| |
| |||||||
Log-Analyse und Auswertung: Windows 10 (21H2): Trojaner tr/ad.firehooker.buWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.02.2022, 12:38
| #1 |
 |  Windows 10 (21H2): Trojaner tr/ad.firehooker.bu Hallo, seit kurzem habe ich zwei Probleme. 1.) Ich erhalte seit kurzem Trojaner Meldungen von Malwarebytes und Restoro. Die Programme sind aber nicht in der Lage das Problem zu lösen. Restoro sagt zwar, Problem gelöst, aber nach einem Neustart ist der Trojaner wieder da. 2.) Mein Browser (egal welcher installiert ist) stürzt nach wenigen Minuten ab. Lässt sich aber wieder starten und bietet die Wiederherstellung der Seite an. Danach kein Absturz mehr. Seit dem dieser Fehler auftritt, lässt sich der Browser auch nicht mehr aktualisieren (ebenfalls egal, welcher Browser installiert ist). Vielleicht hängt das mit meinem ersten Problem zusammen. Ich hoffe, Ihr könnt mir helfen. Vielen Dank. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022
durchgeführt von Bernd (Administrator) auf BERND-PC (Hewlett-Packard HP ProDesk 490 G2 MT) (08-02-2022 11:56:45)
Gestartet von C:\Users\Bernd\Desktop
Geladene Profile: Bernd
Plattform: Microsoft Windows 10 Pro Version 21H2 19044.1503 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Program Files (x86)\CopyQ\copyq.exe <2>
() [Datei ist nicht signiert] C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(Digital Wave Ltd -> Digital Wave Ltd) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Fred's Software) [Datei ist nicht signiert] C:\Users\Bernd\Downloads\Printkey2000\PRINTKEY2000.EXE
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\BridgeCommunication.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(MAGIX Software GmbH -> MAGIX) C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhdci.inf_amd64_873a5dc0a09971a3\Display.NvContainer\NVDisplay.Container.exe <2>
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroApp.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroProtection.exe
(Restoro Ltd -> Restoro) C:\Program Files\Restoro\bin\RestoroService.exe
(TomTom) [Datei ist nicht signiert] C:\Program Files\TomTom HOME\TTHOMEService.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Printkey2000] => C:\Users\Bernd\Downloads\Printkey2000\PRINTKEY2000.EXE [794112 1999-06-27] (Fred's Software) [Datei ist nicht signiert]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11102832 2021-09-10] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Restoro] => C:\Program Files\Restoro\bin\RestoroApp.exe [477728 2021-10-07] (Restoro Ltd -> Restoro) <==== ACHTUNG
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-4071651455-2038161318-6637332-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3163248 2022-01-09] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKU\S-1-5-21-4071651455-2038161318-6637332-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe [1023536 2021-01-25] (Digital Wave Ltd -> Digital Wave Ltd)
HKU\S-1-5-21-4071651455-2038161318-6637332-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe [1151744 2020-08-24] (MAGIX Software GmbH -> MAGIX)
HKU\S-1-5-21-4071651455-2038161318-6637332-1001\...\Run: [MicrosoftEdgeAutoLaunch_6F58C97F56F83A125F06EE427733DCC5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKLM\...\Print\Monitors\EPSON Stylus S20 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMEAE.DLL [108032 2007-12-07] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKLM\Software\...\Authentication\Credential Providers: [{B7724AE5-1135-4889-8A5F-CA98BE6CA1ED}] ->
Startup: C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CopyQ.lnk [2015-05-14]
ShortcutTarget: CopyQ.lnk -> C:\Program Files (x86)\CopyQ\copyq.exe () [Datei ist nicht signiert]
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {009C7563-4E5A-4ED0-92F6-BD5746276CDA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-11-16] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {0A723C6B-F89A-416E-AA72-65FA19DE8C1B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {0CA853B6-19A2-4B44-8389-F16BD88C2227} - System32\Tasks\AllJoyn-RouterdienstRAS-MedientreiberBrowser => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\WINDOWS\Installer\{AA227579-7A44-441B-AEEC-0FD4C021383A}\{A4EC276B-D718-419E-9257-86FDC2610C2A} <==== ACHTUNG
Task: {14A7BAD6-CCD5-4D62-AE05-98967F2D156B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {14F42AE1-D6F1-4323-AF62-8A2C6026247C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis (Keine Datei)
Task: {185210C0-25E5-4CA1-9027-A7180F2485A5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {201F4B93-251C-481B-9AA6-8E3770E5D8E0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {23D5D549-2DE5-49AC-B896-5F625DF628C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B67DECD-DC0F-46EA-8565-8E6CF452B7ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {2BD14630-CE33-4D52-A464-CB73E2303B6D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe /show (Keine Datei)
Task: {3316D625-3A4E-407D-8358-5011E845EED0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3433EAB3-8D2F-4E86-AF19-D2110C415353} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [668464 2017-02-24] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (Keine Datei)
Task: {397E0A00-A7C5-43C3-8585-F3451C09DBE0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {3B07FB3F-EF9F-4F54-AF31-83CC02E4EA96} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-bernd.diessel@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {3BBA17D8-8E6C-4998-9DDB-E3EE5AA39BF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-07] (Google LLC -> Google LLC)
Task: {3D05E1D8-1FDA-4073-9861-827B7110B1EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r (Keine Datei)
Task: {4A268B2F-D1C0-4BA7-840A-D507129C8615} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA (Keine Datei)
Task: {4BE2F791-673B-4735-BAFC-F448C1E97D15} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2022-01-20] (HP Inc. -> HP Inc.)
Task: {5B6E1EB2-B507-40AD-B711-2AB8D77FBF1C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {5D06FEE8-91B9-42D4-887D-117BB46BA64B} - System32\Tasks\Xbox Antwort Ereignisse => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{683CF574-7D2D-4EE8-9246-36E1E470A210}\{F1016E61-132D-41E2-AA7E-71F7B55AC36D}" <==== ACHTUNG
Task: {5D940C29-8F77-41D8-9DA4-62AF2A72E57E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {5F1B5B4C-0467-4C70-9EC2-861E7E5EE602} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649216 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {6C3F1C0B-A88F-432C-8FF4-F0D53FF6FBFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m (Keine Datei)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {70C80C91-BB5A-4DA0-A676-2E63248FB7A6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-12-07] (Google LLC -> Google LLC)
Task: {73B8F15D-68B6-4DF6-97CE-5F68C9D1AA29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {85C6379D-9055-42AA-8A32-1D2D1F270CA0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {9076341D-0D3A-4E85-A9ED-A9FD9779D7E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {979979E9-8D28-4CC5-B038-19DBD6D5B27A} - System32\Tasks\Opera scheduled Autoupdate 1592151335 => C:\Users\Bernd\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {9A412DEA-A86B-4111-8984-5148030DF7D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1145440 2022-01-20] (HP Inc. -> HP Inc.)
Task: {A2272422-033F-49D8-99A2-91BA8FD84F41} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A57A5B30-AC17-40C4-96FF-15100CF2B18A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart (Keine Datei)
Task: {AB3A673B-7BAE-458C-B775-F2CD5A51CEF9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {B1ED76D3-1FE7-43FF-B2A1-84CC8B873EB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u (Keine Datei)
Task: {B32D2B8B-6C2C-4C20-B001-DF1A3B70060B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {BC8DFE1D-CEAE-4EC1-84F7-1781A7E8A2D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe /noreport (Keine Datei)
Task: {BD649FA3-3ECC-4018-BE22-75B7B29A48E4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {CABA7B0B-57F5-4859-84F1-41CA4B1CC23B} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3341312 2021-12-09] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CDA21298-ACAA-4B83-91E3-D3D4219A1761} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [904904 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {CF819E11-B878-4D0B-ABA5-93228E7EBEFF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {DB7B8D8A-9B21-40E8-B0BF-69559742A314} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DDEE3739-7064-42EC-ACC5-60AF5C49BB9E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {DEC80DB4-6876-41CE-AC48-BBDFA57C9AA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {E1A5584A-12C3-45BB-810D-5F63DF9530B5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E71BDB27-8D13-4D63-A95F-87B82481106B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1650384 2021-12-08] (Nvidia Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{def70ba9-7d4e-4fa0-acfd-9785925ad1c1}: [DhcpNameServer] 192.168.178.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Edge:
=======
DownloadDir: C:\Users\Bernd\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Bernd\AppData\Local\Microsoft\Edge\User Data\Default [2022-02-08]
Edge DownloadDir: Default -> C:\Users\Bernd\Downloads
Edge Notifications: Default -> hxxps://www.youtube.com
Edge Extension: (Microsoft Defender Browser Protection) - C:\Users\Bernd\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-12-15]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Bernd\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-01-25]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: or9bf29i.default-1469467026629-1533398226752
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\TomTom\HOME\Profiles\y60dw1zp.default [2020-03-08]
FF Extension: (Emulator) - C:\Users\Bernd\AppData\Roaming\TomTom\HOME\Profiles\y60dw1zp.default\Extensions\Navcore.9.540.1497205@tomtom.com [2016-07-05] [] [ist nicht signiert]
FF Extension: (Kein Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nicht gefunden]
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\lzd2u46l.default-release-1644065791433 [2022-02-08]
FF user.js: detected! => C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\lzd2u46l.default-release-1644065791433\user.js [2022-02-07]
FF ProfilePath: C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\or9bf29i.default-1469467026629-1533398226752 [2022-02-08]
FF user.js: detected! => C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\or9bf29i.default-1469467026629-1533398226752\user.js [2021-05-30]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\or9bf29i.default-1469467026629-1533398226752\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-05-30]
FF HKLM\...\Firefox\Extensions: [{63289A21-D8E6-4D3B-BDFE-3396CC549426}] - C:\WINDOWS\Installer\{5089B123-334F-4C60-81D3-33719AAF3950}\{63289A21-D8E6-4D3B-BDFE-3396CC549426}.xpi
FF Extension: ( ) - C:\WINDOWS\Installer\{5089B123-334F-4C60-81D3-33719AAF3950}\{63289A21-D8E6-4D3B-BDFE-3396CC549426}.xpi [2022-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{63289A21-D8E6-4D3B-BDFE-3396CC549426}] - C:\WINDOWS\Installer\{5089B123-334F-4C60-81D3-33719AAF3950}\{63289A21-D8E6-4D3B-BDFE-3396CC549426}.xpi
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-308046B0AF4A39CB -
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default [2022-02-07]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://my-secure.justanswer.de; hxxps://www.ashampoo.com; hxxps://www.auto-motor-und-sport.de; hxxps://www.businessinsider.de; hxxps://www.conrad.de; hxxps://www.dvderotik.com; hxxps://www.facebook.com; hxxps://www.news38.de; hxxps://www.windows-faq.de; hxxps://www.youtube.com
CHR StartupUrls: Default -> "hxxps://www.google.de/"
CHR Extension: (Präsentationen) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-20]
CHR Extension: (Microsoft Defender Browser Protection) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbeeeffjjeopflfhgeknacdieedcoml [2020-06-04]
CHR Extension: (YouTube) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-30]
CHR Extension: (Avira Password Manager) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-12-21]
CHR Extension: (Adobe Acrobat) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-12-06]
CHR Extension: (Tabellen) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-11-30]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-12-16]
CHR Extension: (CKP - KeePass integration for Chrome™) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnfepbjehgokldcaljagbmchhnaaogpc [2017-06-17]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Google Mail) - C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-04-14]
CHR Profile: C:\Users\Bernd\AppData\Local\Google\Chrome\User Data\System Profile [2021-04-14]
CHR HKU\S-1-5-21-4071651455-2038161318-6637332-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
StartMenuInternet: Google Chrome -
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [117168 2015-08-07] (Andrea Electronics -> Andrea Electronics Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437800 2021-01-25] (Digital Wave Ltd -> Digital Wave Ltd)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [27784 2022-01-19] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{B6C9EDCD-1AC4-4FB0-A3DC-FA95B844CCE5} [21312 2021-10-06] (Microsoft Windows -> Microsoft Corporation)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [756216 2021-12-14] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [755192 2021-12-14] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [753184 2021-12-14] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [755192 2021-12-14] (HP Inc. -> HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-25] (HP Inc. -> HP Inc.)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 RestoroActiveProtection; C:\Program Files\Restoro\bin\RestoroProtection.exe [9310216 2021-02-07] (Restoro Ltd -> Restoro) <==== ACHTUNG
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6136536 2022-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [97792 2019-04-17] (TomTom) [Datei ist nicht signiert]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_873a5dc0a09971a3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvhdci.inf_amd64_873a5dc0a09971a3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 wfcs; "C:\Program Files\Malwarebytes\Windows Firewall Control\wfcs.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\system32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
R3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [60928 2012-07-06] (Microsoft Windows Hardware Compatibility Publisher -> GenesysLogic)
R3 IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Infineon Technologies AG)
S3 MarvinBus; C:\WINDOWS\System32\drivers\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [Datei ist nicht signiert]
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation -> Corel Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 UI5IFS; C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller FREE\IFS64.sys [40520 2018-11-19] (Ashampoo GmbH & Co. KG -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-02-08 11:55 - 2022-02-08 11:57 - 000033993 _____ C:\Users\Bernd\Desktop\FRST.txt
2022-02-08 11:46 - 2022-02-08 11:57 - 000000000 ____D C:\FRST
2022-02-08 11:45 - 2022-02-08 11:45 - 002311680 _____ (Farbar) C:\Users\Bernd\Desktop\FRST64.exe
2022-02-08 11:28 - 2022-02-08 11:28 - 098566144 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-02-05 17:59 - 2022-02-07 19:58 - 000000000 _____ C:\WINDOWS\system32\Restoro.rep
2022-02-05 17:45 - 2022-02-07 19:47 - 000022808 _____ C:\WINDOWS\system32\Native.exe
2022-02-05 17:30 - 2022-02-05 17:30 - 000001789 _____ C:\Users\Public\Desktop\Restoro.lnk
2022-02-05 17:30 - 2022-02-05 17:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Restoro
2022-02-05 17:30 - 2022-02-05 17:30 - 000000000 ____D C:\Program Files\Restoro
2022-02-05 17:29 - 2022-02-07 19:56 - 000000168 _____ C:\WINDOWS\restoro.ini
2022-02-05 17:29 - 2022-02-07 19:56 - 000000000 ____D C:\ProgramData\Restoro
2022-02-05 17:29 - 2022-02-05 17:29 - 000932808 _____ (Restoro) C:\Users\Bernd\Downloads\Restoro.exe
2022-02-05 13:54 - 2022-02-07 12:46 - 000000000 ____D C:\ProgramData\Mozilla
2022-02-05 13:52 - 2022-02-05 13:52 - 000333976 _____ (Mozilla) C:\Users\Bernd\Downloads\Firefox Installer.exe
2022-02-05 12:54 - 2022-02-05 12:54 - 000000112 ___SH C:\bootTel.dat
2022-02-05 12:44 - 2022-02-05 12:44 - 000000000 ____D C:\Users\Bernd\AppData\Local\ToolKitMain
2022-02-05 12:43 - 2022-02-05 12:43 - 000001491 _____ C:\Users\Public\Desktop\EaseUS Partition Master Suite.lnk
2022-02-05 12:43 - 2022-02-05 12:43 - 000000000 ____D C:\Users\Bernd\AppData\Local\unali-339875
2022-02-05 12:43 - 2022-02-05 12:43 - 000000000 ____D C:\ProgramData\SystemAcCrux
2022-02-05 12:43 - 2022-02-05 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master Suite
2022-02-05 12:43 - 2022-02-05 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master
2022-02-05 12:43 - 2022-01-13 13:02 - 006009480 _____ C:\WINDOWS\system32\BootMan.exe
2022-02-05 12:43 - 2022-01-13 13:02 - 003994760 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2022-02-05 12:43 - 2022-01-13 13:02 - 000024712 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2022-02-05 12:43 - 2022-01-13 13:02 - 000021128 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2022-02-05 12:43 - 2021-10-27 11:02 - 000174216 _____ C:\WINDOWS\system32\setupepmdrvx64.exe
2022-02-05 12:43 - 2020-12-16 09:03 - 000000057 _____ C:\WINDOWS\system32\setupepmdrv.ini
2022-02-05 12:43 - 2020-12-08 00:00 - 000076344 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUDCPEPM.sys
2022-02-05 12:43 - 2020-02-23 14:54 - 000033712 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EUEDKEPM.sys
2022-02-05 12:43 - 2020-02-23 14:49 - 000036280 _____ C:\WINDOWS\system32\epmdkdrv.sys
2022-02-05 12:43 - 2020-02-23 14:49 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2022-02-05 12:31 - 2022-02-05 12:43 - 000000000 ____D C:\Program Files (x86)\EaseUS
2022-02-05 12:30 - 2022-02-05 12:30 - 078141888 _____ (EaseUS ) C:\Users\Bernd\Downloads\epm_suite_freeA19.exe
2022-02-05 12:29 - 2022-02-05 12:29 - 001943336 _____ C:\Users\Bernd\Downloads\epm_free_install_20220205.24523.exe
2022-02-02 13:26 - 2022-02-02 13:26 - 000320411 _____ C:\Users\Bernd\Downloads\mp3DC236.exe
2022-01-28 15:27 - 2022-01-28 15:27 - 000001291 _____ C:\Users\Bernd\Desktop\SDI_x64_R2201.exe - Verknüpfung.lnk
2022-01-28 15:26 - 2021-11-03 07:29 - 009906728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2022-01-27 14:46 - 2022-01-27 14:46 - 000011805 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-01-27 14:45 - 2022-01-27 14:45 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-01-27 14:44 - 2022-01-27 14:44 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-01-27 14:44 - 2022-01-27 14:44 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2022-01-27 14:44 - 2022-01-27 14:44 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-01-27 14:09 - 2022-01-27 14:09 - 000000000 ___HD C:\$WinREAgent
2022-01-22 14:25 - 2022-01-22 14:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-01-22 14:21 - 2022-01-22 14:21 - 000000020 ___SH C:\Users\Bernd\ntuser.ini
2022-01-22 14:19 - 2022-02-08 11:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-22 14:19 - 2022-02-05 18:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-01-22 14:19 - 2022-01-26 17:24 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4071651455-2038161318-6637332-1001
2022-01-22 14:19 - 2022-01-26 17:24 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4071651455-2038161318-6637332-1001
2022-01-22 14:19 - 2022-01-23 13:09 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-23 13:09 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-01-22 14:19 - 2022-01-22 14:20 - 000003688 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-01-22 14:19 - 2022-01-22 14:20 - 000002846 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4071651455-2038161318-6637332-500
2022-01-22 14:19 - 2022-01-22 14:19 - 000004294 _____ C:\WINDOWS\system32\Tasks\Xbox Antwort Ereignisse
2022-01-22 14:19 - 2022-01-22 14:19 - 000003620 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2022-01-22 14:19 - 2022-01-22 14:19 - 000003592 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1592151335
2022-01-22 14:19 - 2022-01-22 14:19 - 000003570 _____ C:\WINDOWS\system32\Tasks\AllJoyn-RouterdienstRAS-MedientreiberBrowser
2022-01-22 14:19 - 2022-01-22 14:19 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7f28b5bdff767
2022-01-22 14:19 - 2022-01-22 14:19 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-01-22 14:19 - 2022-01-22 14:19 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-01-22 14:19 - 2022-01-22 14:19 - 000003396 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2022-01-22 14:19 - 2022-01-22 14:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2022-01-22 14:19 - 2022-01-22 14:19 - 000002934 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4071651455-2038161318-6637332-1001
2022-01-22 14:19 - 2022-01-22 14:19 - 000002806 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-bernd.diessel@gmail.com
2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Western Digital
2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\S-1-5-21-4071651455-2038161318-6637332-1001
2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2022-01-22 14:19 - 2022-01-22 14:19 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-01-22 14:15 - 2022-01-22 14:19 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-01-22 14:15 - 2022-01-22 14:19 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-01-22 14:06 - 2022-01-27 15:18 - 001855942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-22 13:51 - 2022-01-22 13:51 - 000000000 ____D C:\WINDOWS\system32\lxss
2022-01-22 13:50 - 2022-01-22 13:50 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2022-01-22 13:45 - 2022-02-08 11:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-22 13:45 - 2022-01-27 15:12 - 000927008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-01-22 13:13 - 2022-01-22 13:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-01-22 13:12 - 2022-02-05 12:48 - 000000000 ____D C:\Users\Bernd
2022-01-22 13:12 - 2022-01-26 17:24 - 000002437 _____ C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-22 13:12 - 2022-01-22 13:44 - 000000000 ____D C:\Users\Administrator
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Vorlagen
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Startmenü
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Netzwerkumgebung
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Lokale Einstellungen
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Eigene Dateien
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Druckumgebung
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Documents\Eigene Videos
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Documents\Eigene Musik
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Documents\Eigene Bilder
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\AppData\Local\Verlauf
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\AppData\Local\Anwendungsdaten
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Bernd\Anwendungsdaten
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Vorlagen
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Startmenü
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Eigene Dateien
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Druckumgebung
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Videos
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2022-01-22 13:12 - 2022-01-22 13:12 - 000000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2022-01-22 13:12 - 2019-12-07 10:10 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-01-22 13:08 - 2022-01-22 13:13 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-01-22 13:03 - 2022-01-22 13:03 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-01-22 12:55 - 2022-01-22 12:55 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-01-22 12:55 - 2022-01-22 12:55 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-01-22 12:54 - 2022-01-22 12:54 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-01-22 12:31 - 2019-10-15 13:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2022-01-22 12:31 - 2019-04-18 18:49 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\Program Files\MSBuild
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-01-22 12:20 - 2022-01-22 12:20 - 000000000 ____D C:\inetpub
2022-01-22 12:11 - 2022-01-22 12:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-01-22 11:45 - 2022-02-03 18:32 - 000000000 ___DC C:\WINDOWS\Panther
2022-01-22 11:42 - 2022-01-22 11:42 - 000000000 ___HD C:\$Windows.~WS
2022-01-22 11:40 - 2022-01-22 11:40 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-01-19 08:35 - 2021-09-10 01:19 - 001435032 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2022-01-19 08:35 - 2021-09-10 01:19 - 000467048 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:19 - 000381304 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2022-01-19 08:35 - 2021-09-10 01:19 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2022-01-19 08:35 - 2021-09-10 01:19 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 003601384 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 003375928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000692064 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000392792 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000343608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000231832 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000220288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000192880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000190464 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000116440 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000095976 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000093808 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000093416 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000092392 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000092392 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000090832 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000088240 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:18 - 000083544 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 072520632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2022-01-19 08:35 - 2021-09-10 01:17 - 006521408 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2022-01-19 08:35 - 2021-09-10 01:17 - 003843944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 003676984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2022-01-19 08:35 - 2021-09-10 01:17 - 003159696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 002930072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 000327176 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 000327176 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2022-01-19 08:35 - 2021-09-10 01:17 - 000023608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2022-01-19 08:35 - 2021-09-10 00:47 - 048490184 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-01-19 08:34 - 2021-12-20 09:01 - 001159216 ____N (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2022-01-19 08:34 - 2021-11-03 07:29 - 000786488 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2022-01-19 08:34 - 2021-09-28 04:55 - 000135416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2022-01-19 08:34 - 2021-09-28 04:55 - 000047864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-01-19 08:34 - 2021-09-10 01:16 - 000122216 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2022-01-12 17:21 - 2022-01-12 17:21 - 004355440 _____ (Dominik Reichl ) C:\Users\Bernd\Downloads\KeePass-2.50-Setup.exe
2022-01-11 12:05 - 2022-01-11 12:05 - 000109346 _____ C:\Users\Bernd\Downloads\quatrac_pro.jpeg
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-02-08 11:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2022-02-08 11:33 - 2017-04-12 17:39 - 000000000 ____D C:\ProgramData\NVIDIA
2022-02-08 11:33 - 2015-08-19 14:44 - 000001866 __RSH C:\ProgramData\ntuser.pol
2022-02-08 11:30 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-02-08 11:29 - 2020-05-29 05:44 - 000008192 ___SH C:\DumpStack.log.tmp
2022-02-08 11:28 - 2020-06-14 13:04 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-02-08 11:18 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-02-08 11:17 - 2016-07-07 10:45 - 000000000 ____D C:\Users\Bernd\AppData\Roaming\KeePass
2022-02-08 02:00 - 2015-05-13 16:15 - 000000000 ____D C:\Users\Bernd\AppData\Local\Adobe
2022-02-07 20:02 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-02-07 19:52 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-02-07 19:52 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-02-07 19:30 - 2015-07-02 08:12 - 000000000 ____D C:\Users\Bernd\AppData\Local\CrashDumps
2022-02-07 12:49 - 2018-05-09 07:41 - 000000000 ____D C:\Users\Bernd\AppData\Local\D3DSCache
2022-02-07 12:45 - 2020-06-28 10:57 - 000000000 ____D C:\Program Files\Malwarebytes
2022-02-07 12:22 - 2016-11-16 16:38 - 000000000 ____D C:\Users\Bernd\AppData\LocalLow\Mozilla
2022-02-06 20:00 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-02-06 19:59 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-02-05 17:44 - 2015-05-14 09:42 - 000000000 ____D C:\Users\Bernd\AppData\Roaming\copyq
2022-02-05 12:44 - 2020-11-18 14:01 - 000000000 ____D C:\Users\Bernd\AppData\Local\cache
2022-02-02 13:27 - 2015-05-17 12:32 - 000001164 _____ C:\Users\Bernd\Desktop\mp3DirectCut.lnk
2022-02-02 12:42 - 2015-05-13 17:17 - 000001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2022-02-02 12:42 - 2015-05-13 17:17 - 000001192 _____ C:\Users\Public\Desktop\paint.net.lnk
2022-02-02 12:42 - 2015-05-13 17:17 - 000000000 ____D C:\Program Files\paint.net
2022-01-28 15:26 - 2021-09-12 11:23 - 000000000 ____D C:\Users\Bernd\Downloads\SDI_R2102
2022-01-27 15:18 - 2019-12-07 15:51 - 000785854 _____ C:\WINDOWS\system32\perfh007.dat
2022-01-27 15:18 - 2019-12-07 15:51 - 000167968 _____ C:\WINDOWS\system32\perfc007.dat
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-01-27 15:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-01-27 15:08 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-01-27 15:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-01-27 15:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-01-25 10:46 - 2018-05-06 21:13 - 000000000 ____D C:\Users\Bernd\AppData\Local\PlaceholderTileLogoFolder
2022-01-23 23:03 - 2021-10-29 09:52 - 000000000 ____D C:\Users\Bernd\AppData\Roaming\Breitbandmessung
2022-01-23 22:59 - 2021-10-29 09:51 - 000000000 ____D C:\Program Files\Breitbandmessung
2022-01-23 13:09 - 2017-04-12 17:38 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-01-23 13:09 - 2017-04-12 17:38 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-01-23 13:09 - 2017-04-12 17:38 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-01-23 12:28 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2022-01-23 09:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-01-22 14:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-01-22 14:22 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-01-22 14:22 - 2015-08-05 18:58 - 000000000 ___RD C:\Users\Bernd\3D Objects
2022-01-22 14:22 - 2015-05-17 12:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-01-22 14:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-01-22 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows NT
2022-01-22 14:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-01-22 14:19 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-01-22 14:04 - 2019-12-07 10:14 - 000000000 __RSD C:\WINDOWS\Media
2022-01-22 14:04 - 2015-08-01 18:29 - 000023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2022-01-22 13:50 - 2018-01-08 20:19 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2022-01-22 13:44 - 2019-12-07 10:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Macromed
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2022-01-22 13:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-01-22 13:44 - 2018-01-12 14:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2022-01-22 13:44 - 2015-06-13 14:50 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2022-01-22 13:44 - 2015-05-15 07:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-01-22 13:44 - 2015-05-13 13:26 - 000000000 ____D C:\WINDOWS\system32\asg
2022-01-22 13:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2022-01-22 13:44 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2022-01-22 13:43 - 2021-12-23 13:15 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.2
2022-01-22 13:43 - 2021-12-09 12:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-01-22 13:43 - 2021-11-14 13:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2022-01-22 13:43 - 2021-11-14 11:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2022-01-22 13:43 - 2021-11-11 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVCutty 3
2022-01-22 13:43 - 2021-11-10 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2022-01-22 13:43 - 2021-01-08 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2022-01-22 13:43 - 2020-11-08 11:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2022-01-22 13:43 - 2020-11-04 08:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotowelt
2022-01-22 13:43 - 2020-03-08 10:32 - 000000000 ____D C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom Intl
2022-01-22 13:43 - 2020-02-15 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2022-01-22 13:43 - 2020-02-08 17:37 - 000000000 ____D C:\Users\Bernd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\InputMethod
2022-01-22 13:43 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-01-22 13:43 - 2019-11-17 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediathekView
2022-01-22 13:43 - 2019-08-31 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2022-01-22 13:43 - 2018-10-06 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack
2022-01-22 13:43 - 2018-09-15 08:33 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-01-22 13:43 - 2018-07-14 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 - Evolution
2022-01-22 13:43 - 2018-03-18 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebSite X5 v15 - Evolution
2022-01-22 13:43 - 2017-04-12 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2022-01-22 13:43 - 2016-07-29 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2022-01-22 13:43 - 2016-02-10 14:32 - 000000000 ____D C:\WINDOWS\de
2022-01-22 13:43 - 2015-12-01 19:32 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2022-01-22 13:43 - 2015-06-15 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-01-22 13:43 - 2015-05-30 09:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2022-01-22 13:43 - 2015-05-14 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CopyQ
2022-01-22 13:43 - 2015-05-13 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-01-22 13:43 - 2015-05-13 13:09 - 000000000 ____D C:\Program Files\Intel
2022-01-22 13:43 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-01-22 13:40 - 2019-12-07 10:18 - 000000000 ____D C:\WINDOWS\Setup
2022-01-22 13:36 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-01-22 13:35 - 2019-12-07 10:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-01-22 13:15 - 2016-10-02 14:29 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2022-01-22 13:14 - 2021-11-14 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2022-01-22 13:14 - 2021-09-12 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2022-01-22 13:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Resources
2022-01-22 13:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Help
2022-01-22 13:14 - 2015-05-13 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2022-01-22 13:14 - 2015-05-13 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2022-01-22 13:13 - 2018-01-08 20:19 - 000000000 ____D C:\Program Files\Realtek
2022-01-22 13:13 - 2017-10-18 17:16 - 000000000 ____D C:\Users\Bernd\AppData\Local\Packages
2022-01-22 13:12 - 2021-09-10 18:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2022-01-22 13:03 - 2019-12-07 15:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-01-22 13:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-01-22 12:31 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-01-22 12:31 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-01-22 12:31 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2022-01-22 12:31 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-01-22 12:20 - 2021-10-06 14:26 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2022-01-22 12:20 - 2021-10-06 14:26 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2022-01-22 12:20 - 2021-10-06 14:26 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2022-01-22 12:20 - 2021-10-06 14:26 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2022-01-22 12:20 - 2021-10-06 14:26 - 000009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2022-01-22 12:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-01-22 12:20 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-01-22 11:45 - 2017-10-18 12:54 - 000000000 ____D C:\ESD
2022-01-22 08:57 - 2020-07-14 10:03 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-01-18 13:25 - 2015-05-13 13:20 - 000000000 ____D C:\Users\Bernd\Documents\Rezepte
2022-01-13 14:09 - 2015-05-15 07:57 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-01-12 17:27 - 2021-10-13 16:19 - 000002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-01-12 17:22 - 2016-07-07 10:44 - 000001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2022-01-12 17:22 - 2016-07-07 10:44 - 000000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2018-08-24 17:08 - 2019-01-13 11:24 - 000000624 _____ () C:\Users\Bernd\AppData\Roaming\All CPU MeterV3_Settings.ini
2015-08-16 11:10 - 2017-12-19 10:34 - 000002297 _____ () C:\Users\Bernd\AppData\Roaming\BERND-PC.MTBF.txt
2015-05-13 15:23 - 2015-05-13 15:23 - 000000000 _____ () C:\Users\Bernd\AppData\Roaming\gdfw.log
2015-05-13 15:23 - 2015-05-13 15:23 - 000000779 _____ () C:\Users\Bernd\AppData\Roaming\gdscan.log
2015-06-13 12:23 - 2015-07-19 14:42 - 000000400 _____ () C:\Users\Bernd\AppData\Roaming\HP-PRODESK.MTBF.txt
2017-07-23 10:00 - 2017-07-23 10:20 - 000001456 _____ () C:\Users\Bernd\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-06-13 13:15 - 2021-11-11 11:52 - 000003584 _____ () C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-14 09:04 - 2016-03-25 12:26 - 000007632 _____ () C:\Users\Bernd\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
| Themen zu Windows 10 (21H2): Trojaner tr/ad.firehooker.bu |
| absturz, aktualisieren, biete, bietet, browser, ebenfalls, erhalte, fehler, gelöst, gen, hängt, installiert, malwarebytes, meldungen, microsoft defender, minute, minuten, neustart, nicht mehr, nvcontainer, nvcontainer.exe, programme, seite, starten, stürzt, trojaner, wiederherstellung, windows |
Baum-Darstellung