| |
| |||||||
Diskussionsforum: Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführtWindows 7 Hier sind ausschließlich fachspezifische Diskussionen erwünscht. Bitte keine Log-Files, Hilferufe oder ähnliches posten. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Bereinigungen von nicht ausgebildeten Usern sind hier untersagt. Wenn du dir einen Virus doer Trojaner eingefangen hast, eröffne ein Thema in den Bereinigungsforen oben. |
27.06.2021, 20:30
| #1 | |
 |  Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt Hallo, bei mir wir nach dem Login unter AppData\Local\Temp immer ein exe ausgeführt, der Name ändert sich, Bsp: a8ee9d2a-7120-4192-aaa3-0558ee0ba707.tmp.exe (82.944 Bytes) Das Programm öffnet ein Fenster und gibt Zahlen und Buchstaben aus, Bsp. für Anfang: Zitat:
Avast meldet, dass die Datei sicher ist. VirusTotal meldetfolgende Troyaner:
Details siehe https://www.virustotal.com/gui/file/f6436dc45c8356d26174a2a8c67523217ef6024197e61af10edfa137a90a1c65/detection Ich habe Malwarebytes laufen lassen, meldet aber keine Probleme. Hinweis: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mount_Veracrypt.cmd ist unkritisch, ist ein Mount Skript, was ich selber geschrieben habe. Wäre toll, wenn ihr mir helfen könntet. LG tsmomc Anbei die gewünschten Ausgaben von FRST. FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2021
durchgeführt von thoma (Administrator) auf DESKTOP-HCA6LJN (27-06-2021 20:50:28)
Gestartet von D:\download\+++ troyaner +++
Geladene Profile: thoma
Platform: Windows 10 Pro Version 21H1 19043.1081 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\S5WOW_App\ATHEROS\S5wow.exe
() [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\S5WOW_App\x64\S5wow_2005.exe
(1 und 1 Internet AG -> 1&1 Internet AG) C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\LightingService\1.00.29\AsRogAuraGpuDllServer.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.30\aaHMSvc.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\2.00.06\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\1.00.29\LightingService.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <5>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(Datronicsoft, Inc. -> ) C:\Windows\System32\spacedeskService.exe
(Datronicsoft, Inc. -> ) C:\Windows\System32\spacedeskServiceTray.exe
(DeepL GmbH) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\DeepL.exe
(Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(EIZO Corporation -> EIZO Corporation) C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe
(FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
(FabulaTech, LLP -> ) C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
(FabulaTech, LLP -> VMware) C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(GlassWire -> SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(GN AUDIO A/S -> GN Audio A/S) C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe <4>
(GN AUDIO A/S -> GN Audio A/S) C:\Program Files (x86)\Jabra\Direct4\SoftphoneIntegrations.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] C:\Program Files (x86)\WinTV\TVServer\CaptureGenPCI.exe <2>
(IDRIX SARL -> IDRIX) C:\Program Files\VeraCrypt\VeraCrypt.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) INTELND1617S2 -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\GfxDownloadWrapper.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_778512ee63a728ec\RstMwService.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(LULU Software -> LULU Software) C:\Program Files\Soda PDF Desktop\creator\common\creator-ws.exe
(LULU Software -> LULU Software) C:\Program Files\Soda PDF Desktop\updater-ws.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Manhattan Engineering Incorporated -> Kite) C:\Program Files\Kite\kited.exe
(Manhattan Engineering Incorporated -> Kite) C:\Program Files\Kite\KiteService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\AgentService.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe
(MSIP Code Signing -> www.microsip.org) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\MicroSIP\microsip.exe
(Nenad Hrg -> Nenad Hrg SoftwareOK) C:\Program Files\DesktopOK\DesktopOK_x64.exe
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Paramount Software UK Ltd -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\Users\thoma\AppData\Local\slack\app-4.17.1\slack.exe <5>
(SplitmediaLabs Limited -> SplitmediaLabs Limited) C:\Program Files\XSplit\VCam\service\XSpltVidSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(The CefSharp Authors) [Datei ist nicht signiert] C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\CefSharp.BrowserSubprocess.exe <3>
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Xerox Corporation -> Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [122592 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1068624 2020-10-11] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3160256 2021-05-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe [106801552 2021-06-09] (GN AUDIO A/S -> GN Audio A/S)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31046640 2020-09-21] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5928728 2020-10-11] (IDRIX SARL -> IDRIX)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [1&1_1&1 Upload-Manager] => C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1 und 1 Internet AG -> 1&1 Internet AG)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [DeepL] => C:\Users\thoma\AppData\Local\DeepL\app-2.5.1\DeepL.exe [133632 2021-05-30] (DeepL GmbH) [Datei ist nicht signiert]
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [Kite] => C:\Program Files\Kite\kited.exe [562179520 2021-06-10] (Manhattan Engineering Incorporated -> Kite)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [DesktopOK] => C:\Program Files\DesktopOK\DesktopOK_x64.exe [921480 2021-03-16] (Nenad Hrg -> Nenad Hrg SoftwareOK)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\GlassWire.exe [9242536 2021-05-14] (GlassWire -> SecureMix LLC)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\thoma\AppData\Local\slack\slack.exe [308368 2021-06-06] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MountPoints2: {1768b476-52b6-11eb-868b-107b4415ae9e} - "O:\AutoRun.exe"
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MountPoints2: {6b500ea1-4a0e-11eb-867b-107b4415ae9e} - "O:\AutoRun.exe"
HKU\S-1-5-21-4198695647-2910091461-4277131257-1001\...\MountPoints2: {6b500f5d-4a0e-11eb-867b-107b4415ae9e} - "O:\setup.exe" AUTORUN=1
HKU\S-1-5-21-4198695647-2910091461-4277131257-1003\...\Run: [2FFD542F547A6A94419661128FD7298878C7A371._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-4198695647-2910091461-4277131257-1003\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --auto-launch-onlogon --start-maximized --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session -- (Der Dateneintrag hat 70 mehr Zeichen).
HKU\S-1-5-21-4198695647-2910091461-4277131257-1005\...\RunOnce: [Application Restart #0] => C:\Program Files\Macrium\Common\ReflectMonitor.exe [26150760 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1005\...\RunOnce: [Application Restart #1] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1010\...\RunOnce: [Application Restart #0] => C:\Program Files\Macrium\Common\ReflectUI.exe [7580488 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKU\S-1-5-21-4198695647-2910091461-4277131257-1010\...\RunOnce: [Application Restart #1] => C:\Program Files\Macrium\Common\ReflectMonitor.exe [26150760 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
HKLM\...\Windows x64\Print Processors\TeamViewer_PrintProcessor: C:\Windows\System32\spool\prtprocs\x64\TeamViewer_PrintProcessor.dll [20208 2017-08-29] (TeamViewer GmbH -> )
HKLM\...\Print\Monitors\Adobe PDF Port: C:\Windows\SysWOW64\AdobePDF.dll [28248 2006-09-29] (Adobe Systems, Incorporated -> Adobe Systems Incorporated.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series XPS: C:\Windows\System32\CNMXLMBL.DLL [393728 2012-09-20] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\FRITZ!fax Color Port Monitor: C:\Windows\System32\FritzColorPort64.dll [20480 2006-02-23] () [Datei ist nicht signiert]
HKLM\...\Print\Monitors\FRITZ!fax Port Monitor: C:\Windows\System32\FritzPort64.dll [20480 2006-02-22] () [Datei ist nicht signiert]
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2057488 2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\PDFill Writer Monitor: C:\Program Files (x86)\PlotSoft\PDFill\PDFWriter\Driver\PDFillWriterMon.dll [38824 2020-08-23] (PlotSoft LLC -> Windows (R) Codename Longhorn DDK provider)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-26] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.10364.115\Installer\chrmstp.exe [2021-06-23] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\91.1.26.67\Installer\chrmstp.exe [2021-06-22] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Screen InStyle.lnk [2018-09-09]
ShortcutTarget: Screen InStyle.lnk -> C:\Program Files (x86)\EIZO\Screen InStyle\ScreenInStyle.exe (EIZO Corporation -> EIZO Corporation)
Startup: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MicroSIP.lnk [2021-06-16]
ShortcutTarget: MicroSIP.lnk -> C:\Users\thoma\AppData\Local\MicroSIP\microsip.exe (MSIP Code Signing -> www.microsip.org) [Datei ist nicht signiert]
Startup: C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mount_Veracrypt.cmd [2020-10-26] () [Datei ist nicht signiert]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {005D84C2-EDA3-438D-AE0F-0FB0FAFE59C7} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {0A809507-98FB-45EA-9AFA-6EC7C4E41661} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {0EB7F3EB-E9BF-448D-816F-A6004038B706} - System32\Tasks\SU_AutoUpdate => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit)
Task: {105E52A6-D36D-48FD-B0E9-81D2EDAEC76A} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [1233920 2017-10-18] (ASUSTeK COMPUTER INC.) [Datei ist nicht signiert]
Task: {12C0E9C8-FBB6-41FF-BA4B-654CDF6393C8} - System32\Tasks\Software Updater SkipUAC(thoma) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit) <==== ACHTUNG
Task: {1AC165B8-E271-4985-A76D-0F53F4683552} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1112576 2017-05-19] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {21390E5A-ECD2-4B2C-8638-E41738294AEA} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {26C8469C-15C8-4782-B07D-4A9E084BEFB6} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {34186EBC-CDEE-48E4-95C0-8EE410061B22} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {36873C61-2D8A-46EB-8B00-6F08E23D19A4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {37817CB2-6796-4FE5-BB89-60A132841A63} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {37AFCB71-04A4-4CFD-B0D9-0FF999AB1494} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754104 2021-01-07] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {3858C6E9-501D-4496-89F7-79F2CB232AD4} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-4198695647-2910091461-4277131257-1001 => C:\Users\thoma\AppData\Local\MEGAsync\MEGAupdater.exe [615672 2020-09-20] (Mega Limited -> Mega Limited)
Task: {3E40CD95-3652-47D8-8FCD-2385ACAEFF3C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {400FEC93-A76B-465F-9FF5-2409C8845D34} - System32\Tasks\G2MUploadTask-S-1-5-21-4198695647-2910091461-4277131257-1001 => C:\Users\thoma\AppData\Local\GoToMeeting\19228\g2mupload.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {40820894-D3D8-453F-9638-D584DD1DF9B8} - System32\Tasks\Opera scheduled Autoupdate 1573333256 => C:\Users\thoma\AppData\Local\Programs\Opera\launcher.exe
Task: {41EC6830-B92E-448B-9809-DAEF9B702842} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-19] (Google Inc -> Google Inc.)
Task: {4768BAE1-518E-4A29-9969-55CFE764FCFC} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1461200 2016-10-07] (ASUSTeK Computer Inc. -> )
Task: {4C058142-2FFD-4045-93C5-ADA908B4B609} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\LightingService\1.00.29\AsRogAuraGpuDllServer.exe [247256 2017-09-22] (ASUSTeK Computer Inc. -> )
Task: {4CD90931-266C-4C0B-9E98-9E004A647A73} - System32\Tasks\G2MUpdateTask-S-1-5-21-4198695647-2910091461-4277131257-1001 => C:\Users\thoma\AppData\Local\GoToMeeting\19228\g2mupdate.exe [31320 2020-12-18] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {4F3153B8-BF1E-4C4C-BDC1-A960DC48B5F5} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
Task: {5135714E-030B-47A6-AE5E-866A1A560FC9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {52F61971-8A47-41A3-A297-12F0F1B20380} - System32\Tasks\Software Updater SkipUAC(sandr) => C:\Program Files (x86)\IObit\Software Updater\SoftwareUpdater.exe [4513224 2021-01-19] (IObit Information Technology -> IObit) <==== ACHTUNG
Task: {5648571B-7BD1-4A03-82C7-FAC6869F1D3C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1290200 2017-02-09] (ASUSTeK Computer Inc. -> )
Task: {5A520292-B468-42E9-A05D-4A0ED5DCDFEA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5B328278-0F03-458B-A576-D29414E41BA6} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4417496 2017-02-09] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {5D401512-7328-48D0-AF35-4D64BCF4D2E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {629711A6-2BB3-4E6A-8641-B58D732CCC38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {654FCFAA-1722-4954-A235-E0C20FB80BE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-19] (Google Inc -> Google Inc.)
Task: {668E4F81-18AF-4517-A7AF-8A03FE4AA593} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6FA86AE2-51B5-4E3C-B7AF-CFFD2CE4542F} - System32\Tasks\Xerox\Xerox PowerENGAGE => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {710AAD34-E848-41D2-9CB2-C2309C09843D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118104 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {7F79EC1F-9496-4D3D-A9B6-8B149818496A} - System32\Tasks\ASUS\ASUS File Transfer Server Launcher => C:\Program Files (x86)\ASUS\AI Suite III\File Transfer\Wi-Fi GO! AssistTool\File Transfer Server Launcher.exe [1898480 2016-09-21] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {8277A3E4-ECA0-4132-9223-4FA0C2D4A733} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-26] (Mozilla Corporation -> Mozilla Foundation)
Task: {8AF3B45E-EEE7-4BE9-BB6E-A773008DF0EF} - System32\Tasks\Xerox\Xerox PowerENGAGE Update => C:\Program Files (x86)\Xerox PowerENGAGE\xeroxreg.exe [117984 2016-09-13] (Aviata Inc -> Aviata Inc)
Task: {997A2699-5CB4-40B3-BEE1-CEB12890E80C} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [811520 2017-10-18] (ASUSTeK COMPUTER INC.) [Datei ist nicht signiert]
Task: {9AB4CE3F-981C-49F3-8808-287615E74099} - System32\Tasks\Software Updater Scheduler => C:\Program Files (x86)\IObit\Software Updater\SUInit.exe [1789200 2020-06-30] (IObit Information Technology -> IObit Software updater) <==== ACHTUNG
Task: {AB0B23DB-4923-4FF3-AE82-8ECF5E00D829} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40432 2020-09-21] (Garmin International, Inc. -> )
Task: {B46E811C-C114-4DEE-A6CF-3EE27C5D8083} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1995736 2017-02-16] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {B52182A2-B47B-4EBA-B666-7EFCAE0627D3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6E72D07-8306-4149-B123-147034168A5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124896 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD7E10A-CE58-46C0-8E09-4E213B5A51B0} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {C45FC55E-D980-4C28-A408-EF9E520429C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C494B1F9-E781-4E2A-9025-6927DFF35D29} - System32\Tasks\Amazon Music Helper => C:\Users\thoma\AppData\Local\Amazon Music\Amazon Music Helper.exe [2091960 2020-01-10] (Amazon Services LLC -> Amazon.com Services LLC)
Task: {CA2022A4-B81D-4010-9355-193A1B8F32E8} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [27067088 2017-09-08] (Corsair Components, Inc. -> Corsair Components, Inc.)
Task: {D41EBB5B-37DF-49E1-85D6-D951987DCC05} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4808928 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
Task: {DDE652BF-3898-4A66-8CD4-D92C0089C2B8} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {E06909C6-0A80-41E5-87AE-1F95D1B6C26E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {E345DE8F-18F9-4C60-BC6B-C18B88BB50ED} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
Task: {E573A806-D442-4C3A-9A81-5DC052FC282C} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {E77DD0DB-B08E-43DD-96C5-9AA2A084D1CA} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {FDE19336-B182-4BA9-8557-48C100F6C152} - System32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon => c:\program files\xerox\xeroxprintexperience\xeroxprintexperience\XeroxPrinterConfiguration.exe [393928 2020-10-30] (Xerox Corporation -> Xerox Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4198695647-2910091461-4277131257-1001.job => C:\Users\thoma\AppData\Local\GoToMeeting\19228\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4198695647-2910091461-4277131257-1001.job => C:\Users\thoma\AppData\Local\GoToMeeting\19228\g2mupload.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4767166f-faa3-49bd-bcaa-773a41ea516f}: [DhcpNameServer] 192.168.178.1
Edge:
=======
DownloadDir: D:\download
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\thoma\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-27]
Edge DownloadDir: Default -> D:\download
FireFox:
========
FF DefaultProfile: Mozilla Firefox
FF ProfilePath: M:\Mozilla Firefox [2020-10-26]
FF Homepage: M:\Mozilla Firefox -> hxxps://www.google.de/
FF Extension: (Firefox Lightbeam) - M:\Mozilla Firefox\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2018-02-17]
FF Extension: (Dark YouTube Theme) - M:\Mozilla Firefox\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-09-06]
FF Extension: (MetaMask) - M:\Mozilla Firefox\Extensions\webextension@metamask.io.xpi [2018-03-07]
FF Extension: (1-Click YouTube Video Downloader) - M:\Mozilla Firefox\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-04-13]
FF Extension: (EPUBReader) - M:\Mozilla Firefox\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}.xpi [2020-06-23]
FF Extension: (Flash- und Video-Download) - M:\Mozilla Firefox\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-08-31]
FF Extension: (OkayFreedom) - M:\Mozilla Firefox\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2016-06-17] [UpdateUrl:hxxps://www.steganos.com/updates/okayfreedom/update_okayfreedom_ff.rdf]
FF Extension: (Video DownloadHelper) - M:\Mozilla Firefox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-12-17]
FF Extension: (JSONView) - M:\Mozilla Firefox\Extensions\jsonview@brh.numbera.com.xpi [2021-01-06]
FF Extension: (DownThemAll!) - M:\Mozilla Firefox\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2021-01-23]
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - M:\Mozilla Firefox\Extensions\@windscribeff.xpi [2021-02-08]
FF Extension: (Ghostery – Datenschutzorientierter Werbeblocker) - M:\Mozilla Firefox\Extensions\firefox@ghostery.com.xpi [2021-03-03]
FF Extension: (I don't care about cookies) - M:\Mozilla Firefox\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2021-04-19]
FF Extension: (Kee - Password Manager) - M:\Mozilla Firefox\Extensions\keefox@chris.tomlinson.xpi [2021-05-06]
FF Extension: (Web of Trust) - M:\Mozilla Firefox\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2021-05-10]
FF Extension: (Python Notebook Viewer) - M:\Mozilla Firefox\Extensions\rushikesh988-5@gmail.com.xpi [2021-05-16]
FF Extension: (Adblock Plus - kostenloser Adblocker) - M:\Mozilla Firefox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2021-05-19]
FF Extension: (NoScript) - M:\Mozilla Firefox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-06-26]
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\duckduckgo.xml [2013-08-15]
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\englische-ergebnisse.xml [2012-09-26]
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\gmx-suche.xml [2012-09-26]
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\lastminute.xml [2012-09-26]
FF SearchPlugin: M:\Mozilla Firefox\searchplugins\webde-suche.xml [2012-09-26]
FF ProfilePath: C:\Users\thoma\AppData\Roaming\Mozilla\Firefox\Profiles\f62kpuh7.default [2021-06-27]
FF Extension: (OkayFreedom) - C:\Users\thoma\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2019-03-27] [UpdateUrl:hxxps://www.steganos.com/updates/okayfreedom/update_okayfreedom_ff.rdf]
FF Extension: (KeeFox) - C:\Users\thoma\AppData\Roaming\Mozilla\Firefox\Profiles\f62kpuh7.default\Extensions\keefox@chris.tomlinson [2017-10-19] []
FF Extension: (Avast SafePrice | Vergleich, Angebote, Gutscheine) - C:\Users\thoma\AppData\Roaming\Mozilla\Firefox\Profiles\f62kpuh7.default\Extensions\sp@avast.com.xpi [2019-11-15]
FF Extension: (Avast Online Security) - C:\Users\thoma\AppData\Roaming\Mozilla\Firefox\Profiles\f62kpuh7.default\Extensions\wrc@avast.com.xpi [2019-11-15]
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv@sodapdf.com] - C:\Program Files\Soda PDF Desktop\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv@sodapdf.com.xpi [2018-06-04] []
FF HKLM\...\Firefox\Extensions: [soda_pdf_desktop_conv_v.2@sodapdf.com] - C:\Program Files\Soda PDF Desktop\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv_v.2@sodapdf.com.xpi
FF Extension: (Soda PDF Desktop Creator) - C:\Program Files\Soda PDF Desktop\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv_v.2@sodapdf.com.xpi [2018-06-04]
FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_desktop_conv_v.2@sodapdf.com] - C:\Program Files\Soda PDF Desktop\creator\plugins\FirefoxAddin\soda_pdf_desktop_conv_v.2@sodapdf.com.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: Soda PDF Desktop -> C:\Program Files\Soda PDF Desktop\np-previewer.dll [2018-06-04] (LULU Software -> LULU Software)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-03] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-30] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2021-01-26] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4198695647-2910091461-4277131257-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4198695647-2910091461-4277131257-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4198695647-2910091461-4277131257-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-04-22] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4198695647-2910091461-4277131257-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\thoma\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4198695647-2910091461-4277131257-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\thoma\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default [2021-06-27]
CHR DownloadDir: D:\download
CHR Notifications: Default -> hxxps://web.whatsapp.com; hxxps://www.gympass.com; hxxps://www.pcwelt.de
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Extension: (Google Übersetzer) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-19]
CHR Extension: (Präsentationen) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Talend API Tester - Free Edition) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2021-06-26]
CHR Extension: (Terra Station) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiifbnbfobpmeekipheeijimdpnlpgpp [2021-06-26]
CHR Extension: (Docs) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-20]
CHR Extension: (KeeForm) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhcphbkicakelgpchlhccaeljahoima [2021-06-26]
CHR Extension: (Avira Password Manager) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-06-26]
CHR Extension: (Avira Safe Shopping) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-06-26]
CHR Extension: (KeePassHttp-Connector) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafgdjggglmmknipkhngniifhplpcldb [2020-05-01]
CHR Extension: (Tabellen) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Binance Chain Wallet) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbohimaelbohpjbbldcngcnapndodjp [2021-06-26]
CHR Extension: (I don't care about cookies) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2021-04-22]
CHR Extension: (Google Docs Offline) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-27]
CHR Extension: (Plus for Trello (time track, reports)) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjpophepkbhejnglcmkdnncmaanojkf [2021-05-22]
CHR Extension: (Video DownloadHelper) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-03-05]
CHR Extension: (Export for Trello) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdelomnagopgaealggpgojkhcafhnin [2018-04-02]
CHR Extension: (MetaMask) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2021-06-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-07]
CHR Extension: (Google Mail) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-01]
CHR Profile: C:\Users\thoma\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-03-12]
CHR Profile: C:\Users\thoma\AppData\Local\Google\Chrome\User Data\System Profile [2020-03-12]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-06-12]
BRA Notifications: Default -> hxxps://app.slack.com
BRA Extension: (Avira Password Manager) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-06-12]
BRA Extension: (Avira Safe Shopping) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-02-24]
BRA Extension: (Avast SafePrice | Vergleich, Angebote, Gutscheine) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2021-01-07]
BRA Extension: (OkayFreedom) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2019-10-25]
BRA Extension: (Kee - Password Manager) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mmhlniccooihdimnnjhamobppdhaolme [2021-02-24]
BRA Extension: (PAYBACK Internet Assistent) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2021-02-24]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-05-04]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-06-12]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-04-04]
BRA Extension: (Brave Ad Block Updater (EasyList Germany)) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\faknfgalcghekhfggcdikddilkpjbonh [2021-06-12]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-06-12]
BRA Extension: (Brave Ad Block Updater (DEU: EasyList Germany)) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\jmomcjcilfpbaaklkifaijjcnancamde [2020-05-24]
BRA Extension: (Brave NTP sponsored images) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-06-12]
BRA Extension: (PDF Viewer) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\oemmndcbldboiebfnladdacbdfmadadm [2019-04-22]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\thoma\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-06-12]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 Adiscon EvntSLog; C:\Program Files (x86)\EventReporter\evntslog.exe [4614792 2018-04-27] (Adiscon GmbH -> Adiscon GmbH, Germany (info@adiscon.com, hxxp://www.adiscon.com))
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\2.00.06\atkexComSvc.exe [411456 2017-09-21] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.30\aaHMSvc.exe [975832 2017-01-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2016-04-20] (ASUSTeK Computer Inc. -> ) [Datei ist nicht signiert]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\AsusFanControlService.exe [610776 2017-02-09] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8151120 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [622816 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [370400 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2021-01-26] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.10364.115\elevation_service.exe [1421288 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [154056 2019-04-22] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
R2 client_service; C:\Program Files (x86)\VMware\VMware Horizon View Client\ClientService\horizon_client_service.exe [444632 2021-02-05] (VMware, Inc. -> VMware, Inc.)
S3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32976 2017-09-08] (Corsair Components, Inc. -> Corsair Components, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [441664 2019-04-16] (Digital Wave Ltd -> Digital Wave Ltd.)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-05-15] (Bayerisches Landesamt fuer Steuern -> )
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-07-24] (Mixbyte Inc -> Freemake)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [283760 2020-09-11] (FabulaTech, LLP -> )
R2 ftscanmgrhv; C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe [301680 2020-09-11] (FabulaTech, LLP -> )
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7174568 2021-05-14] (GlassWire -> SecureMix LLC)
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [594216 2018-12-20] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc) [Datei ist nicht signiert] [Datei wird verwendet]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 KiteService; C:\Program Files\Kite\KiteService.exe [140864 2021-06-10] (Manhattan Engineering Incorporated -> Kite)
R2 LightingService; C:\Program Files (x86)\LightingService\1.00.29\LightingService.exe [1144792 2017-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [8929608 2021-05-24] (Paramount Software UK Ltd -> Paramount Software UK Ltd)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-31] (Malwarebytes Inc -> Malwarebytes)
R2 MTAgentService; C:\Program Files\MiniTool ShadowMaker\AgentService.exe [783344 2021-01-28] (MiniTool Software Limited -> )
R2 MTSchedulerService; C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [226800 2021-01-28] (MiniTool Software Limited -> )
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [564928 2021-03-25] (geek software GmbH -> geek software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395360 2021-06-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Soda PDF Desktop; C:\Program Files\Soda PDF Desktop\ws.exe [2780400 2018-06-04] (LULU Software -> LULU Software)
R2 Soda PDF Desktop Creator; C:\Program Files\Soda PDF Desktop\creator\common\creator-ws.exe [756464 2018-06-04] (LULU Software -> LULU Software)
R2 Soda PDF Desktop Update Service; C:\Program Files\Soda PDF Desktop\updater-ws.exe [751344 2018-06-04] (LULU Software -> LULU Software)
R2 spacedeskService; C:\WINDOWS\system32\spacedeskService.exe [1091488 2020-09-08] (Datronicsoft, Inc. -> )
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-29] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [480368 2020-09-22] (FabulaTech, LLP -> VMware)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [513920 2020-10-30] (Xerox Corporation -> Xerox Corporation)
S3 XeroxProdRegManager; C:\Program Files (x86)\Xerox PowerENGAGE\EngageService.exe [293608 2016-09-13] (Aviata Inc -> Aviata, Inc.)
S3 XSplit_VCam_Updater; C:\Program Files\XSplit\VCam\XSplit_VCam_Updater.exe [3194032 2021-06-14] (SplitmediaLabs Limited -> XSplit)
R2 XSpltVidSvc; C:\Program Files\XSplit\VCam\service\XSpltVidSvc.exe [259248 2021-06-14] (SplitmediaLabs Limited -> SplitmediaLabs Limited)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 anvsnddrv; C:\WINDOWS\system32\drivers\anvsnddrv.sys [33872 2012-05-17] (AnvSoft Co., Ltd. -> AnvSoft Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2017-09-21] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] (ASUSTeK Computer Inc. -> )
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216360 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365536 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99296 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180944 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522864 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82856 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851144 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471352 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215336 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-06-03] (Avast Software s.r.o. -> AVAST Software)
R2 BlueStacksDrv; C:\Program Files (x86)\BlueStacks\BstkDrv_bgp.sys [315976 2020-04-07] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 Ch64USB; C:\WINDOWS\System32\drivers\Ch64USB.sys [150656 2014-10-10] (Microsoft Windows Hardware Compatibility Publisher -> ZF Friedrichshafen AG, Electronic Systems)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
S3 GLCKIO; C:\Program Files (x86)\ASUS\AURA\690b33e1-0462-4e84-9bea-c7552b45432a.sys [14976 2017-10-22] (ASUSTeK Computer Inc. -> )
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (GlassWire -> SecureMix LLC)
R3 HCW85BDA; C:\WINDOWS\system32\drivers\HCW85BDA.sys [2259456 2021-01-18] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works)
R3 hcw85cir; C:\WINDOWS\system32\drivers\hcw85cir4.sys [61264 2019-03-08] (HAUPPAUGE COMPUTER WORKS, INC. -> Hauppauge Computer Works, Inc.)
S3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [85504 2021-01-09] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
S3 hwdatacard; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [121600 2021-01-09] (Huawei Technologies Co., Ltd.) [Datei ist nicht signiert]
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [35352 2017-01-26] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-27] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-31] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-26] (Malwarebytes Inc -> Malwarebytes)
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2017-10-22] (ASUSTeK Computer Inc. -> )
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2017-03-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [179416 2019-02-15] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
S3 psvolacc; C:\WINDOWS\system32\drivers\psvolacc.sys [34520 2018-12-06] (Paramount Software UK Ltd -> Windows (R) Win 7 DDK provider)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 scaudio; C:\WINDOWS\System32\drivers\scaudio.sys [54792 2020-06-05] (Brandmeister LLC -> )
S3 SCL01164; C:\WINDOWS\system32\DRIVERS\SCL01164.sys [72320 2010-05-07] (Microsoft Windows Hardware Compatibility Publisher -> SCM Microsystems Inc.)
R0 secnvme; C:\WINDOWS\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R3 spacedeskKtmInputMouse; C:\WINDOWS\System32\drivers\spacedeskKtmInputMouse.sys [35240 2020-08-27] (Datronicsoft, Inc. -> )
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 splitcam_hd_driver; C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys [38000 2020-04-18] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2019-12-10] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R1 ui11rdr; C:\WINDOWS\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG -> 1&1 Internet AG)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [109504 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [46016 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [831616 2020-10-11] (IDRIX SARL -> IDRIX)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [60344 2020-11-17] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [67072 2021-04-30] (VMware, Inc. -> VMware, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [105912 2020-08-11] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-27] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-27] (Microsoft Windows -> Microsoft Corporation)
R3 XSpltVid; C:\WINDOWS\system32\DRIVERS\XSpltVid.sys [118800 2020-09-16] (Microsoft Windows Hardware Compatibility Publisher -> SplitmediaLabs Limited)
S3 ewusbnet; \SystemRoot\System32\drivers\ewusbnet.sys [X]
S3 GPU-Z; \??\C:\Users\thoma\AppData\Local\Temp\GPU-Z.sys [X] <==== ACHTUNG
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-06-27 19:13 - 2021-06-27 20:50 - 000000000 ____D C:\FRST
2021-06-27 19:09 - 2021-06-27 19:09 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-06-27 17:55 - 2021-06-27 17:56 - 000000606 _____ C:\Users\thoma\AppData\Local\cbfsconnect2017-{B0031874-3D4F-4F60-8171-49DE03D3E003}.zip
2021-06-27 17:50 - 2021-06-27 17:50 - 122854203 _____ C:\Users\thoma\AppData\Local\Temp.zip
2021-06-27 02:27 - 2021-06-27 02:28 - 000000159 _____ C:\Users\thoma\Desktop\FeWo1.url
2021-06-26 22:11 - 2021-06-26 22:11 - 000000049 _____ C:\Users\thoma\OneDrive\Documents\.RData
2021-06-26 20:18 - 2021-06-26 20:18 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-26 20:10 - 2021-06-26 20:10 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-26 18:47 - 2021-06-27 10:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-24 11:33 - 2021-06-24 11:33 - 000001259 _____ C:\Users\Public\Desktop\XSplit VCam.lnk
2021-06-24 11:33 - 2021-06-24 11:33 - 000001259 _____ C:\ProgramData\Desktop\XSplit VCam.lnk
2021-06-24 11:33 - 2021-06-24 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2021-06-24 11:33 - 2021-06-24 11:33 - 000000000 ____D C:\Program Files\XSplit
2021-06-24 09:04 - 2021-06-24 09:04 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-06-24 09:04 - 2021-06-24 09:04 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-24 09:04 - 2021-06-24 09:04 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-24 09:04 - 2021-06-24 09:04 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-24 09:04 - 2021-06-24 09:04 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-24 09:04 - 2021-06-24 09:04 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-24 09:04 - 2021-06-24 09:04 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-06-24 09:04 - 2021-06-24 09:04 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-06-24 09:04 - 2021-06-24 09:04 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-06-24 09:04 - 2021-06-24 09:04 - 000011333 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-24 09:03 - 2021-06-24 09:03 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-06-24 09:03 - 2021-06-24 09:03 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-21 07:45 - 2021-06-21 07:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2021-06-20 16:42 - 2021-06-20 16:48 - 000000000 ____D C:\Users\thoma\AppData\Roaming\MPP-Engineering
2021-06-20 16:41 - 2021-06-20 16:49 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarPort
2021-06-20 16:41 - 2021-06-20 16:41 - 000000000 ____D C:\Users\thoma\OneDrive\Documents\CarPort
2021-06-20 16:41 - 2021-06-20 16:41 - 000000000 ____D C:\Users\thoma\AppData\Local\MPP-Engineering
2021-06-20 16:40 - 2021-06-20 16:49 - 000000000 ____D C:\Program Files (x86)\CarPort
2021-06-20 16:40 - 2021-06-20 16:40 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Obsidium
2021-06-16 09:53 - 2021-06-24 23:22 - 000011820 _____ C:\Users\thoma\Desktop\Geburt_Patrick_2.xlsx
2021-06-13 23:48 - 2021-06-13 23:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\obs-websocket
2021-06-12 23:41 - 2021-06-26 21:01 - 000000000 ____D C:\Ubuntu_21_04
2021-06-12 22:25 - 2021-06-12 22:26 - 006632332 _____ C:\WINDOWS\Minidump\061221-16718-01.dmp
2021-06-12 22:25 - 2021-06-12 22:26 - 000000000 ____D C:\WINDOWS\Minidump
2021-06-12 22:25 - 2021-06-12 22:25 - 2283833209 _____ C:\WINDOWS\MEMORY.DMP
2021-06-10 08:27 - 2021-06-10 08:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-10 08:27 - 2021-06-10 08:27 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-10 08:27 - 2021-06-10 08:27 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-10 08:27 - 2021-06-10 08:27 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-10 08:27 - 2021-06-10 08:27 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-10 08:27 - 2021-06-10 08:27 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-10 08:27 - 2021-06-10 08:27 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-10 08:27 - 2021-06-10 08:27 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-10 08:27 - 2021-06-10 08:27 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-10 08:27 - 2021-06-10 08:27 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-10 08:27 - 2021-06-10 08:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-04 01:40 - 2021-06-04 22:10 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2021-06-03 18:50 - 2021-06-03 18:50 - 000000000 ____D C:\Users\maxim\AppData\Local\Avast Software
2021-06-03 11:14 - 2021-06-03 11:14 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-03 11:14 - 2021-06-03 11:14 - 000215336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-02 08:11 - 2021-06-02 08:11 - 000000000 ____D C:\WINDOWS\Panther
2021-05-31 08:04 - 2021-05-31 08:05 - 000000000 ____D C:\AdwCleaner
2021-05-31 07:38 - 2021-05-31 07:38 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-05-31 07:38 - 2021-05-31 07:38 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-05-31 07:38 - 2021-05-31 07:38 - 000002036 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-05-31 07:38 - 2021-05-31 07:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-05-31 07:38 - 2021-05-31 07:38 - 000000000 ____D C:\Program Files\Malwarebytes
2021-05-30 21:56 - 2021-05-30 21:56 - 000000218 _____ C:\Users\thoma\AppData\Local\recently-used.xbel
2021-05-30 20:25 - 2021-05-30 20:25 - 000001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2021-05-30 20:24 - 2021-05-30 20:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2021-05-30 20:24 - 2021-05-30 20:24 - 000000000 ____D C:\Program Files\PDF24
2021-05-30 20:22 - 2021-05-30 20:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-05-30 20:16 - 2021-05-12 20:07 - 000041816 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2021-05-30 20:15 - 2021-05-30 20:15 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-06-27 20:50 - 2020-03-14 19:43 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Jabra Direct
2021-06-27 20:50 - 2019-09-08 21:06 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Slack
2021-06-27 20:50 - 2017-10-19 01:39 - 000000000 ____D C:\Users\thoma\AppData\LocalLow\Mozilla
2021-06-27 20:49 - 2018-09-09 15:48 - 000002139 _____ C:\Users\thoma\Desktop\Monitor Power OFF.lnk
2021-06-27 20:48 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-27 20:48 - 2017-10-19 01:38 - 000000000 ____D C:\Users\thoma\AppData\Roaming\KeePass
2021-06-27 20:48 - 2017-10-19 01:25 - 000000000 __SHD C:\Users\thoma\IntelGraphicsProfiles
2021-06-27 20:29 - 2017-10-19 07:42 - 000000000 ____D C:\Program Files (x86)\Canon
2021-06-27 20:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-27 20:28 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-27 20:28 - 2017-10-22 16:12 - 000000000 ____D C:\Users\thoma\AppData\Local\Packages
2021-06-27 20:28 - 2017-10-20 21:36 - 000000000 ____D C:\Users\sandr\AppData\Roaming\Canon
2021-06-27 20:28 - 2017-10-19 07:52 - 000000000 ___HD C:\ProgramData\CanonIJScan
2021-06-27 20:25 - 2021-03-21 12:14 - 000004172 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{5B4F6576-251A-43E1-A98E-A8FEBC528C28}
2021-06-27 20:25 - 2021-02-10 23:05 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Kite
2021-06-27 20:21 - 2020-09-06 15:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-27 20:15 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-27 19:59 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-27 19:48 - 2020-09-06 15:20 - 000003450 _____ C:\WINDOWS\system32\Tasks\SU_AutoUpdate
2021-06-27 19:48 - 2019-12-04 01:06 - 000000000 ____D C:\Users\thoma\AppData\Roaming\IObit
2021-06-27 19:30 - 2018-04-30 21:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-06-27 19:20 - 2019-04-12 21:10 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-06-27 19:19 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-06-27 19:17 - 2020-04-27 22:07 - 000000000 ____D C:\Users\thoma\AppData\Local\AVAST Software
2021-06-27 19:16 - 2019-12-07 16:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-06-27 19:14 - 2017-10-19 08:26 - 000000000 ____D C:\Users\thoma\AppData\Roaming\VMware
2021-06-27 19:07 - 2020-09-06 11:11 - 000000000 ____D C:\Users\thoma\AppData\Local\KeeForm
2021-06-27 18:47 - 2020-03-14 19:43 - 000000000 ____D C:\Users\thoma\AppData\Roaming\JabraSDK
2021-06-27 18:13 - 2020-09-06 15:23 - 001732926 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-27 18:13 - 2019-12-07 16:51 - 000746436 _____ C:\WINDOWS\system32\perfh007.dat
2021-06-27 18:13 - 2019-12-07 16:51 - 000151384 _____ C:\WINDOWS\system32\perfc007.dat
2021-06-27 18:06 - 2020-09-06 15:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-27 18:06 - 2020-09-06 15:11 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-27 18:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-27 18:06 - 2019-11-15 08:09 - 000000000 ____D C:\ProgramData\AVAST Software
2021-06-27 18:06 - 2017-10-19 08:21 - 000000000 ____D C:\ProgramData\VMware
2021-06-27 18:06 - 2017-10-19 08:16 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-06-27 18:06 - 2017-10-19 01:48 - 000000000 ____D C:\ProgramData\Hauppauge
2021-06-27 18:06 - 2017-10-19 01:25 - 000000000 ____D C:\Intel
2021-06-27 18:05 - 2019-12-07 11:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2021-06-27 10:01 - 2017-10-19 01:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-27 01:20 - 2021-04-11 17:18 - 000003042 _____ C:\WINDOWS\system32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2021-06-27 01:20 - 2021-04-10 23:53 - 000002970 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2021-06-27 01:20 - 2021-04-10 23:53 - 000002604 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2021-06-27 01:20 - 2021-02-20 17:45 - 000003598 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - User Logon
2021-06-27 01:20 - 2020-09-06 15:20 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-27 01:20 - 2020-09-06 15:20 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-06-27 01:20 - 2020-09-06 15:20 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-27 01:20 - 2020-09-06 15:20 - 000003468 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - New or Changed
2021-06-27 01:20 - 2020-09-06 15:20 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-27 01:20 - 2020-09-06 15:20 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-06-27 01:20 - 2020-09-06 15:20 - 000003270 _____ C:\WINDOWS\system32\Tasks\Xerox XeroxPrintExperience Printer Configuration - Periodic Refresh
2021-06-27 01:20 - 2020-09-06 15:20 - 000002564 _____ C:\WINDOWS\system32\Tasks\Software Updater Scheduler
2021-06-27 01:20 - 2020-09-06 15:20 - 000002392 _____ C:\WINDOWS\system32\Tasks\Software Updater SkipUAC(thoma)
2021-06-27 01:20 - 2020-09-06 15:20 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-06-26 23:25 - 2017-10-20 06:15 - 000000000 ____D C:\Users\thoma\AppData\Local\CrashDumps
2021-06-26 23:16 - 2021-03-27 20:21 - 000003276 _____ C:\WINDOWS\system32\Tasks\MiniToolPartitionWizard
2021-06-26 23:12 - 2020-02-16 16:09 - 000000000 ____D C:\Users\thoma\Desktop\ADS
2021-06-26 22:26 - 2021-04-24 01:55 - 000000000 ____D C:\Users\thoma\AppData\Local\RStudio
2021-06-26 22:26 - 2020-02-22 00:21 - 000000000 ____D C:\Users\thoma\AppData\Roaming\RStudio
2021-06-26 22:22 - 2020-02-22 00:21 - 000019443 _____ C:\Users\thoma\OneDrive\Documents\.Rhistory
2021-06-26 21:01 - 2017-10-19 08:26 - 000000000 ____D C:\Users\thoma\AppData\Local\VMware
2021-06-26 20:10 - 2017-10-19 01:39 - 000001008 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-26 18:50 - 2020-06-23 07:43 - 000002399 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-26 18:50 - 2017-10-19 01:41 - 000002256 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-24 11:34 - 2018-05-05 14:07 - 000000000 ____D C:\Users\thoma\AppData\Local\D3DSCache
2021-06-24 11:33 - 2021-05-16 20:45 - 000000000 ____D C:\ProgramData\XSplit
2021-06-24 11:33 - 2021-01-09 23:18 - 000000000 ____D C:\ProgramData\SplitmediaLabs
2021-06-24 11:30 - 2020-09-06 15:11 - 000805200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-24 11:29 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-24 11:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-24 08:55 - 2019-12-04 01:06 - 000000000 ____D C:\ProgramData\ProductData
2021-06-23 18:23 - 2020-04-27 22:06 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-06-22 18:50 - 2019-04-22 23:09 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-06-21 07:48 - 2017-10-19 23:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-21 07:45 - 2020-03-14 19:43 - 000000000 ____D C:\Program Files (x86)\Jabra
2021-06-21 07:45 - 2017-10-19 01:34 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-20 16:41 - 2017-10-20 22:42 - 000000000 ____D C:\Program Files\DIFX
2021-06-17 23:36 - 2019-02-05 12:34 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Sqrl
2021-06-16 08:07 - 2021-02-10 23:04 - 000000000 ____D C:\Program Files\Kite
2021-06-16 08:07 - 2020-12-20 16:43 - 000001132 _____ C:\Users\thoma\Desktop\MicroSIP.lnk
2021-06-16 08:07 - 2020-12-20 16:43 - 000000000 ____D C:\Users\thoma\AppData\Local\MicroSIP
2021-06-14 15:12 - 2017-10-19 08:15 - 000000000 ____D C:\Users\thoma\AppData\Roaming\vlc
2021-06-14 15:04 - 2020-09-14 00:02 - 000000000 ____D C:\Users\thoma\AppData\Roaming\obs-studio
2021-06-14 00:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-13 23:48 - 2020-09-14 00:02 - 000000000 ____D C:\Program Files\obs-studio
2021-06-12 23:47 - 2021-01-02 23:56 - 000000000 ____D C:\Ubuntu_20_10
2021-06-12 22:26 - 2020-09-06 13:52 - 000000000 ____D C:\Users\thoma
2021-06-11 13:01 - 2021-02-17 21:21 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-10 08:31 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-10 08:20 - 2017-10-19 22:07 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-10 08:12 - 2017-10-19 22:06 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-09 16:10 - 2017-10-19 01:37 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-06 16:38 - 2019-10-04 00:31 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-06-06 15:44 - 2021-02-18 23:17 - 000002206 _____ C:\Users\thoma\Desktop\Slack.lnk
2021-06-06 15:44 - 2021-02-18 23:17 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2021-06-06 15:44 - 2021-02-18 23:17 - 000000000 ____D C:\Users\thoma\AppData\Local\slack
2021-06-06 15:44 - 2017-10-19 08:12 - 000000000 ____D C:\Users\thoma\AppData\Local\SquirrelTemp
2021-06-04 22:11 - 2017-10-19 01:40 - 000001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2021-06-03 18:50 - 2020-04-30 07:10 - 000000000 ____D C:\Users\sandr\AppData\Local\AVAST Software
2021-06-03 11:16 - 2019-02-01 00:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-03 11:14 - 2020-10-26 21:56 - 000180944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-03 11:14 - 2020-09-06 15:20 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-06-03 11:14 - 2020-04-20 20:52 - 000522864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-03 11:14 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-03 11:14 - 2019-11-15 08:10 - 000851144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000471352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000365536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000216360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000099296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000082856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-03 11:14 - 2019-11-15 08:10 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-03 11:14 - 2017-12-25 23:33 - 000351544 _____ C:\WINDOWS\Macrium Reflect Patch Log.txt
2021-05-31 08:07 - 2017-12-09 15:31 - 000000000 ____D C:\Program Files (x86)\Innovative Solutions
2021-05-31 08:03 - 2021-01-04 00:27 - 000000000 ____D C:\Users\thoma\Desktop\Programme
2021-05-31 08:03 - 2017-12-09 15:31 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Innovative Solutions
2021-05-31 08:03 - 2017-12-09 15:31 - 000000000 ____D C:\Users\thoma\AppData\Local\Innovative Solutions
2021-05-31 07:32 - 2019-11-09 23:01 - 000000000 ____D C:\Users\thoma\AppData\Local\Opera Software
2021-05-30 21:56 - 2019-03-02 00:25 - 000000000 ____D C:\Users\thoma\.dbus-keyrings
2021-05-30 20:25 - 2017-10-19 01:25 - 000000000 ____D C:\Program Files (x86)\Intel
2021-05-30 20:22 - 2018-09-04 21:15 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-05-30 20:16 - 2019-09-15 01:23 - 000002166 _____ C:\Users\thoma\Desktop\DeepL.lnk
2021-05-30 20:16 - 2019-09-15 01:23 - 000000000 ____D C:\Users\thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepL GmbH
2021-05-30 20:16 - 2019-09-15 01:23 - 000000000 ____D C:\Users\thoma\AppData\Local\DeepL
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-10-04 17:19 - 2020-10-04 17:19 - 000000000 _____ () C:\Users\thoma\.mongorc.js
2020-11-27 09:35 - 2020-11-18 15:04 - 114459920 _____ (Microsoft Corporation) C:\Program Files\Teams_windows_x64.exe
2018-10-21 00:46 - 2017-10-25 03:31 - 007438336 _____ () C:\Program Files (x86)\WinAuth.exe
2018-02-10 21:14 - 2018-02-10 21:14 - 000000171 _____ () C:\Users\thoma\AppData\Roaming\1eb766f2-fed1-4d33-9c39-2c8a972fd11f
2018-02-10 21:14 - 2018-10-14 18:06 - 000000904 _____ () C:\Users\thoma\AppData\Roaming\4e93aa11-2d46-4980-a421-0a4ac759e5bf
2019-12-04 08:33 - 2019-12-04 08:33 - 000000171 _____ () C:\Users\thoma\AppData\Roaming\822f02e4-9e9a-4077-a765-71edfca16ad0
2018-02-10 21:14 - 2018-02-10 21:14 - 000000175 _____ () C:\Users\thoma\AppData\Roaming\fc19ece2-6b3f-4f22-8758-9651ab9ca388
2017-10-19 08:13 - 2017-12-10 16:12 - 000000883 _____ () C:\Users\thoma\AppData\Roaming\gnuplot_history
2021-01-09 22:59 - 2021-01-13 19:59 - 000000016 _____ () C:\Users\thoma\AppData\Roaming\obs-virtualcam.txt
2018-07-22 15:03 - 2021-02-06 17:56 - 000000128 _____ () C:\Users\thoma\AppData\Roaming\winscp.rnd
2021-06-27 17:55 - 2021-06-27 17:56 - 000000606 _____ () C:\Users\thoma\AppData\Local\cbfsconnect2017-{B0031874-3D4F-4F60-8171-49DE03D3E003}.zip
2019-05-16 06:28 - 2020-09-26 09:37 - 000009728 _____ () C:\Users\thoma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-07-01 16:15 - 2018-07-01 16:15 - 000000600 _____ () C:\Users\thoma\AppData\Local\PUTTY.RND
2021-05-30 21:56 - 2021-05-30 21:56 - 000000218 _____ () C:\Users\thoma\AppData\Local\recently-used.xbel
2021-04-09 19:33 - 2021-04-09 19:33 - 000007609 _____ () C:\Users\thoma\AppData\Local\Resmon.ResmonCfg
2019-11-09 22:48 - 2019-11-09 22:48 - 000000000 _____ () C:\Users\thoma\AppData\Local\TaskMan.cmd.done
2019-11-09 22:48 - 2019-11-09 22:48 - 000000105 _____ () C:\Users\thoma\AppData\Local\TaskMan.cmd.errors
2021-06-27 17:50 - 2021-06-27 17:50 - 122854203 _____ () C:\Users\thoma\AppData\Local\Temp.zip
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
| Themen zu Nach dem Einloggen wird Programm *.tmp.exe in USER\AppData\Local\Temp ausgeführt |
| appdata, bytes, canon, datei, einloggen, exe, fenster, folge, folgende, login, malwarebytes, melde, meldet, microsoft, programm, roaming, start, startup, temp, troyaner, umgeleitet, virus, virustotal, windows, zahlen, öffnet |
Baum-Darstellung