Windows 10: Backdoor:Win32/Bladabindi!ml

fiifiiboy · 22.04.2021, 13:43

Guten Tag.
Ich bin heute auf die gloreiche Idee gekommen auf einen Link zu klicken der mir ein Freund geschickt hat. Ich habe mir somit diesen Mist eingefangen.
Der Windows Virenschutz zeigt es immer wieder an, kann es aber nicht entfernen.
Ich hoffe das man mir helfen kann, da ich wirklich keine Ahnung von so etwas habe.

Hier sind die log files. Falls ihnen irgendetwas tut es mir aufrichtig leid.

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
durchgeführt von Finley (Administrator) auf DESKTOP-PH835RO (MEDION MD34378/C894) (22-04-2021 14:46:15)
Gestartet von C:\Users\finle\Downloads
Geladene Profile: Finley & postgres
Platform: Windows 10 Home Version 20H2 19042.928 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() [Datei ist nicht signiert] C:\Users\finle\AppData\Roaming\bakkesmod\bakkesmod\BakkesMod.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_6ca78a08b838e305\RstMwService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Users\finle\Desktop\MSI Afterburner\MSIAfterburner.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <5>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3784df9edffd3314\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PostgreSQL Global Development Group) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe <7>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\webwallpaper32.exe <4>
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1110816 2020-07-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [240360 2020-10-12] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353400 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-2257729394-1977194822-4025707799-1005\...\Run: [288FE02B381C80663BB404F6DDAD675B9D40FA2A._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2257729394-1977194822-4025707799-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33169992 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2257729394-1977194822-4025707799-1005\...\Run: [BakkesMod] => C:\Users\finle\AppData\Roaming\bakkesmod\bakkesmod\BakkesMod.exe [16070656 2021-01-06] () [Datei ist nicht signiert]
HKU\S-1-5-21-2257729394-1977194822-4025707799-1005\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [333544 2020-10-07] (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2021-03-06]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1184AB22-8D03-4E3B-A585-CC4905489B87} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-04-22] (Mozilla Corporation -> Mozilla Foundation)
Task: {1667B8CE-33DB-4648-B8BF-E852374330F9} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {168339F6-1922-416D-AD6E-2E6588A0671F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
Task: {197C51CB-D39B-41F6-B618-A1686AB10F1F} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1E3F43EC-E8F3-4805-8255-AA032B115BA8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1FC2A7CA-E576-42CA-8DEC-5263576F9D24} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {20E94A9C-5D9A-410E-9B2D-3F5C93235140} - System32\Tasks\X1-GmTaskPlan => C:\Program Files\uRageGamingMouse\uRage_Illuminated².exe
Task: {2352CD91-2DA3-45B9-B326-204074574A0C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2A22BA5C-1ECE-49AD-A3D6-7D32622089AF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {55BD327F-DCE1-4088-8AD7-62304B422BED} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {642AF2D5-49FA-47C8-8A43-3245ECE79643} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7B7765DE-2333-48FD-894B-F6628EE20041} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8E31AE6A-63F0-4A72-A84E-D2A5FF872A37} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A59FF1B4-73C6-4317-9715-70889101E53A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AE7E90AE-D918-4444-9DE4-B1EAF824BF56} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AECD93A3-0FC6-48FC-BD37-E963A5989A75} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {BF0D5048-27F4-4122-BF42-82FF16D1D1C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BF74D38E-03F4-4EAB-A529-24818B1A1DA1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C7543434-587C-4A18-A706-8A32139E1A67} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CFB8BA5F-F82D-45FA-9907-E49E102ACE9D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\system32\MRT.exe [131963968 2021-04-18] (Microsoft Windows -> Microsoft Corporation)
Task: {D4818702-644D-4CE1-9637-1F0BFD41B684} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {EF3E18EF-AB1C-4A35-A1F8-AC670C0AE6EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F75ECDA1-C687-4122-9B6F-90774499F013} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.104
Tcpip\..\Interfaces\{bc5aa9b5-acca-4a55-8300-5e50472ac38e}: [DhcpNameServer] 192.168.2.104

Edge: 
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\finle\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-22]

FireFox:
========
FF DefaultProfile: iy1m8tt1.default
FF ProfilePath: C:\Users\finle\AppData\Roaming\Mozilla\Firefox\Profiles\iy1m8tt1.default [2020-10-27]
FF ProfilePath: C:\Users\finle\AppData\Roaming\Mozilla\Firefox\Profiles\bj7kmeya.default-release-1602535067670 [2021-04-22]
FF user.js: detected! => C:\Users\finle\AppData\Roaming\Mozilla\Firefox\Profiles\bj7kmeya.default-release-1602535067670\user.js [2020-10-26]
FF Homepage: Mozilla\Firefox\Profiles\bj7kmeya.default-release-1602535067670 -> hxxps://www.google.de/
FF Notifications: Mozilla\Firefox\Profiles\bj7kmeya.default-release-1602535067670 -> hxxps://aternos.org; hxxps://webinterface.nitrado.net
FF Extension: (Picture-In-Picture) - C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi [2021-04-22] [ist nicht signiert]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [Keine Datei]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.8.1067.0\npCCleanerBrowserUpdate3.dll [Keine Datei]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera: 
=======
OPR Profile: C:\Users\finle\AppData\Roaming\Opera Software\Opera Stable [2021-01-29]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2021-02-17] (BattlEye Innovations e.K. -> )
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [80936 2020-12-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818288 2020-10-03] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EQU8_19; C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe [5673048 2021-04-12] (Int3 Software AB -> Int3 Software AB)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [410864 2021-01-25] (NVIDIA Corporation -> NVIDIA)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-03-18] (Overwolf Ltd -> Overwolf LTD)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [Datei ist nicht signiert]
S3 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [331648 2021-02-20] (Twitch Interactive, Inc. -> )
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2020-09-11] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10359000 2021-03-26] (Riot Games, Inc. -> Riot Games, Inc.)
R2 Wallpaper Engine Service; C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [520288 2021-04-01] (Skutta, Kristjan -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3784df9edffd3314\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3784df9edffd3314\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3819744 2018-07-25] (WDKTestCert cm359,131641702659254692 -> C-MEDIA)
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-11-19] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2021-04-22] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 EQU8_HELPER_19; C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_19.sys [38032 2021-04-21] (Int3 Software AB -> )
R3 MpKsle1f909ce; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63D5F63A-2321-4E2B-8C6F-C0F3A3AC6FC2}\MpKslDrv.sys [97528 2021-04-21] (Microsoft Windows -> Microsoft Corporation)
R3 RTCore64; C:\Users\finle\Desktop\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] (Valve Corp. -> )
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] (Valve Corp. -> )
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [6436768 2021-03-25] (Riot Games, Inc. -> Riot Games, Inc.)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2020-09-14] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-04-22 14:50 - 2021-04-22 14:50 - 090177536 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-04-22 14:50 - 2021-04-22 14:50 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-04-22 14:46 - 2021-04-22 14:46 - 000022107 _____ C:\Users\finle\Downloads\FRST.txt
2021-04-22 14:45 - 2021-04-22 14:45 - 002298368 _____ (Farbar) C:\Users\finle\Downloads\FRST64.exe
2021-04-22 14:30 - 2021-04-22 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2021-04-22 14:30 - 2021-04-22 14:30 - 000989584 _____ (GridinSoft LLC) C:\Users\finle\Downloads\install-antimalware-gslb.exe
2021-04-22 14:30 - 2021-04-22 14:30 - 000000000 ____D C:\ProgramData\GridinSoft
2021-04-22 14:05 - 2021-04-22 14:05 - 000000000 ____D C:\Users\finle\AppData\Local\mbam
2021-04-22 14:04 - 2021-04-22 14:04 - 002078632 _____ (Malwarebytes) C:\Users\finle\Downloads\MBSetup.exe
2021-04-22 14:04 - 2021-04-22 14:04 - 000000000 ____D C:\Program Files\Malwarebytes
2021-04-22 13:58 - 2021-04-22 13:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-20 11:54 - 2021-04-20 11:54 - 000000000 ____D C:\Users\finle\AppData\Local\VALORANT
2021-04-19 12:48 - 2021-04-19 12:48 - 000007414 _____ C:\Users\finle\AppData\Local\recently-used.xbel
2021-04-19 12:47 - 2021-04-19 12:49 - 000000000 ____D C:\Users\finle\Desktop\Skins
2021-04-18 14:09 - 2021-04-18 14:09 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-18 14:09 - 2021-04-18 14:09 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-18 14:09 - 2021-04-18 14:09 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-18 14:08 - 2021-04-18 16:11 - 000000000 ____D C:\WINDOWS\Panther
2021-04-17 21:19 - 2021-04-17 21:19 - 000001489 _____ C:\Users\finle\Desktop\DaVinci Resolve.lnk
2021-04-17 21:18 - 2021-04-17 21:19 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-04-17 21:16 - 2021-04-17 21:16 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-04-17 20:57 - 2021-04-17 21:09 - 2447315829 _____ C:\Users\finle\Downloads\DaVinci_Resolve_17.1.1_Windows.zip
2021-04-15 07:56 - 2021-04-22 13:54 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2021-04-14 18:26 - 2021-04-14 21:03 - 000001641 _____ C:\Users\Public\Desktop\VALORANT.lnk
2021-04-14 18:26 - 2021-04-14 21:03 - 000001641 _____ C:\ProgramData\Desktop\VALORANT.lnk
2021-04-14 18:26 - 2021-04-14 18:26 - 000000000 ____D C:\Program Files\Riot Vanguard
2021-04-14 18:25 - 2021-04-14 18:25 - 068746984 _____ (Riot Games, Inc.) C:\Users\finle\Downloads\Install VALORANT.exe
2021-04-14 12:30 - 2021-04-14 12:30 - 000000000 ____D C:\Users\finle\AppData\Roaming\DeadMaze
2021-04-12 19:27 - 2021-04-21 19:49 - 000038032 _____ C:\WINDOWS\system32\Drivers\EQU8_HELPER_19.sys
2021-04-12 19:27 - 2021-04-12 19:31 - 000000000 ____D C:\ProgramData\EQU8
2021-04-12 19:27 - 2021-04-12 19:27 - 000000000 ____D C:\Users\finle\AppData\LocalLow\Landfall Games
2021-04-12 19:22 - 2021-04-12 19:22 - 000000222 _____ C:\Users\finle\Desktop\Totally Accurate Battlegrounds.url
2021-04-12 12:58 - 2021-04-12 12:58 - 000000222 _____ C:\Users\finle\Desktop\Dead Cells.url
2021-04-11 19:44 - 2021-04-11 19:44 - 000000000 ____D C:\Users\finle\AppData\Roaming\RenPy
2021-04-11 18:56 - 2021-04-11 18:56 - 000000000 ____D C:\Users\finle\AppData\LocalLow\Pie On A Plate Productions
2021-04-11 07:31 - 2021-04-11 07:33 - 1065598726 _____ C:\Users\finle\Downloads\Five.Nights.at.Freddys.4.rar
2021-04-11 07:28 - 2021-04-11 07:31 - 000000000 ____D C:\Users\finle\Desktop\Fnaf
2021-04-11 05:38 - 2021-04-11 05:45 - 000000783 _____ C:\Users\finle\Desktop\Trailer zum neuen Kanal!.txt
2021-04-08 21:12 - 2021-04-08 21:12 - 007241792 _____ C:\Users\finle\Downloads\forge-1.16.5-36.1.4-installer.jar
2021-04-08 21:08 - 2021-04-08 21:08 - 005924305 _____ C:\Users\finle\Downloads\OptiFine_1.16.5_HD_U_G7.jar
2021-04-08 21:06 - 2021-04-08 21:07 - 342528462 _____ C:\Users\finle\Downloads\Better+Minecraft+Server+Pack+v12.5.zip
2021-04-07 03:41 - 2021-04-07 03:42 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-07 03:39 - 2021-04-07 03:41 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-07 03:39 - 2021-04-07 03:39 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-07 03:37 - 2021-04-07 03:37 - 000000000 ____D C:\ProgramData\ssh
2021-04-07 03:34 - 2021-04-07 03:34 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-07 03:34 - 2021-04-07 03:34 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-07 03:34 - 2021-04-07 03:34 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-07 03:34 - 2021-04-07 03:34 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-07 03:34 - 2021-04-07 03:34 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-07 03:34 - 2021-04-07 03:34 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-07 03:34 - 2021-04-07 03:34 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-07 03:34 - 2021-04-07 03:34 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-07 03:34 - 2021-04-07 03:34 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-07 03:34 - 2021-04-07 03:34 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-07 03:34 - 2021-04-07 03:34 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-07 03:34 - 2021-04-07 03:34 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-07 03:34 - 2021-04-07 03:34 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-07 03:33 - 2021-04-07 03:33 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-07 03:33 - 2021-04-07 03:33 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-07 03:33 - 2021-04-07 03:33 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-07 03:33 - 2021-04-07 03:33 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-04-07 03:33 - 2021-04-07 03:33 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-07 03:33 - 2021-04-07 03:33 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-07 03:33 - 2021-04-07 03:33 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-07 03:33 - 2021-04-07 03:33 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-07 03:33 - 2021-04-07 03:33 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-04-07 03:33 - 2021-04-07 03:33 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-04-07 03:33 - 2021-04-07 03:33 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-07 03:33 - 2021-04-07 03:33 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-07 03:32 - 2021-04-07 03:32 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-07 03:32 - 2021-04-07 03:32 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-07 03:32 - 2021-04-07 03:32 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-07 03:32 - 2021-04-07 03:32 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-07 03:32 - 2021-04-07 03:32 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-07 03:32 - 2021-04-07 03:32 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-07 03:32 - 2021-04-07 03:32 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-07 03:24 - 2021-04-07 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-07 03:24 - 2021-04-07 03:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-07 03:24 - 2021-04-07 03:24 - 000000000 ____D C:\Program Files\MSBuild
2021-04-07 03:24 - 2021-04-07 03:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-07 03:24 - 2021-04-07 03:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-07 02:53 - 2021-04-21 01:54 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-07 02:53 - 2021-04-07 02:53 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-07 02:51 - 2021-04-22 13:54 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-04-07 02:51 - 2021-04-22 13:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-07 02:51 - 2021-04-12 14:13 - 000003382 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2257729394-1977194822-4025707799-1005
2021-04-07 02:51 - 2021-04-07 02:51 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-07 02:51 - 2021-04-07 02:51 - 000003614 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2021-04-07 02:51 - 2021-04-07 02:51 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-07 02:51 - 2021-04-07 02:51 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000003390 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2021-04-07 02:51 - 2021-04-07 02:51 - 000003244 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2021-04-07 02:51 - 2021-04-07 02:51 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002860 _____ C:\WINDOWS\system32\Tasks\X1-GmTaskPlan
2021-04-07 02:51 - 2021-04-07 02:51 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2257729394-1977194822-4025707799-500
2021-04-07 02:51 - 2021-04-07 02:51 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-07 02:51 - 2021-04-07 02:51 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-04-07 02:51 - 2021-04-07 02:51 - 000000020 ___SH C:\Users\finle\ntuser.ini
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Videos
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Vorlagen
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Startmenü
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Netzwerkumgebung
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Lokale Einstellungen
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Eigene Dateien
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Druckumgebung
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Users\Default\Anwendungsdaten
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Programme
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\ProgramData\Vorlagen
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\ProgramData\Startmenü
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\ProgramData\Dokumente
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 _SHDL C:\Dokumente und Einstellungen
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2021-04-07 02:51 - 2021-04-07 02:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2021-04-07 02:51 - 2018-12-17 15:14 - 000003392 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2881789820-3054699731-2642959304-500
2021-04-07 02:51 - 2018-12-17 12:53 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2256724080-955095512-3709714928-500
2021-04-07 02:51 - 2018-10-12 16:51 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3706475483-671098897-2700371968-500
2021-04-07 02:51 - 2018-10-10 14:44 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1383458825-2808065384-2845851277-500
2021-04-07 02:50 - 2021-04-07 02:51 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-04-07 02:50 - 2021-04-07 02:51 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-04-07 02:46 - 2021-04-07 02:46 - 000000020 ___SH C:\Users\postgres\ntuser.ini
2021-04-07 02:45 - 2021-04-12 14:13 - 000002387 _____ C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-07 02:45 - 2021-04-07 02:51 - 000000000 ____D C:\Users\finle
2021-04-07 02:45 - 2021-04-07 02:46 - 000000000 ____D C:\Users\postgres
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Vorlagen
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Startmenü
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Netzwerkumgebung
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Lokale Einstellungen
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Eigene Dateien
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Druckumgebung
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Documents\Eigene Videos
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Documents\Eigene Musik
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Documents\Eigene Bilder
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\AppData\Local\Verlauf
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\AppData\Local\Anwendungsdaten
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\postgres\Anwendungsdaten
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Vorlagen
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Startmenü
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Netzwerkumgebung
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Lokale Einstellungen
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Eigene Dateien
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Druckumgebung
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Documents\Eigene Videos
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Documents\Eigene Musik
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Documents\Eigene Bilder
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\AppData\Local\Verlauf
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\AppData\Local\Anwendungsdaten
2021-04-07 02:45 - 2021-04-07 02:45 - 000000000 _SHDL C:\Users\finle\Anwendungsdaten
2021-04-07 02:45 - 2019-12-07 11:10 - 000001105 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-07 02:44 - 2021-04-07 02:44 - 000000000 ____D C:\WINDOWS\system32\lxss
2021-04-07 02:43 - 2021-04-22 13:51 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-07 02:43 - 2021-04-22 12:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-07 02:43 - 2021-04-18 16:11 - 000454288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-06 19:55 - 2021-04-06 19:55 - 000000000 ____D C:\Users\finle\AppData\Roaming\Valve Corporation
2021-04-06 00:27 - 2021-04-18 14:00 - 000000000 ___HD C:\$WinREAgent
2021-04-03 19:47 - 2021-04-03 19:47 - 000000222 _____ C:\Users\finle\Desktop\The Binding of Isaac Rebirth.url
2021-04-01 18:35 - 2021-04-17 20:41 - 000000000 ____D C:\Users\finle\Desktop\Programme
2021-04-01 18:31 - 2021-04-01 18:35 - 000000000 ____D C:\Users\finle\Desktop\Müll
2021-03-31 02:57 - 2021-03-31 02:57 - 000104142 _____ C:\Users\finle\Downloads\04651fe8-3183-41b8-ab5d-76ff3341878a_1.jfif
2021-03-31 02:43 - 2021-03-31 02:43 - 000100965 _____ C:\Users\finle\Downloads\Kittens_Tuxedo_Coat_Turns_into_Beautiful_Snowflake_Markings_Due_to_a_Rare_Condition.jfif
2021-03-30 19:31 - 2021-03-26 09:53 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-03-30 19:31 - 2021-03-26 09:53 - 001435880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-03-30 19:31 - 2021-03-26 09:52 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-03-30 19:31 - 2021-03-26 09:52 - 001855208 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-03-30 19:31 - 2021-03-26 09:52 - 001452336 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-03-30 19:31 - 2021-03-26 09:52 - 001191728 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-03-30 19:31 - 2021-03-26 09:52 - 001094888 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-03-30 19:31 - 2021-03-26 09:52 - 001094888 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-03-30 19:31 - 2021-03-26 09:52 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-03-30 19:31 - 2021-03-26 09:52 - 000948968 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 001514256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 001166104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 000715552 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 000675104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 000626992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 000575776 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-03-30 19:31 - 2021-03-26 09:49 - 000563984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-03-30 19:31 - 2021-03-26 09:48 - 002105632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-03-30 19:31 - 2021-03-26 09:48 - 001590048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-03-30 19:31 - 2021-03-26 09:48 - 000811800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-03-30 19:31 - 2021-03-26 09:48 - 000689936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-03-30 19:31 - 2021-03-26 09:48 - 000656144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2021-03-30 19:31 - 2021-03-26 09:48 - 000445712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-03-30 19:31 - 2021-03-26 09:47 - 008316176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-03-30 19:31 - 2021-03-26 09:47 - 007433488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-03-30 19:31 - 2021-03-26 09:47 - 005675824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2021-03-30 19:31 - 2021-03-26 09:47 - 004795184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-03-30 19:31 - 2021-03-26 09:47 - 002823440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-03-30 19:31 - 2021-03-26 09:46 - 000848688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-03-30 19:31 - 2021-03-26 09:45 - 007207560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2021-03-30 19:31 - 2021-03-26 09:45 - 006154480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-03-30 19:31 - 2021-03-26 01:34 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2021-03-30 19:31 - 2021-03-26 01:34 - 000087163 _____ C:\WINDOWS\system32\nvinfo.pb
2021-03-30 19:31 - 2021-03-26 01:34 - 000067456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2021-03-30 19:31 - 2021-03-26 01:34 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2021-03-30 02:14 - 2021-03-30 02:14 - 005068238 _____ C:\Users\finle\Documents\schlat.xcf
2021-03-28 17:16 - 2021-03-28 17:16 - 000001005 _____ C:\Users\Public\Desktop\Streamlabs OBS.lnk
2021-03-28 17:16 - 2021-03-28 17:16 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streamlabs OBS.lnk
2021-03-28 17:16 - 2021-03-28 17:16 - 000001005 _____ C:\ProgramData\Desktop\Streamlabs OBS.lnk
2021-03-28 01:39 - 2021-03-28 01:39 - 002669107 _____ C:\Users\finle\Downloads\OptiFine_1.12.2_HD_U_G5.jar
2021-03-27 12:08 - 2021-03-27 12:08 - 007225324 _____ C:\Users\finle\Downloads\forge-1.16.5-36.1.2-installer.jar

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-04-22 14:46 - 2020-10-25 12:11 - 000000000 ____D C:\FRST
2021-04-22 14:46 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-22 14:35 - 2020-04-30 20:09 - 000000000 ____D C:\Users\finle\AppData\LocalLow\Mozilla
2021-04-22 14:35 - 2020-04-30 20:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-04-22 14:24 - 2020-05-07 22:11 - 000000000 ____D C:\Users\finle\AppData\Local\CrashDumps
2021-04-22 14:24 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-22 14:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-22 13:58 - 2020-10-01 19:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-04-22 13:58 - 2020-04-30 20:09 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-04-22 13:58 - 2020-04-30 20:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-04-22 13:56 - 2020-10-11 14:57 - 000000000 ____D C:\Users\finle\AppData\LocalLow\Unity
2021-04-22 13:55 - 2020-04-30 20:01 - 000000000 ____D C:\Users\finle\AppData\Local\Packages
2021-04-22 13:55 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-22 13:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-22 13:54 - 2020-08-05 14:05 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-22 13:52 - 2021-01-29 15:07 - 000000000 ____D C:\Program Files\CCleaner
2021-04-22 13:51 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-22 13:49 - 2020-05-05 18:32 - 000000000 ____D C:\Users\finle\AppData\Roaming\discord
2021-04-22 13:49 - 2020-05-02 17:42 - 000000000 ____D C:\Program Files (x86)\Steam
2021-04-22 13:49 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-22 13:18 - 2020-07-02 21:24 - 000000000 ____D C:\Users\finle\AppData\Roaming\Spotify
2021-04-22 12:34 - 2020-05-02 17:46 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-22 02:06 - 2020-05-05 10:25 - 000000000 ____D C:\Users\finle\AppData\Roaming\.minecraft
2021-04-22 00:09 - 2020-06-06 20:32 - 000000000 ____D C:\Users\finle\AppData\Roaming\WhatsApp
2021-04-21 22:58 - 2020-08-22 20:42 - 000000000 ____D C:\Users\finle\AppData\Roaming\Twitch
2021-04-21 22:58 - 2020-07-02 21:25 - 000000000 ____D C:\Users\finle\AppData\Local\Spotify
2021-04-21 21:59 - 2020-10-29 00:10 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-21 21:28 - 2020-08-24 03:24 - 000000000 ____D C:\Users\finle\AppData\Roaming\slobs-client
2021-04-21 17:58 - 2020-05-02 17:57 - 000000000 ____D C:\Users\finle\AppData\Local\D3DSCache
2021-04-21 01:54 - 2019-12-07 16:50 - 000743562 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-21 01:54 - 2019-12-07 16:50 - 000149984 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-20 11:54 - 2020-10-30 22:35 - 000000000 ____D C:\Users\finle\AppData\Local\Riot Games
2021-04-20 11:54 - 2020-10-30 22:35 - 000000000 ____D C:\ProgramData\Riot Games
2021-04-19 12:49 - 2020-08-08 00:02 - 000000000 ____D C:\Users\finle\AppData\Local\babl-0.1
2021-04-19 12:48 - 2020-08-13 23:25 - 000000000 ____D C:\Users\finle\AppData\Local\gtk-2.0
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-18 16:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-18 14:48 - 2021-03-09 16:38 - 000000000 ____D C:\vol0
2021-04-18 14:11 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-18 14:11 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-18 14:00 - 2020-04-30 21:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-18 13:57 - 2018-12-17 16:11 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-17 21:21 - 2020-04-30 20:54 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-17 21:16 - 2020-05-04 17:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-04-17 16:44 - 2021-02-20 17:55 - 000000000 ____D C:\Users\finle\AppData\Roaming\Twitch Studio
2021-04-14 18:26 - 2020-10-30 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-04-12 14:13 - 2020-04-30 20:02 - 000000000 ___RD C:\Users\finle\OneDrive
2021-04-11 05:00 - 2018-10-10 14:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 16:07 - 2021-01-08 14:58 - 000002180 _____ C:\Users\finle\Desktop\CurseForge.lnk
2021-04-09 16:07 - 2020-11-22 17:12 - 000000000 ____D C:\Users\finle\AppData\Local\Overwolf
2021-04-09 05:13 - 2020-08-24 00:07 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-08 14:21 - 2020-08-14 13:11 - 000000000 ____D C:\Users\finle\AppData\Roaming\audacity
2021-04-07 04:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-07 03:43 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-04-07 03:43 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-07 03:43 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-07 03:42 - 2021-03-21 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Launcher
2021-04-07 03:42 - 2021-03-06 01:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huion Tablet
2021-04-07 03:42 - 2021-01-29 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-04-07 03:42 - 2020-12-05 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RawTherapee
2021-04-07 03:42 - 2020-11-30 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2021-04-07 03:42 - 2020-11-25 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genshin Impact
2021-04-07 03:42 - 2020-11-10 23:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.5
2021-04-07 03:42 - 2020-10-23 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0
2021-04-07 03:42 - 2020-08-07 17:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2021-04-07 03:42 - 2020-08-05 14:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-07 03:42 - 2020-05-02 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-07 03:42 - 2020-05-02 17:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-07 03:42 - 2020-05-01 09:49 - 000000000 ____D C:\Program Files\UNP
2021-04-07 03:42 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-07 03:42 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-07 03:42 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-07 03:42 - 2018-12-17 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDION
2021-04-07 03:42 - 2018-12-17 13:55 - 000000000 ____D C:\Program Files\Intel
2021-04-07 03:42 - 2018-09-15 09:33 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-07 03:42 - 2018-09-15 09:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-07 03:41 - 2020-09-20 10:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-04-07 03:41 - 2020-05-30 20:26 - 000000000 ____D C:\Program Files\Realtek
2021-04-07 03:41 - 2020-05-03 01:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devolver Digital
2021-04-07 03:41 - 2020-04-30 21:20 - 000000000 ____D C:\WINDOWS\Firmware
2021-04-07 03:37 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-07 03:37 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-07 03:37 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-07 03:36 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-07 03:36 - 2019-12-07 16:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-07 03:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-07 03:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-07 03:07 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-07 02:51 - 2020-04-30 20:01 - 000000000 ___RD C:\Users\finle\3D Objects
2021-04-07 02:51 - 2020-04-30 19:49 - 000000000 ____D C:\ProgramData\Packages
2021-04-07 02:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-07 02:51 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-04-07 02:51 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-07 02:51 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-07 02:51 - 2018-10-10 14:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-07 02:45 - 2021-02-13 12:49 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2021-04-07 02:45 - 2020-11-22 17:13 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2021-04-07 02:45 - 2020-08-05 18:03 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2021-04-07 02:45 - 2020-06-06 20:32 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2021-04-07 02:45 - 2020-05-02 17:27 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-07 02:45 - 2020-05-02 17:11 - 000000000 ____D C:\Users\finle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-04-07 02:44 - 2020-08-05 13:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-04-07 02:44 - 2020-05-30 20:26 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2021-04-07 02:44 - 2020-05-30 20:26 - 000000000 ____D C:\WINDOWS\system32\DAX3
2021-04-07 02:44 - 2020-05-30 20:26 - 000000000 ____D C:\WINDOWS\system32\DAX2
2021-04-07 02:44 - 2020-05-30 20:26 - 000000000 _____ C:\WINDOWS\system32\fpfftResultsFile.txt
2021-04-06 17:58 - 2021-01-28 17:08 - 000000000 ____D C:\Users\finle\Desktop\MSI Afterburner
2021-04-03 20:39 - 2020-05-02 19:57 - 000000000 ____D C:\Users\finle\Documents\My Games
2021-03-31 02:21 - 2020-08-05 14:06 - 000000000 ____D C:\Users\finle\AppData\Local\NVIDIA
2021-03-30 12:40 - 2020-11-22 17:13 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-23 01:42 - 2020-08-24 00:07 - 000470864 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-03-23 01:41 - 2020-04-30 21:21 - 000734008 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2021-02-17 15:32 - 2020-12-19 15:32 - 000000032 ____R () C:\ProgramData\hash.dat
2020-10-04 16:19 - 2020-10-04 16:22 - 000000186 _____ () C:\Users\finle\AppData\Roaming\modthegungeon.conf
2020-07-07 16:54 - 2020-08-09 17:05 - 000004655 _____ () C:\Users\finle\AppData\Roaming\VoiceMeeterDefault.xml
2020-05-03 14:37 - 2020-05-03 14:37 - 000001536 _____ () C:\Users\finle\AppData\Local\GfxMetrics.cfg
2021-04-19 12:48 - 2021-04-19 12:48 - 000007414 _____ () C:\Users\finle\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

--- --- ---

--- --- ---

Windows 10: Backdoor:Win32/Bladabindi!ml

Log-Analyse und Auswertung: Windows 10: Backdoor:Win32/Bladabindi!ml

Windows 10: Backdoor:Win32/Bladabindi!ml

Ähnliche Themen: Windows 10: Backdoor:Win32/Bladabindi!ml