| |
| |||||||
Log-Analyse und Auswertung: Trojan Win32/Vundo.gen!DWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
19.04.2025, 12:33
| #1 |
 |  Defender meldet Trojan Win32/Vundo.gen!D Bitte um Hilfe Hallo Liebes Team, an meinem PC ist von Windows Defender die Meldung aufgeploppt, dass ein Trojan Win32/Vundo.gen!D in pid 6240 Process Start 1338948078537855999 gefunden wurde. Ich sollte den PC neu starten, was ich gemacht habe. Als ich eben im Defender Schutzverlauf nachgeschaut habe, wurde mir kein <Ereignis angezeigt. Ich bitte um Hilfe, weil ich nicht weiß, was jetzt genau zu tun ist und füge die beiden Dateien FRST und Addition hier an. Leider bekomme ich beim Versuch, die Dateien hochzuladen folgende Fehlermeldung: PHP User Warning: is_dir(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/var/www/vhosts/trojaner-board.de/:/tmp/) in ..../includes/functions_file.php on line 60 Was muss ich tun? Lieben Dank vorab Bettina |
|
19.04.2025, 12:52
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan Win32/Vundo.gen!DZitat:
Da steht ganz klar, dass du die Logs direkt in CODE-Tags posten sollst, nicht als Dateianhang.
__________________ |
|
19.04.2025, 13:06
| #3 |
| | Trojan Win32/Vundo.gen!D Danke, ich schaue, wie ich das machen muss und poste sie dann.
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
durchgeführt von Bettina (Administrator) auf LG_GRAM (LG Electronics 17Z90Q-G.AA79G) (19-04-2025 12:28:57)
Gestartet von C:\Users\betti\Downloads\FRST64.exe
Geladene Profile: Bettina & _ashbackuppb_
Plattform: Microsoft Windows 11 Home Version 24H2 26100.3775 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Brave
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\backupService-abpb.exe ->) (Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\oxHelper.exe <2>
(C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Opera\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\117.0.5408.197\opera_crashreporter.exe
(C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.107.2.0_x64__ya2fgkz3nks94\WindowsBrowser\DuckDuckGo.exe ->) (Duck Duck Go, Inc. -> Microsoft Corporation) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.107.2.0_x64__ya2fgkz3nks94\WindowsBrowser\WebView2\msedgewebview2.exe <13>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_helper.exe
(explorer.exe ->) (Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\backupClient-abpb.exe
(explorer.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(explorer.exe ->) (iPSMonitor) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.056.0324.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Program Files\Opera\opera.exe <35>
(explorer.exe ->) (Proton AG -> Proton AG) C:\Users\betti\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_25060.205.3499.6849_x64__8wekyb3d8bbwe\ms-teams.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25031.45.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(Proton AG -> ) C:\Program Files\Proton\VPN\v3.5.3\ProtonVPN.exe
(Proton AG -> Proton AG) C:\Users\betti\AppData\Local\ProtonPass\app-1.30.1\ProtonPass.exe <4>
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\backupService-abpb.exe
(services.exe ->) (Atera Networks Ltd -> ATERA Networks Ltd.) C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
(services.exe ->) (Broadcom Inc -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3f40b95d353a9eb5\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_0fafc9a410cecde2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e111c298dd724ac0\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_ab450ffa4e7a5d92\AS\IAS\IntelAudioService.exe
(services.exe ->) (LG Electronics Inc. -> ) C:\Windows\System32\DriverStore\FileRepository\lguwpservice.inf_amd64_bb88382279e29ceb\LGUWPService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) C:\Windows\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_cffeae566266cbd0\PlatformMgrService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Proton AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.5.3\ProtonVPN.WireguardService.exe
(services.exe ->) (Proton AG -> ProtonVPN) C:\Program Files\Proton\VPN\v3.5.3\ProtonVPNService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f2f0f37407bcfb97\RtkAudUService64.exe <2>
(sihost.exe ->) (Duck Duck Go, Inc. -> DuckDuckGo) C:\Program Files\WindowsApps\DuckDuckGo.DesktopBrowser_0.107.2.0_x64__ya2fgkz3nks94\WindowsBrowser\DuckDuckGo.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2515.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.27777.1008.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.40.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.27777.1008-0\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f2f0f37407bcfb97\RtkAudUService64.exe [1951640 2023-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Ashampoo Backup PB] => C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\backupClient-abpb.exe [975712 2024-12-16] (Ashampoo GmbH & Co. KG -> )
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3952104 2020-09-24] (Logitech -> Logitech, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [I19E] => C:\WINDOWS\twain_32\Brimi19e\Common\TwDsUiLaunch.exe [87008 2023-01-30] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3591168 2022-10-09] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4009984 2024-05-31] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\...\Run: [MicrosoftEdgeAutoLaunch_F697ADC41CBD3EFA5E826E7C7F6DBC3D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4419624 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\Microsoft.SharePoint.exe [1031976 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [12921496 2025-02-17] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\...\Run: [Proton Drive] => C:\Users\betti\AppData\Local\Programs\Proton\Drive\ProtonDrive.exe [215160288 2024-12-05] (Proton AG -> Proton AG)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [884736 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-3136968540-2654647542-3342472245-1008\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\135.0.7049.96\Installer\chrmstp.exe [2025-04-18] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\135.1.77.100\Installer\chrmstp.exe [2025-04-16] (Brave Software, Inc. -> Brave Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2023-11-10]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother iPSMonitor.lnk [2025-04-08]
ShortcutTarget: Brother iPSMonitor.lnk -> C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe (iPSMonitor) [Datei ist nicht signiert]
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {F0A7D3C4-BE29-419E-A9FC-13B0C40F1A9B} - System32\Tasks\AteraAgentServiceWatchdog => C:\Program Files\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe [159616 2024-02-15] (Atera Networks Ltd -> Agent.Package.Watchdog)
Task: {F4EE74F7-045E-4CDD-BB15-0C2EF3F9F173} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{BA4BAF17-87C9-4D5E-97A0-2435F7AE643B} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-09-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {2BA15674-2883-4227-886E-4DFEDB40C1DB} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{CE63F401-F90F-4087-B9ED-4E2E008F8229} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-09-20] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {866B5844-211F-4FC3-8185-E228B894D314} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem137.0.7115.0{CB46DBC7-1C00-41DD-BF56-D3CEE6FF0F94} => C:\Program Files (x86)\Google\GoogleUpdater\137.0.7115.0\updater.exe [7360096 2025-04-08] (Google LLC -> Google LLC)
Task: {E3859E97-A379-405C-A142-9FB77E0E571A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918440 2025-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E105659B-BB78-41E1-82A6-11D51E6883DD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21918440 2025-03-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BC2562D-AC6F-49ED-9FE2-1F7FC3C036AD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141456 2025-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7F369EE-C4B0-49D8-A769-8F81A8F2E562} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141456 2025-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9CD6AEE8-AB5A-4023-84BD-B2FD2128B9D7} - System32\Tasks\Microsoft\Windows\AccountHealth\RecoverabilityToastTask => {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492} C:\WINDOWS\system32\AccountHealth.dll [258048 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {78ED3003-51F4-4F18-8A7C-C19E00F48448} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => %WINDIR%\system32\SecureBootEncodeUEFI.exe (Keine Datei)
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask => {8702A841-D5CA-47C3-812D-9CEDC304C200}
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {B00C96DA-14FF-4ED7-8F91-144E396F2DED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A136FC88-C311-43A9-A35C-15458ED117C7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA2DE04B-2AE0-4D1C-8122-DE9E9FFA775B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {47F3C8DE-0FCA-4A3D-B4DA-1E080C83DEB9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C133C010-9BD2-4EB0-A245-62C278E70A06} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-15] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {3BD276A3-F193-4776-A2E6-8A014E427902} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-3136968540-2654647542-3342472245-1004 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-15] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {91632963-5F9C-4E25-A898-18BC610B3435} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-15] (Mozilla Corporation -> Mozilla Foundation)
Task: {87F99F67-FBE8-4385-9799-A96AE29D3594} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A09041E-A080-4114-812D-8586C5628654} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1004 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {632ABDC2-FF85-43FC-AFF1-C49CBAE1BFF4} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1007 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {0666C18C-FD28-4D9F-9390-08FDF4CF0AE3} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1008 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6508CE9E-D8AB-403B-99D3-635A608FB428} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1004 => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\OneDriveLauncher.exe [676680 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1B96F50-83ED-4C35-BDE5-0B962921BFB9} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1007 => C:\Program Files\Microsoft OneDrive\25.051.0317.0003\OneDriveLauncher.exe /startInstances (Keine Datei)
Task: {F2E30268-17B5-4B2B-923B-7F83196F3B46} - System32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1008 => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\OneDriveLauncher.exe [676680 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D424639E-AE0F-465B-857D-A5C6867325BE} - System32\Tasks\Opera scheduled Autoupdate 1696164610 => C:\Program Files\Opera\autoupdate\opera_autoupdate.exe [5647768 2025-04-02] (Opera Norway AS -> Opera Software)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [27688 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [27688 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31784 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31784 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
Tcpip\..\Interfaces\{74b728ef-9523-4ae2-9a90-2bd35c67e981}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ac870a75-c3b9-456f-83d8-b3507a28e0d6}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{eab2262d-9ab1-5975-7d92-334d06f4972b}: [NameServer] 10.2.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-18]
Edge Extension: (Google Docs Offline) - C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-10]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (BetterTTV) - C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\icllegkipkooaicfmdfaloehobmglglb [2025-04-10]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Edge relevant text changes) - C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-04]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Profile: C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2024-08-20]
Edge Extension: (Google Docs Offline) - C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-22]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\betti\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-29]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
FireFox:
========
FF DefaultProfile: 9bq28jyz.default
FF ProfilePath: C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\9bq28jyz.default [2023-09-20]
FF ProfilePath: C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\ynsvhal4.default-release [2025-04-19]
FF Extension: (MetaMask) - C:\Users\betti\AppData\Roaming\Mozilla\Firefox\Profiles\ynsvhal4.default-release\Extensions\webextension@metamask.io.xpi [2025-03-25]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-27] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default [2025-04-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\betti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-10-12]hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\opera.exe
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2025-04-19]
BRA Notifications: Default -> hxxps://blofin.com; hxxps://mail.proton.me; hxxps://www.binance.com
BRA Extension: (Rabby Wallet) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\acmacodkjbdgmoleebolmdjonilkdbch [2025-04-19]hxxps://clients2.google.com/service/update2/crx
BRA Extension: (MetaMask) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2025-04-19]hxxps://clients2.google.com/service/update2/crx
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2025-04-15]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2025-04-19]
BRA Extension: (Brave NTP background images) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2025-04-19]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2025-04-19]
BRA Extension: (Wallet Data Files Updater) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2024-01-23]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2025-04-19]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2023-12-10]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2025-04-19]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2025-04-19]
BRA Extension: (Brave Ads Resources) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2025-04-03]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2025-04-19]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2025-04-03]
BRA Extension: (Brave Ad Block Updater (Brave Twitch Adblock Rules (plaintext))) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\mhccgcegedfkhdbfbgllfkkcjhgkoinc [2024-09-19]
BRA Extension: (Brave NTP sponsored images) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2025-04-19]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\betti\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-30]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5643072 2025-04-18] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
R2 ashbackuppb; c:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\backupService-abpb.exe [40288 2024-12-16] (Ashampoo GmbH & Co. KG -> )
R2 AteraAgent; C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe [144224 2023-09-26] (Atera Networks Ltd -> ATERA Networks Ltd.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-09-20] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\135.1.77.100\elevation_service.exe [3512848 2025-04-16] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [175424 2023-09-20] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [503808 2024-08-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9204432 2025-03-27] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_3f40b95d353a9eb5\ipfsvc.exe [543888 2022-01-27] (Intel Corporation -> Intel Corporation)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncHelper.exe [3545416 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_ab450ffa4e7a5d92\AS\IAS\IntelAudioService.exe [531008 2022-01-26] (Intel Corporation -> Intel)
R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_uf.exe [2736792 2022-01-20] (Intel Corporation -> Intel Corporation)
R2 LGUWPService; C:\WINDOWS\System32\DriverStore\FileRepository\lguwpservice.inf_amd64_bb88382279e29ceb\LGUWPService.exe [47968 2022-03-10] (LG Electronics Inc. -> )
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.056.0324.0003\OneDriveUpdaterService.exe [3892568 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
R2 PlatformMgrService; C:\WINDOWS\System32\DriverStore\FileRepository\platmgrsvc.inf_amd64_cffeae566266cbd0\PlatformMgrService.exe [98240 2022-03-10] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
R3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.5.3\ProtonVPNService.exe [464608 2025-02-17] (Proton AG -> ProtonVPN)
R3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.5.3\ProtonVPN.WireGuardService.exe [464104 2025-02-17] (Proton AG -> ProtonVPN)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe [11776 2025-03-17] () [Datei ist nicht signiert]
S2 VMnetDHCP; C:\WINDOWS\SysWOW64\vmnetdhcp.exe [373112 2024-11-28] (Broadcom Inc -> VMware, Inc.)
R2 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [1009112 2024-07-18] (Broadcom Inc -> VMware, Inc.)
S2 VMware NAT Service; C:\WINDOWS\SysWOW64\vmnat.exe [420208 2024-11-28] (Broadcom Inc -> VMware, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe [20992 2025-03-17] () [Datei ist nicht signiert]
S2 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [X]
S3 VmwareAutostartService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AirModeBtn; C:\WINDOWS\System32\drivers\AirModeBtn.sys [55112 2019-12-05] (LG Electronics Inc. -> LG Electronics)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2024-07-18] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_5559a053c66c287c\iaLPSS2_GPIO2_ADL.sys [139928 2021-12-05] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_1c06c20c35bb4d6d\iaLPSS2_I2C_ADL.sys [209552 2021-12-05] (Intel Corporation -> Intel Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [97504 2021-12-13] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_fd309261dbf4456e\ipf_acpi.sys [85648 2022-01-20] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_cpu.sys [79512 2022-01-20] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_981643a3a0403bb6\ipf_lf.sys [431248 2022-01-20] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 mmrv-abpb; C:\Program Files\Ashampoo\Ashampoo Backup Pro 25\bin\mmrv-abpb.sys [59424 2024-12-12] (Ashampoo GmbH & Co. KG -> )
R1 PlatMgr; C:\WINDOWS\System32\drivers\PlatMgr.sys [166088 2022-03-10] (LG Electronics Inc. -> LG Electronics Inc.)
R3 PlatSec; C:\WINDOWS\System32\DriverStore\FileRepository\platsec.inf_amd64_faa9bc5ae253ab2b\PlatSec.sys [1095552 2022-03-10] (LG Electronics Inc. -> LG Electronics Inc.)
R3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.5.3\Resources\ProtonVPN.CalloutDriver.sys [40360 2025-02-10] (Proton AG -> Proton AG)
S3 Revoflt; C:\WINDOWS\System32\DRIVERS\revoflt.sys [38400 2021-11-17] (Microsoft Windows Hardware Compatibility Publisher -> VS Revo Group)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [106424 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
R3 VMnetAdapter; C:\WINDOWS\System32\drivers\vmnetadapter.sys [31288 2024-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2024-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2024-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100920 2024-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [91176 2024-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-09] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
R0 WinSetupMon; C:\WINDOWS\System32\DRIVERS\WinSetupMon.sys [169408 2025-02-07] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2025-01-04] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2025-01-04] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R0 xnotepep; C:\WINDOWS\System32\drivers\xnotepep.sys [51216 2020-04-21] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-19 12:28 - 2025-04-19 12:29 - 000037641 _____ C:\Users\betti\Downloads\FRST.txt
2025-04-19 12:28 - 2025-04-19 12:29 - 000000000 ____D C:\FRST
2025-04-19 12:28 - 2025-04-19 12:28 - 002404864 _____ (Farbar) C:\Users\betti\Downloads\FRST64.exe
2025-04-19 12:23 - 2025-04-19 12:23 - 000713208 _____ C:\WINDOWS\system32\perfh007.dat
2025-04-19 12:23 - 2025-04-19 12:23 - 000152656 _____ C:\WINDOWS\system32\perfc007.dat
2025-04-19 12:15 - 2025-04-19 12:15 - 000000000 ____D C:\ProgramData\VMware
2025-04-15 18:44 - 2025-04-19 12:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-15 17:18 - 2025-04-15 17:18 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1008
2025-04-15 17:18 - 2025-04-15 17:18 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1008
2025-04-14 17:10 - 2025-04-14 17:10 - 002448975 _____ C:\Users\betti\Downloads\SALVATARA_Inc_Sale_and_Purchase_Agreement_(November_2022)_V1_-_Blank (1).pdf
2025-04-13 11:11 - 2025-04-13 11:11 - 000000601 _____ C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Finanzen.lnk
2025-04-12 19:41 - 2025-04-12 19:41 - 000000000 ____D C:\Users\betti\AppData\Local\Deployment
2025-04-12 19:39 - 2025-04-12 19:39 - 000050703 _____ C:\Users\betti\Downloads\NELCEX_Invest_1000 x1,10_=15_05_2023_15_05_2024_Kopie_4_2.xlsx
2025-04-12 19:36 - 2025-04-12 19:36 - 000081408 _____ C:\Users\betti\Downloads\NELCEX.xls
2025-04-12 19:08 - 2025-04-12 19:08 - 003773845 _____ C:\Users\betti\Downloads\SALVATARA_Inc_Sale_and_Purchase_Agreement_(No.zip
2025-04-11 16:53 - 2022-03-11 10:53 - 023097471 _____ C:\Users\betti\Documents\Peter_A_Levine_Trauma_und_Gedächtnis_Die_Spuren_unserer_Erinnerung.pdf
2025-04-11 16:52 - 2022-03-11 10:54 - 002670189 _____ C:\Users\betti\Documents\Franz Ruppert - Trauma, Angst & Liebe(1).pdf
2025-04-11 16:40 - 2022-01-22 05:44 - 003029400 _____ C:\Users\betti\Documents\Dr. Helen Schuchman - Ein Kurs in Wundern.pdf
2025-04-10 17:21 - 2025-04-10 17:21 - 000001122 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2025-04-10 17:21 - 2025-04-10 17:21 - 000000000 ____D C:\Users\betti\AppData\Local\VS Revo Group
2025-04-10 17:21 - 2025-04-10 17:21 - 000000000 ____D C:\ProgramData\VS Revo Group
2025-04-10 17:21 - 2025-04-10 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2025-04-10 17:21 - 2025-04-10 17:21 - 000000000 ____D C:\Program Files\VS Revo Group
2025-04-10 16:25 - 2025-04-19 12:15 - 000000000 ____D C:\Program Files\7-Zip
2025-04-10 16:24 - 2025-04-10 16:25 - 001637343 _____ (Igor Pavlov) C:\Users\betti\Downloads\7z2409-x64.exe
2025-04-10 15:49 - 2025-04-10 15:49 - 001673056 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2025-04-10 15:49 - 2025-04-10 15:49 - 000000000 ____D C:\Program Files\Common Files\VMware
2025-04-10 15:49 - 2024-11-28 03:28 - 001307504 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2025-04-10 15:49 - 2024-11-28 03:25 - 000420208 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2025-04-10 15:49 - 2024-11-28 03:25 - 000373112 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2025-04-10 12:13 - 2025-04-10 14:09 - 000000000 ____D C:\Ashampoo Backups
2025-04-10 04:57 - 2025-04-10 04:57 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-10 04:57 - 2025-04-10 04:57 - 000000000 ____D C:\inetpub
2025-04-09 20:36 - 2022-04-21 15:08 - 000105601 _____ C:\Users\betti\Documents\Versicherungsschein.pdf
2025-04-09 20:33 - 2022-04-16 09:54 - 000526067 _____ C:\Users\betti\Documents\Antrag_GdB_Seite_3.pdf
2025-04-09 20:33 - 2022-04-15 22:10 - 000529808 _____ C:\Users\betti\Documents\Antrag_GdB_Seite_2.pdf
2025-04-09 20:33 - 2022-04-15 22:08 - 000491746 _____ C:\Users\betti\Documents\Antrag_GdB_Seite_1.pdf
2025-04-09 20:33 - 2022-04-06 19:47 - 002587964 _____ C:\Users\betti\Documents\Antrag-Schwerbehinderung.pdf
2025-04-09 20:33 - 2021-09-25 20:51 - 000656817 _____ C:\Users\betti\Documents\Beitrittserkl_rung_mit_aktueller_Satzung_und_Datenschutzhinweisen.pdf
2025-04-09 20:33 - 2019-07-03 22:36 - 000126999 _____ C:\Users\betti\Documents\Antrag.pdf
2025-04-09 20:22 - 2025-04-09 21:56 - 000000000 ____D C:\Users\betti\Documents\Bedienungsanleitungen
2025-04-09 20:22 - 2019-01-05 21:26 - 000193389 _____ C:\Users\betti\Documents\Microsoft Konto Wiederherstellungscode.pdf
2025-04-09 20:20 - 2019-11-22 00:00 - 002672932 _____ C:\Users\betti\Documents\em-ratgeber-kompakt.pdf
2025-04-09 20:18 - 2020-01-27 20:21 - 000691951 _____ C:\Users\betti\Documents\Freenet Kundenummer.pdf
2025-04-09 20:13 - 2019-01-28 22:52 - 000122021 _____ C:\Users\betti\Documents\ashampoo_licenses.pdf
2025-04-09 20:13 - 2019-01-28 22:24 - 000093585 _____ C:\Users\betti\Documents\Ashampoo Backup Pro 12 Rechnung.pdf
2025-04-09 20:12 - 2025-04-09 20:12 - 007916735 _____ C:\Users\betti\Documents\2008 Wege zum humanen, selbestimmten Sterben Copy.pdf
2025-04-09 20:05 - 2025-04-09 20:05 - 000000000 ____D C:\Users\betti\Documents\Versorgungsamt
2025-04-09 20:04 - 2025-04-09 20:04 - 000000000 ____D C:\Users\betti\Documents\Versicherungen
2025-04-09 20:00 - 2025-04-09 20:00 - 000000000 ____D C:\Users\betti\Documents\Techniker
2025-04-09 19:58 - 2025-04-11 16:54 - 000000000 ____D C:\Users\betti\Documents\Rezepte
2025-04-09 19:57 - 2025-04-09 19:57 - 000020901 _____ C:\Users\betti\Documents\Rechnung Liebscher und Bracht 20211123_RER1049843 Copy.pdf
2025-04-09 18:13 - 2025-04-09 18:13 - 000000000 ____D C:\Users\betti\Transformationsprogramm Markus Asano
2025-04-09 18:06 - 2025-04-09 18:07 - 000000000 ____D C:\Users\betti\Meditationen
2025-04-09 17:55 - 2025-04-11 17:25 - 000000000 ____D C:\Users\betti\Krypto
2025-04-09 17:48 - 2025-04-09 17:48 - 000000000 ____D C:\Users\_ashbackuppb_\AppData\Local\Ashampoo
2025-04-09 17:47 - 2025-04-10 11:07 - 000000000 ____D C:\Users\_ashbackuppb_
2025-04-09 17:47 - 2025-04-09 17:47 - 000000020 ___SH C:\Users\_ashbackuppb_\ntuser.ini
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Vorlagen
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Startmenü
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Netzwerkumgebung
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Lokale Einstellungen
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Eigene Dateien
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Druckumgebung
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Documents\Eigene Videos
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Documents\Eigene Musik
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Documents\Eigene Bilder
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\AppData\Local\Verlauf
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\AppData\Local\Anwendungsdaten
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 _SHDL C:\Users\_ashbackuppb_\Anwendungsdaten
2025-04-09 17:47 - 2025-04-09 17:47 - 000000000 ___SD C:\Users\_ashbackuppb_\AppData\Roaming\Microsoft\Protect
2025-04-09 17:47 - 2025-03-23 16:15 - 000000000 ____D C:\Users\_ashbackuppb_\AppData\Roaming\Microsoft\Network
2025-04-09 17:47 - 2025-03-23 16:11 - 000000000 ____D C:\Users\_ashbackuppb_\AppData\Roaming\Microsoft\Windows
2025-04-09 17:47 - 2024-05-30 02:34 - 000000000 ___RD C:\Users\_ashbackuppb_\OneDrive
2025-04-09 17:47 - 2024-04-01 09:26 - 000000000 ____D C:\Users\_ashbackuppb_\AppData\Roaming\Microsoft\Spelling
2025-04-09 13:02 - 2025-04-10 15:50 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-09 12:51 - 2025-04-09 12:51 - 000029042 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-04-09 12:51 - 2025-04-09 12:51 - 000029042 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-04-08 16:03 - 2025-04-08 16:03 - 000001392 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2025-04-06 16:06 - 2025-04-10 11:07 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-04-01 17:25 - 2025-04-01 17:25 - 000001933 _____ C:\Users\Public\Desktop\WISO Steuer 2025.lnk
2025-04-01 17:25 - 2025-04-01 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2025
2025-04-01 17:17 - 2025-04-01 17:19 - 803322808 _____ C:\Users\betti\Downloads\WISOSteuer2025.exe
2025-04-01 17:16 - 2025-04-01 17:25 - 000000000 ____D C:\Program Files\WISO
2025-04-01 17:16 - 2025-04-01 17:16 - 000001933 _____ C:\Users\Public\Desktop\WISO Steuer 2024.lnk
2025-04-01 17:16 - 2025-04-01 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2024
2025-04-01 17:06 - 2025-04-01 17:07 - 795256968 _____ C:\Users\betti\Downloads\WISOSteuer2024.exe
2025-03-31 12:49 - 2025-03-31 12:49 - 000000000 ____D C:\Users\betti\AppData\Local\ASP.NET
2025-03-31 12:49 - 2025-03-31 12:49 - 000000000 _____ C:\Users\betti\AppData\Local\settingData.dat
2025-03-31 12:46 - 2025-03-31 12:46 - 000000000 ____D C:\Program Files (x86)\dotnet
2025-03-30 15:04 - 2025-04-09 20:21 - 000000000 ____D C:\Users\betti\Documents\steuer
2025-03-29 19:46 - 2025-03-29 19:46 - 000000000 ____D C:\Users\betti\AppData\Local\Buhl Data Service GmbH
2025-03-29 19:37 - 2025-04-01 17:25 - 000000000 ____D C:\Users\betti\AppData\Local\Buhl
2025-03-29 19:37 - 2025-03-29 19:37 - 000002172 _____ C:\Users\Public\Desktop\WISO Steuer 2023.lnk
2025-03-29 19:37 - 2025-03-29 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2023
2025-03-29 19:37 - 2025-03-29 19:37 - 000000000 ____D C:\Program Files (x86)\WISO
2025-03-29 19:34 - 2025-04-01 17:19 - 000000000 ____D C:\ProgramData\Buhl Data Service GmbH
2025-03-29 19:30 - 2025-03-29 19:31 - 658538184 _____ C:\Users\betti\Documents\WISOSteuer2023.exe
2025-03-24 04:15 - 2025-03-24 04:15 - 000070484 _____ C:\WINDOWS\SysWOW64\ctac.json
2025-03-24 04:15 - 2025-03-24 04:15 - 000070484 _____ C:\WINDOWS\system32\ctac.json
2025-03-23 16:20 - 2025-04-19 12:23 - 001646014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-23 16:20 - 2025-03-23 16:20 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2025-03-23 16:17 - 2025-03-23 16:17 - 000000020 ___SH C:\Users\betti\ntuser.ini
2025-03-23 16:16 - 2025-04-19 12:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-23 16:16 - 2025-04-18 15:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-03-23 16:16 - 2025-04-15 17:18 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1004
2025-03-23 16:16 - 2025-04-15 17:18 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1004
2025-03-23 16:16 - 2025-04-15 17:18 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-03-23 16:16 - 2025-04-09 14:54 - 000004024 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1696164610
2025-03-23 16:16 - 2025-04-08 14:11 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3136968540-2654647542-3342472245-1007
2025-03-23 16:16 - 2025-04-08 14:11 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-3136968540-2654647542-3342472245-1007
2025-03-23 16:16 - 2025-04-06 01:40 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-23 16:16 - 2025-04-06 01:40 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-23 16:16 - 2025-03-23 16:16 - 000003814 _____ C:\WINDOWS\system32\Tasks\AteraAgentServiceWatchdog
2025-03-23 16:16 - 2025-03-23 16:16 - 000003666 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA{CE63F401-F90F-4087-B9ED-4E2E008F8229}
2025-03-23 16:16 - 2025-03-23 16:16 - 000003442 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore{BA4BAF17-87C9-4D5E-97A0-2435F7AE643B}
2025-03-23 16:16 - 2025-03-23 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2025-03-23 16:15 - 2025-03-23 16:15 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2025-03-23 16:14 - 2025-03-23 16:14 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\SystemCertificates
2025-03-23 16:14 - 2025-03-23 16:14 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Network
2025-03-23 16:14 - 2025-03-23 16:14 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Crypto
2025-03-23 16:14 - 2025-03-23 16:14 - 000000000 ____D C:\Users\_ashbackuppb_.LG_gram\AppData\Roaming\Microsoft\Network
2025-03-23 16:13 - 2025-04-10 11:07 - 000000584 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-03-23 16:12 - 2025-03-23 16:12 - 000000020 ___SH C:\Users\_ashbackuppb_.LG_gram\ntuser.ini
2025-03-23 16:10 - 2025-04-12 09:10 - 000000000 ____D C:\Users\betti
2025-03-23 16:10 - 2025-04-09 17:47 - 000000000 ____D C:\Users\_ashbackuppb_.LG_gram
2025-03-23 16:10 - 2025-03-23 16:17 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows
2025-03-23 16:10 - 2025-03-23 16:11 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Spelling
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Vorlagen
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Startmenü
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Netzwerkumgebung
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Lokale Einstellungen
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Eigene Dateien
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Druckumgebung
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Documents\Eigene Videos
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Documents\Eigene Musik
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Documents\Eigene Bilder
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\AppData\Local\Verlauf
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\AppData\Local\Anwendungsdaten
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\betti\Anwendungsdaten
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\Vorlagen
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\Startmenü
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\Documents\Eigene Videos
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\Documents\Eigene Musik
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\Documents\Eigene Bilder
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\AppData\Local\Verlauf
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 _SHDL C:\Users\_ashbackuppb_.LG_gram\AppData\Local\Anwendungsdaten
2025-03-23 16:10 - 2025-03-23 16:10 - 000000000 ____D C:\Users\_ashbackuppb_.LG_gram\AppData\Roaming\Microsoft\Windows
2025-03-23 16:10 - 2024-04-01 09:26 - 000000000 ____D C:\Users\_ashbackuppb_.LG_gram\AppData\Roaming\Microsoft\Spelling
2025-03-23 16:09 - 2025-04-19 12:15 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2025-03-23 16:09 - 2025-04-18 21:49 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-23 16:09 - 2025-04-10 11:07 - 000473736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-23 16:07 - 2025-03-23 16:09 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2025-03-23 16:06 - 2025-03-23 16:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2025-03-23 16:06 - 2025-03-23 16:06 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2025-03-23 16:05 - 2025-04-10 04:57 - 000000000 ____D C:\WINDOWS\InboxApps
2025-03-23 16:03 - 2025-03-23 16:03 - 000005264 _____ C:\WINDOWS\system32\ecoscore_config.json
2025-03-23 16:03 - 2025-03-23 16:03 - 000000998 _____ C:\WINDOWS\system32\DeviceFeatureDDF.json
2025-03-23 16:00 - 2025-03-23 16:00 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2025-03-23 16:00 - 2025-03-23 16:00 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2025-03-23 16:00 - 2025-03-23 16:00 - 000000000 ____D C:\WINDOWS\addins
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-19 12:26 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-19 12:26 - 2023-09-20 21:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-19 12:25 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-19 12:25 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-04-19 12:23 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-04-19 12:21 - 2025-01-04 15:28 - 000000000 ____D C:\Users\betti\AppData\Roaming\Proton Pass
2025-04-19 12:16 - 2023-11-10 15:16 - 000000000 ____D C:\ProgramData\AnyDesk
2025-04-19 12:15 - 2024-09-08 16:48 - 000000000 ____D C:\Users\betti\AppData\Local\Ashampoo Backup PB
2025-04-19 12:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-04-19 12:15 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-19 12:15 - 2024-04-01 09:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-19 12:15 - 2023-10-06 23:23 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Excel
2025-04-19 12:15 - 2023-10-01 14:50 - 000000000 ____D C:\Program Files\Opera
2025-04-19 12:15 - 2023-09-29 23:25 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-19 12:15 - 2023-09-20 21:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-19 12:15 - 2023-09-20 18:50 - 000000000 ___RD C:\Users\betti\OneDrive
2025-04-19 12:15 - 2023-06-13 08:23 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-19 11:59 - 2023-09-27 17:09 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Word
2025-04-19 11:59 - 2023-09-20 18:48 - 000000000 ____D C:\Users\betti\AppData\Local\D3DSCache
2025-04-19 11:53 - 2023-06-13 08:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-18 22:31 - 2023-09-20 18:48 - 000000000 ____D C:\Users\betti\AppData\Local\Packages
2025-04-18 22:23 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-18 22:13 - 2023-11-10 15:16 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2025-04-18 22:13 - 2023-09-27 17:03 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-18 22:02 - 2023-10-01 14:33 - 000000000 ____D C:\Users\betti\AppData\Roaming\tutanota-desktop
2025-04-18 22:00 - 2024-10-16 17:29 - 000000000 ____D C:\Users\betti\Downloads\Telegram Desktop
2025-04-18 21:49 - 2023-09-20 22:26 - 000000000 ____D C:\Users\betti\AppData\Roaming\Telegram Desktop
2025-04-18 15:58 - 2023-09-20 21:57 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-18 04:58 - 2024-10-12 20:09 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2025-04-18 04:58 - 2024-10-12 20:09 - 000002198 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2025-04-16 22:26 - 2023-09-20 19:32 - 000002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2025-04-16 22:26 - 2023-09-20 19:32 - 000002315 _____ C:\Users\Public\Desktop\Brave.lnk
2025-04-15 17:18 - 2023-09-27 17:06 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-14 22:12 - 2025-01-17 23:12 - 000000000 ____D C:\Users\betti\Finanzen
2025-04-13 11:04 - 2024-06-20 17:31 - 000000000 ____D C:\Users\betti\Documents\Gesundheit
2025-04-12 09:08 - 2023-09-20 18:50 - 000000000 ____D C:\Users\betti\AppData\Local\PlaceholderTileLogoFolder
2025-04-11 17:21 - 2024-09-28 14:02 - 000000000 ____D C:\Users\betti\Kryptotransaktionen
2025-04-11 15:09 - 2023-09-30 00:36 - 000000000 ____D C:\Users\betti\AppData\Roaming\Ledger Live
2025-04-11 14:53 - 2023-09-30 00:35 - 000000000 ____D C:\Program Files\Ledger Live
2025-04-10 17:36 - 2023-12-28 22:07 - 000000000 ____D C:\Program Files (x86)\Sister
2025-04-10 15:56 - 2023-12-18 01:23 - 000000000 ____D C:\Users\betti\Benutzerhandbücher
2025-04-10 12:09 - 2024-09-18 14:36 - 000000000 ___RD C:\Users\betti\NEL Beweise
2025-04-10 11:46 - 2023-10-27 18:59 - 000000000 ____D C:\Users\betti\Documents\Benutzerdefinierte Office-Vorlagen
2025-04-10 11:07 - 2023-06-13 08:23 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-10 04:58 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-10 04:58 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-10 04:58 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-10 04:58 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-10 04:58 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-10 04:57 - 2024-04-01 18:35 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-10 04:57 - 2024-04-01 18:35 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-10 04:57 - 2024-04-01 18:35 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-10 04:57 - 2024-04-01 18:35 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-10 04:57 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-10 04:57 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-09 20:28 - 2023-10-27 18:58 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\UProof
2025-04-09 20:20 - 2023-12-17 20:43 - 000000000 ____D C:\Users\betti\Documents\Verträge
2025-04-09 14:54 - 2023-10-01 14:50 - 000001094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2025-04-09 11:43 - 2023-09-20 21:05 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-04-08 16:03 - 2023-12-16 03:39 - 000000000 ____D C:\ProgramData\Package Cache
2025-04-08 16:03 - 2023-12-16 03:39 - 000000000 ____D C:\Program Files (x86)\Browny02
2025-04-08 16:03 - 2023-10-08 10:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2025-04-05 13:33 - 2025-02-22 19:12 - 000000000 ___DC C:\WINDOWS\Panther
2025-04-02 19:13 - 2024-06-20 18:36 - 000000859 _____ C:\Users\Public\Desktop\PDFgear.lnk
2025-04-02 19:13 - 2024-06-20 18:36 - 000000000 ____D C:\Program Files\PDFgear
2025-04-02 14:24 - 2025-01-22 22:11 - 000000000 ____D C:\Users\betti\Documents\04.11.2024
2025-04-01 17:25 - 2023-10-08 10:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-03-31 13:48 - 2023-10-08 09:36 - 000000000 ____D C:\Users\betti\AppData\Local\ElevatedDiagnostics
2025-03-31 12:48 - 2023-10-08 10:08 - 000000000 ____D C:\Program Files (x86)\Brother
2025-03-31 12:46 - 2024-01-16 11:42 - 000000000 ____D C:\Program Files\dotnet
2025-03-30 14:58 - 2025-01-04 15:28 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proton AG
2025-03-30 14:58 - 2025-01-04 15:27 - 000000000 ____D C:\Users\betti\AppData\Local\ProtonPass
2025-03-24 05:51 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-03-24 05:07 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2025-03-24 05:04 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files\Windows Defender
2025-03-24 05:04 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-03-24 05:04 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2025-03-24 05:04 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2025-03-24 05:04 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\Provisioning
2025-03-24 04:35 - 2024-04-01 09:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2025-03-23 16:33 - 2023-06-13 08:46 - 000000000 ____D C:\ProgramData\Packages
2025-03-23 16:29 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\appcompat
2025-03-23 16:17 - 2023-06-13 11:31 - 000000000 __RHD C:\Users\Public\AccountPictures
2025-03-23 16:16 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Windows NT
2025-03-23 16:11 - 2025-01-04 15:27 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Proton
2025-03-23 16:11 - 2024-04-01 09:26 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2025-03-23 16:11 - 2024-02-19 16:03 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2025-03-23 16:11 - 2023-09-30 00:58 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitBox
2025-03-23 16:11 - 2023-09-27 16:09 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation
2025-03-23 16:11 - 2023-09-20 22:26 - 000000000 ____D C:\Users\betti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2025-03-23 16:09 - 2025-01-04 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2025-03-23 16:09 - 2024-05-30 02:34 - 000000000 ____D C:\WINDOWS\system32\%userprofile%
2025-03-23 16:09 - 2024-04-01 09:29 - 000000000 ____D C:\WINDOWS\Setup
2025-03-23 16:09 - 2024-04-01 09:26 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2025-03-23 16:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2025-03-23 16:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\spool
2025-03-23 16:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\NDF
2025-03-23 16:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2025-03-23 16:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-03-23 16:09 - 2023-10-16 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2025-03-23 16:09 - 2023-09-27 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2025-03-23 16:09 - 2022-05-07 12:39 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2025-03-23 16:09 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2025-03-23 16:09 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2025-03-23 16:09 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2025-03-23 16:08 - 2024-04-01 09:26 - 000000000 __RHD C:\Users\Public\Libraries
2025-03-23 16:07 - 2024-09-08 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2025-03-23 16:07 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\schemas
2025-03-23 16:07 - 2023-06-13 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Software
2025-03-23 16:07 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2025-03-23 16:07 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\WUModels
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-plocm
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\qps-ploc
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\te-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\qps-plocm
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\qps-ploc
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\or-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\km-KH
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\is-IS
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\id-ID
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\et-EE
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\es-MX
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Com
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\be-BY
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\as-IN
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\am-ET
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\IME
2025-03-23 16:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2025-03-23 16:04 - 2024-04-01 18:35 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2025-03-23 16:04 - 2024-04-01 18:35 - 000028898 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2025-03-23 16:04 - 2024-04-01 09:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2025-03-23 16:03 - 2024-04-01 09:22 - 000063064 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2025-03-23 16:03 - 2024-04-01 09:22 - 000062952 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcPseDMA.dll
2025-03-23 16:03 - 2024-04-01 09:22 - 000062944 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2025-03-23 16:01 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\OCR
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\system32\winrm
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\system32\WCN
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\system32\slmgr
2025-03-23 16:00 - 2024-04-01 18:33 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2025-03-23 16:00 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\dsc
2025-03-23 16:00 - 2024-04-01 09:26 - 000000000 ___RD C:\Program Files (x86)\Windows Defender
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2024-07-03 12:41 - 2024-07-12 12:43 - 000011992 _____ () C:\Users\betti\AppData\Roaming\Durch Trennzeichen getrennte Werte.EML
2025-03-31 12:49 - 2025-03-31 12:49 - 000000000 _____ () C:\Users\betti\AppData\Local\settingData.dat
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Geändert von cosinus (19.04.2025 um 13:42 Uhr) Grund: FQ entfernt |
|
| Themen zu Trojan Win32/Vundo.gen!D |
| arten, bitte um hilfe, dateien, defender, fehlermeldung, file, folge, folgende, gefunde, hilfe, melde, meldet, meldung, neu, neu starten, not, process, start, starte, starten, troja, trojan, versuch, warning, win, windows, windows defender |
Hybrid-Darstellung
