINDOWS\windefender.exe [1987072 2021-04-18] () [Datei ist nicht signiert] <==== ACHTUNG

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-12-06] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2018-12-06] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\WINDOWS\system32\drivers\AsIO2.sys [33832 2019-12-11] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-MEDIA ELECTRONICS INC. -> C-Media Inc)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-09-09] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-16] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-04-18] (CPUID S.A.R.L.U. -> CPUID)
R1 EneTechIo; C:\WINDOWS\system32\drivers\ene.sys [19968 2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 GLCKIO2; C:\WINDOWS\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R1 HWiNFO; C:\Windows\system32\drivers\HWiNFO64A.SYS [55960 2018-12-07] (Martin Malik - REALiX -> REALiX(tm))
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [34064 2017-12-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [18234792 2019-12-07] (Mail.Ru LLC -> LLC Mail.Ru)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [25616 2018-02-12] (MICSYS Technology Co., Ltd. -> )
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [50152 2018-12-06] (Intel(R) INTELND1617 -> Intel Corporation)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [37824 2019-12-07] (SoftEther Corporation -> SoftEther Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S4 RsFx0310; C:\WINDOWS\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation -> Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 RtsUpx; C:\Windows\system32\drivers\RtsUpx.sys [30328 2018-12-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [53656 2020-11-15] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0067; C:\WINDOWS\System32\drivers\RzDev_0067.sys [54152 2020-08-24] (Razer USA Ltd. -> Razer Inc)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [50624 2019-12-07] (SoftEther Corporation -> SoftEther Corporation)
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48320 2018-11-09] (SteelSeries ApS -> )
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48040 2018-09-25] (SteelSeries ApS -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166768 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-06-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH -> Tunngle.net GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\Windows\xhunter1.sys [55704 2019-04-20] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-04-18 17:18 - 2021-04-18 17:18 - 000038692 _____ C:\Users\gamin\Desktop\FRST.txt
2021-04-18 17:17 - 2021-04-18 17:18 - 000000000 ____D C:\FRST
2021-04-18 17:17 - 2021-04-18 17:17 - 002298368 _____ (Farbar) C:\Users\gamin\Desktop\FRST64.exe
2021-04-18 17:10 - 2021-04-18 17:10 - 001987072 ____H C:\WINDOWS\windefender.exe
2021-04-18 16:18 - 2021-04-18 17:07 - 008534696 _____ (Malwarebytes) C:\Users\gamin\Desktop\adwcleaner_8.2.exe
2021-04-18 14:53 - 2021-04-18 17:10 - 000003270 _____ C:\WINDOWS\system32\Tasks\csrss
2021-04-18 14:53 - 2021-04-18 14:53 - 000000000 ___HD C:\WINDOWS\rss
2021-04-16 13:49 - 2021-04-16 13:49 - 001431116 _____ C:\WINDOWS\Minidump\041621-15062-01.dmp
2021-04-15 23:02 - 2021-04-12 21:48 - 005666672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-04-15 23:02 - 2021-04-12 21:48 - 002636656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2021-04-15 23:02 - 2021-04-12 21:48 - 001758064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2021-04-15 23:02 - 2021-04-12 21:48 - 000990064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2021-04-15 23:02 - 2021-04-12 21:48 - 000120176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2021-04-15 23:02 - 2021-04-12 21:48 - 000082288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2021-04-15 23:02 - 2021-04-07 17:41 - 009527077 _____ C:\WINDOWS\system32\nvcoproc.bin
2021-04-15 23:02 - 2021-01-06 13:22 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2021-04-15 23:01 - 2021-04-15 23:01 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-15 23:01 - 2021-04-15 23:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-04-15 23:00 - 2021-04-13 11:26 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-04-15 23:00 - 2021-04-13 11:26 - 001435856 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-04-15 23:00 - 2021-04-13 11:25 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-04-15 23:00 - 2021-04-13 11:25 - 001855184 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-04-15 23:00 - 2021-04-13 11:25 - 001452312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-04-15 23:00 - 2021-04-13 11:25 - 001191704 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-04-15 23:00 - 2021-04-13 11:25 - 001094864 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-04-15 23:00 - 2021-04-13 11:25 - 001094864 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-04-15 23:00 - 2021-04-13 11:25 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-04-15 23:00 - 2021-04-13 11:25 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 001514784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 001166112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 000715552 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 000675096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-04-15 23:00 - 2021-04-13 11:22 - 000564000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-04-15 23:00 - 2021-04-13 11:21 - 002106144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-04-15 23:00 - 2021-04-13 11:21 - 001590552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-04-15 23:00 - 2021-04-13 11:21 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-04-15 23:00 - 2021-04-13 11:21 - 000656152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 008317216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 007434008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 002823456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 001730848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6446611.dll
2021-04-15 23:00 - 2021-04-13 11:20 - 001490208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6446611.dll
2021-04-15 23:00 - 2021-04-13 11:17 - 007212248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-04-15 23:00 - 2021-04-13 11:17 - 006159176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-04-15 23:00 - 2021-04-13 01:48 - 001682376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2021-04-15 23:00 - 2021-04-13 01:48 - 001482992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvppcgenco64_146831832.dll
2021-04-15 23:00 - 2021-04-13 01:48 - 000135592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-04-15 23:00 - 2021-04-13 01:48 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2021-04-15 23:00 - 2021-04-13 01:48 - 000063943 _____ C:\WINDOWS\system32\nvinfo.pb
2021-04-15 23:00 - 2021-04-13 01:48 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2021-04-15 17:33 - 2021-04-15 17:33 - 001587076 _____ C:\WINDOWS\Minidump\041521-8968-01.dmp
2021-04-15 02:22 - 2021-04-15 02:22 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-15 02:22 - 2021-04-15 02:22 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-15 02:22 - 2021-04-15 02:22 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-14 15:42 - 2021-04-14 15:43 - 000000000 ____D C:\Users\gamin\Desktop\Neuer Ordner (2)
2021-04-13 17:38 - 2021-04-13 17:38 - 137625256 _____ (Advanced Micro Devices, Inc.) C:\Users\gamin\Desktop\AMD-Ryzen-Master.exe
2021-04-13 17:36 - 2020-08-14 09:59 - 000043416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\NvModuleTracker.sys
2021-04-13 17:25 - 2021-04-13 17:25 - 001353180 _____ C:\WINDOWS\Minidump\041321-10140-01.dmp
2021-04-13 16:54 - 2021-04-13 16:54 - 001558020 _____ C:\WINDOWS\Minidump\041321-18062-01.dmp
2021-04-12 11:14 - 2021-04-12 11:14 - 000000000 ____D C:\Users\gamin\Desktop\Prüfungsvorbereitung
2021-04-07 00:33 - 2021-04-07 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2021-04-06 20:23 - 2021-04-06 20:23 - 000108546 _____ C:\Users\gamin\Desktop\KA1-0708.pdf
2021-04-06 20:23 - 2021-04-06 20:23 - 000050608 _____ C:\Users\gamin\Desktop\KA2-0708.pdf
2021-04-02 01:53 - 2021-04-02 01:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-04-02 01:53 - 2021-04-02 01:53 - 000000000 ____D C:\Program Files\7-Zip
2021-04-01 11:32 - 2021-04-01 11:33 - 000000000 ____D C:\Users\gamin\Desktop\Züfle
2021-03-31 10:55 - 2021-03-31 10:55 - 000000000 ____D C:\Users\gamin\AppData\Roaming\Overwolf
2021-03-25 01:30 - 2021-03-25 01:30 - 000000202 _____ C:\Users\gamin\Desktop\Wallpaper Engine.url

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-04-18 17:16 - 2020-08-19 15:37 - 001865346 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-18 17:16 - 2019-12-07 16:51 - 000743714 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-18 17:16 - 2019-12-07 16:51 - 000150136 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-18 17:16 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-18 17:12 - 2018-12-06 20:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-18 17:10 - 2020-08-19 15:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-18 17:10 - 2020-08-19 15:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-18 17:10 - 2020-01-25 16:24 - 000035819 _____ C:\CosairDram.txt
2021-04-18 17:10 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 17:10 - 2019-06-02 12:58 - 000000000 ____D C:\Users\gamin\AppData\Local\LogMeIn Hamachi
2021-04-18 17:10 - 2018-12-08 15:15 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2021-04-18 17:10 - 2018-12-06 19:51 - 000522008 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2021-04-18 17:09 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-18 17:09 - 2018-12-06 19:51 - 000558696 _____ C:\WINDOWS\system32\wpbbin.exe
2021-04-18 16:17 - 2018-12-08 15:15 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2021-04-18 16:16 - 2020-08-19 15:42 - 000003142 _____ C:\WINDOWS\system32\Tasks\MSIAfterburner
2021-04-18 16:06 - 2020-01-17 14:52 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-18 15:45 - 2018-12-09 17:05 - 000000000 ____D C:\Users\gamin\AppData\Roaming\discord
2021-04-18 15:28 - 2018-12-09 17:05 - 000000000 ____D C:\Users\gamin\AppData\Local\Discord
2021-04-18 14:48 - 2018-12-09 19:58 - 000000000 ____D C:\Users\gamin\AppData\Local\Spotify
2021-04-18 14:12 - 2018-12-09 19:54 - 000000000 ____D C:\Users\gamin\AppData\Roaming\Spotify
2021-04-18 13:28 - 2020-05-12 13:35 - 000002175 _____ C:\Users\gamin\Desktop\Porofessor.gg.lnk
2021-04-18 13:28 - 2020-05-12 13:34 - 000000000 ____D C:\Users\gamin\AppData\Local\Overwolf
2021-04-18 13:28 - 2018-12-09 13:42 - 000000000 ____D C:\ProgramData\Riot Games
2021-04-18 13:25 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-18 13:25 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-18 02:31 - 2020-11-04 23:25 - 000000000 ____D C:\Users\gamin\AppData\Local\Plex Media Server
2021-04-17 18:39 - 2020-08-19 15:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-17 16:45 - 2018-12-09 17:55 - 000000000 ____D C:\Users\gamin\AppData\Roaming\TS3Client
2021-04-17 03:08 - 2018-12-08 02:54 - 000000000 ____D C:\Users\gamin\AppData\Roaming\vlc
2021-04-17 01:51 - 2020-11-15 16:42 - 000000152 _____ C:\Users\gamin\Desktop\Neues Textdokument.txt
2021-04-16 15:25 - 2020-08-19 15:11 - 000000000 ____D C:\Users\gamin
2021-04-16 13:49 - 2020-08-22 12:35 - 000000000 ____D C:\WINDOWS\Minidump
2021-04-16 13:49 - 2020-03-13 18:03 - 1176355989 _____ C:\WINDOWS\MEMORY.DMP
2021-04-16 11:21 - 2020-06-19 17:19 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-15 23:02 - 2018-12-12 23:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-04-15 23:02 - 2018-12-06 20:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-04-15 23:01 - 2018-12-12 23:31 - 000000000 ____D C:\Users\gamin\AppData\Local\NVIDIA
2021-04-15 21:31 - 2018-12-06 20:02 - 000000000 ____D C:\Users\gamin\AppData\Local\Packages
2021-04-15 13:07 - 2020-08-19 15:35 - 001423672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-15 13:06 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-15 13:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-15 12:42 - 2020-08-19 15:42 - 000004228 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1544380936
2021-04-15 12:42 - 2018-12-09 20:42 - 000001408 _____ C:\Users\gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-04-15 02:24 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-15 02:22 - 2020-08-19 15:37 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-15 02:22 - 2018-12-06 19:50 - 000414044 __RSH C:\bootmgr
2021-04-15 02:18 - 2018-12-06 20:19 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-15 02:16 - 2021-01-02 16:35 - 000000000 ____D C:\Program Files\dotnet
2021-04-15 02:16 - 2018-12-06 20:18 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-15 02:16 - 2018-12-06 20:11 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-13 17:36 - 2020-08-19 15:42 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2020-08-19 15:42 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-13 17:36 - 2018-12-06 20:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-04-13 13:30 - 2018-12-07 08:06 - 000000000 ____D C:\Users\gamin\AppData\Local\CrashDumps
2021-04-12 23:55 - 2020-08-19 15:42 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-195203206-3453960594-1519236093-1001
2021-04-12 23:55 - 2020-08-19 15:11 - 000002382 _____ C:\Users\gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 23:55 - 2018-12-06 20:04 - 000000000 ___RD C:\Users\gamin\OneDrive
2021-04-11 11:59 - 2018-12-06 19:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 00:50 - 2018-12-09 17:12 - 000000000 ____D C:\ProgramData\Origin
2021-04-08 02:06 - 2018-12-07 17:22 - 000000000 ____D C:\Users\gamin\AppData\Local\D3DSCache
2021-04-07 13:38 - 2019-10-26 19:40 - 002817904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2021-04-07 13:38 - 2019-10-26 19:40 - 002171760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2021-04-07 13:38 - 2019-10-26 19:40 - 001293680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2021-04-07 01:00 - 2020-04-26 15:31 - 000002367 _____ C:\Users\gamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-04-07 01:00 - 2020-04-26 15:31 - 000002359 _____ C:\Users\gamin\Desktop\Microsoft Teams.lnk
2021-04-03 23:31 - 2018-12-08 21:46 - 000000000 ____D C:\Users\gamin\AppData\Local\Battle.net
2021-04-02 01:51 - 2021-03-07 17:39 - 000000000 ____D C:\ProgramData\WinZip
2021-03-31 15:02 - 2020-05-12 13:35 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-31 11:13 - 2020-12-07 18:46 - 000000846 _____ C:\Users\Public\Desktop\Cyberpunk 2077.lnk
2021-03-31 11:13 - 2020-12-07 18:46 - 000000846 _____ C:\ProgramData\Desktop\Cyberpunk 2077.lnk
2021-03-31 11:13 - 2020-12-07 18:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberpunk 2077 [GOG.com]
2021-03-30 12:57 - 2020-10-29 19:25 - 000074608 _____ C:\WINDOWS\system32\FvSDK_x64.dll
2021-03-30 12:57 - 2020-10-29 19:25 - 000064880 _____ C:\WINDOWS\SysWOW64\FvSDK_x86.dll
2021-03-30 12:45 - 2018-12-06 20:04 - 000000000 ____D C:\Users\gamin\AppData\Local\PlaceholderTileLogoFolder
2021-03-29 00:33 - 2020-07-05 16:40 - 000000000 ____D C:\Users\gamin\AppData\Roaming\RenPy
2021-03-21 13:28 - 2018-12-14 18:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2021-03-21 13:27 - 2018-12-14 18:06 - 000000000 ____D C:\Program Files (x86)\Razer Chroma SDK

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-07-19 18:16 - 2020-07-28 20:50 - 000028672 _____ () C:\Users\gamin\AppData\Roaming\crash.bin
2020-12-05 13:40 - 2020-12-05 13:40 - 000000017 _____ () C:\Users\gamin\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Addition.txt FRST.txt AdwCleaner[S00].txt

Link to post
Share on other sites

Hello @Xerc

My name is Maurice.  Let me know what name you go by.

Just please do Not paste contents of reports. Just only Attach them.

Have lots of patience. We will be doing many rounds. There is not one quick fix.

Thanks for the reports.

I will guide you to getting your system to where it needs to be

Download   Farbar's Service Scanner utility

http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/

and Save to your Desktop.

Right-Click on fss.exe and select Run As Admisnitrator.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

 

Once FSS is on-screen, be sure the following items are check-marked:

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other services

  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Kindly attach FSS.txt with  your reply. 

Link to post
Share on other sites

Hello. Hold off on that.

Let's have you get, save, & then run the Malwarebytes anti-rootkit tool MBAR.

See this how to 

Disregard the title of the article.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Let me know the result. Also attach the log file from the run.

Link to post
Share on other sites

Hello Maurice,

i scanned my system with MBAR once. But i have a little problem. 

My english ist not that good and didn't understand the last step in the description, where it says "You must run a Malwarebytes custom scan with rootkit on so any remaining detections are removed"

Does it mean, that i have to scan my system a 2nd time with MBAR?

Link to post
Share on other sites

Thank you.  There is a bunch more to do. This system had a set of trojans, including a likely password stealer.  You likely had some identity or password theft.

There needs to be one Machine RESTART. So that MBAR cleanups are done.   Do one RESTART.

.

Also.   Do Option One of this article do that Windows is set to SHOW all folders & files 

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

.

In Malwarebytes for Windows program, we want to do a special scan.

Click Settings ( gear icon) at the top right of Malwarebytes window. We want to see the SETTINGS window.

Then click the Security tab.   

 

Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON 👈

 

Click it to get it ON if it does not show a blue-color

.

Next, click the small x on the Settings line to go to the main Malwarebytes Window.

 

Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

 

You can actually click ( tick ) the topmost left check-box on the very top line to get ALL lines ticked ( all selected). 👈

 

🔻

Then click on Quarantine selected.

 

Then, locate the Scan run report; export out a copy; & then attach in with your reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

We will do more, later.

Link to post
Share on other sites

Thanks for the run & the report.

Sorry, but no, it is not possible to know when the infections started.

Note that if this system had had the Premium licensed Malwarebytes it would have caught these infections & stopped any exposure right at the start.

.

For now, more cleanup.

The script Fixlist.txt  needs to be saved to the DESKTOP

The custom script on this post is ONLY for this machine and NO other.   

Please be sure to Close any open work files, documents,  any apps you started yourself  before starting this.

 

If there are any CD / DVD / or USB-flash-thumb or USB-storage drives attached,  please disconnect any of those.

 

The system will be rebooted after the script has run.

Start the Windows Explorer and then, to the DESKTOP

 

RIGHT click on  FRSTENGLISH.exe   and select RUN as Administrator and allow it to proceed.  Reply YES when prompted to allow to run.

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.

IF Windows prompts you about running this, select YES to allow it to proceed.

 

IF you get a block message from Windows about this tool......

click line More info information on that screen

and click button Run anyway on next screen.

 

on the FRST window:

Click the Fix button just once, and wait.

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. This run here should be fairly quick.

If you receive a message that a reboot is required, please make sure you allow it to restart normally.

The tool will complete its run after restart.

When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

 

Please attach the FIXLOG.txt with your next reply later, at your next opportunity   

 

Please know this will do a Windows Restart.   Just let it do its thing.  

Do let me know how things are overall,  after all this. There is more to do, including a fix for Microsoft Windows Update service.

Fixlist.txt

Link to post
Share on other sites

Thanks. That is worth having done that.  We still will need to do at least 2 or 3 other scans.  Plus taking care of one Windows service.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button

Have patience.  The entire process may take an hour or more. There is an initial update download

There is a progress window display

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”

Click The blue “Save scan log” to save the log

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom)

Press Continue when all done.  You should click to off the offer for “periodic scanning.

 

Please be sure to attach the log.

Link to post
Share on other sites

I want to take a few minutes for remarks & observations.

The original trojans have been removed. I want to list what some of them were.  And to relay some additional information one one.

See this Malwarebytes Threat Center link on trojan.malpack.gs

https://blog.malwarebytes.com/detections/trojan-malpack-gs/

 

This system also had 

Trojan.glupteba

Trojan.ranumbot

Trojan.bitcoinminer.generic

Backdoor.bot

You should presume that your passwords may have been stolen.  Perhaps also some financial account info.

Whatever the outcome here, after we get all done, you will need after we finish this case, to change all passwords.  That is when we are all done.

.

After the ESET, I plan to lead you on 2 other scans, plus new FRST report, plus a advice tip on a Windows upgrade-repair.

Also, not to forget, Windows Update service has to be put back in good state.

When we get all done, I will relay to you how to keep safer.

:D

Link to post
Share on other sites

Hey Maurice,

I am still running the ESET scan, it takes a while like you said. I wait untill it's finished and i will post the logs tomorrow, cause it`s getting late for me.😅

Didn't expect i have that big of a problem with my system...could never solve it by myself, thank you very much so far, for your help!

See you tomorrow!

Link to post
Share on other sites

  • AdvancedSetup changed the title to Remove Trojan (windefender.exe + rss)

Bravo. That is very good.

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log  

the log will be at

C:\Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites

Thanks. It only flagged a minor finding about antispyware setting for Microsoft Defender.  That is taken care of.

.

As a next step, to checkout your system a bit more, a scan with Sophos.

Download Sophos Free Virus Removal Tool and save it to your desktop.

 

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...

 

Double click the icon and select Run

 

Click Next

Select I accept the terms in this license agreement, then click Next twice

 

Click Install

 

Click Finish to launch the program

 

Once the virus database has been updated click Start Scanning

 

If any threats are found click Details, then View log file... (bottom left hand corner)

 

Copy and paste the results in your reply

 

Close the Notepad document, close the Threat Details screen, then click Start cleanup

 

Click Exit to close the program

If no threats were found please confirm that result....

 

The Virus Removal Tool scans the following areas of your computer:

Memory, including system memory on 32-bit (x86) versions of Windows

 

The Windows registry

All local hard drives, fixed and removable

Mapped network drives are not scanned.

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

 

Please be sure to attach that log.

Cheers.

Link to post
Share on other sites

OK.  That is good.

There appears to be the condition that the Windows Update service ( WUAUSERV) is not present ( for some unknown reason.

 

That can be corrected by doing what follows here.

 

This next link listed below is to a registry file that we need for you to SAVE as is to the Desktop

 

RIGHT click the link with your mouse-pointer and select SAVE ...as.... & guide the folder for saving to DESKTOP ( do not double click / do not 'run' the file / nor open )

 

https://download.bleepingcomputer.com/win-services/win-10/wuauserv.reg

 

Once it is saved, then we are needing to merge the files onto the system, as follows

With you mouse, do a RIGHT-click on the file wuauserv.reg and select Merge

 

Let it do that & insure it finishes ok.

Next, RESTART the system.

Let me know when that has been completed. We will do more after.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.