| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 11 verhält sich merkwürdigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
Gestern, 20:56
| #1 |
 |  Windows 11 verhält sich merkwürdig Hallo zusammen, ich habe einige Webseiten, die unter Wordpress erstellt wurden. Soweit ich das nachvollziehen konnte, hatte sich über ein Template irgendetwas auf meinen Rechner eingeschlichen. Jedenfalls bekam ich eine Nachricht, dass meine Webseite eine Sicherheitsabfrage durchführen müsse. Da mein Hoster zu diesem Zeitpunkt gerade erst eine Umstellung vorgenommen hatte, dachte ich, das käme durch ihn, und schöpfte keinen Verdacht. Die Meldung besagte, ich sollte die Ausführen Zeile öffnen und den Inhalt, der automatisch in die Zwischenablage eingefügt worden sei, einfügen und ausführen. Ich Depp!!! Das machte ich dann auch und die Sicherheitswarnung verschwand und ich konnte die Webseite aufrufen. Kurz danach kam plötzlich eine Nachricht von einem Freund: In meinem Discord-Account würden merkwürdige Nachrichten gepostet. Er hätte mich deswegen erst einmal geblockt. Ich habe mich dann dort abgemeldet und mein Passwort geändert, mich aber nicht abgemeldet. Wieder ein paar Tage später wurden bei anderen Mitgliedern in Discord seltsame private Nachrichten abgesetzt. Diese konnte ich alle löschen. Nachdem man mich darauf aufmerksam gemacht hatte, änderte ich mein Passwort erneut und seitdem melde ich mich dort immer ab. Unter Facebook bekam ich den Hinweis, in meinem Account wären Unstimmigkeiten aufgetreten und mein Account wäre erst einmal gesperrt worden. Ich änderte daraufhin auch dort mein Passwort und melde mich seitdem dort auch immer ab. Auf meinem PC, Windows 11 Home, 25H2, beobachtete ich dann, dass er teilweise sehr langsam wurde, sich der Desktop mehrmals aktualisierte, das aber auch immer wieder länger dauerte. Alle paar Tage wird das System dann wahnsinnig langsam, dann läuft es ein paar Tage wieder normal. Ich habe eine SSD, auf der das Betriebssystem läuft, und eine zweite 4-GB-HDD, auf der meine Daten liegen. Der Zugriff gestaltete sich unglaublich langsam, dann gab es wieder Tage, die ganz normal schienen. Zuerst dachte ich, die HDD wäre völlig fragmentiert, und habe sie defragmentiert, was auch über 80 Stunden gedauert hat. Mit einer Linux-Live-CD habe ich dann sicherheitshalber vorher die Daten auf eine externe HDD gesichert. Da lief alles in normaler Geschwindigkeit, ohne jede Probleme. Die "Wartezeiten" (in Windows 11), die alle paar Tage auftreten, sind aber weder mit einer defekten HDD noch mit einem defekten Windows-Benutzerprofil zu erklären. Auch das Scannen mit einer Kaspersky-Rescue-CD hat nicht viel gebracht. Der meinte, nach einem Intensiv-Scan etwas gefunden zu haben, was ich sicherheitshalber habe löschen lassen. Avira-Rescue-CD hat nichts gefunden. Außerdem habe ich noch die Free-Version von Malwarebytes laufen, das hat aber auch nichts gefunden. Ich war schon drauf und dran, die SSD komplett zu formatieren und alles neu zu machen, als mir das Trojaner-Board wieder einfiel. Da habt ihr mir vor sehr vielen Jahren einmal im Büro helfen können, nachdem meine damalige Kollegin auf einen Link geklickt hatte. Vielleicht könnt ihr mir auch jetzt helfen? FRST Logs folgen gleich… Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2026
durchgeführt von draftec (Administrator) auf DRAFTEC-PC (Hyrican Informationssysteme AG Hyrican PC) (12-05-2026 21:15:32)
Gestartet von C:\Users\draftec\Desktop\FRST64.exe
Geladene Profile: draftec & _ashbackuppb_
Plattform: Microsoft Windows 11 Home Version 25H2 26200.8246 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Brave
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <17>
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
(C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe ->) (Logitech Inc -> ) C:\Program Files\Logi\LogiPluginService\LogiPluginServiceExt.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logi\LogiPluginService\LogiPluginService.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Mozilla Thunderbird\thunderbird.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Thunderbird\crashhelper.exe
(C:\Users\draftec\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\draftec\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files\EaseUS\EaseUS Partition Master\DiskHealth\DiskHealth.exe
(explorer.exe ->) () [Datei ist nicht signiert] C:\Program Files\pCloud Drive\pCloud.exe
(explorer.exe ->) (Bartels Media GmbH -> Bartels Media GmbH) C:\Users\draftec\AppData\Local\Programs\PhraseExpress\phraseexpress.exe
(explorer.exe ->) (Devolutions Inc -> Devolutions Inc.) C:\Program Files\UniGetUI\UniGetUI.exe
(explorer.exe ->) (iPSMonitor) [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe
(explorer.exe ->) (O&O Software GmbH -> O&O Software GmbH) C:\Program Files\OO Software\DiskImage Premium\OODiskImageNotify.exe
(explorer.exe ->) (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(explorer.exe ->) (SignPath Foundation -> ) C:\Program Files\Ditto\Ditto.exe
(Marek Jasiński -> Marek Jasinski) C:\Program Files\FreeCommander XE\FreeCommander.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.54\Installer\setup.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <5>
(PrintCtrl.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe <2>
(PrintDisp.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe <2>
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe
(services.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(services.exe ->) (Ashampoo GmbH & Co. KG -> ) C:\Program Files\Ashampoo\Ashampoo Backup Pro 27\bin_x64\backupService.exe
(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\NisSrv.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(services.exe ->) (NOVASYNC LABS PTE. LTD. -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(services.exe ->) (Nuance Communications Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmdsi.inf_amd64_3c06e86fd1dde89a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (O&O Software GmbH -> O&O Software GmbH) C:\Program Files (x86)\OO Software\Syspectr\OOSysAgent.exe
(services.exe ->) (Open Source Developer, Michael Maltsev -> Ramen Software) C:\Program Files\Windhawk\windhawk.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (voidtools PTY LTD -> voidtools) C:\Program Files\Everything\Everything.exe <2>
(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\draftec\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(svchost.exe ->) (Ascora GmbH -> ) C:\Program Files (x86)\StartupStar\Program\StartupStar.exe
(svchost.exe ->) (Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.28.240.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppActions.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1738088 2023-06-24] (Open Source Developer, Phillip Gibbons -> Highresolution Enterprises)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2270376 2025-11-04] (voidtools PTY LTD -> voidtools)
HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [613920 2024-11-01] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [I19C] => C:\Windows\twain_32\Brimi19c\Common\TwDsUiLaunch.exe [89192 2025-01-21] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [BrotherSoftwareUpdateNotification] => C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe [3591168 2022-10-09] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4009984 2024-05-31] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:home
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [EnableMmx] 0
HKU\S-1-5-21-3987854163-494943310-1457373402-1000\...\Run: [WingetUI] => C:\Program Files\UniGetUI\UniGetUI.exe [751944 2026-05-06] (Devolutions Inc -> Devolutions Inc.)
HKU\S-1-5-21-3987854163-494943310-1457373402-1000\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe [390656 2026-04-16] () [Datei ist nicht signiert]
HKU\S-1-5-21-3987854163-494943310-1457373402-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [5676816 2025-09-27] (SignPath Foundation -> )
HKU\S-1-5-21-3987854163-494943310-1457373402-1000\...\Run: [DiskImageNotify] => C:\Program Files\OO Software\DiskImage Premium\OODiskImageNotify.exe [449840 2026-03-04] (O&O Software GmbH -> O&O Software GmbH)
HKU\S-1-5-21-3987854163-494943310-1457373402-1020\...\RunOnce: [Uninstall 26.055.0323.0004] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\draftecNeu\AppData\Local\Microsoft\OneDrive\26.055.0323.0004" [0 2026-04-14]
HKLM\...\Windows x64\Print Processors\ActMaskR: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [55584 2024-10-27] (ActMask Group Co., Ltd -> ActMask Co.,Ltd hxxp://ALL2PDF.COM)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install (Keine Datei)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{9C142C0C-124C-4467-B117-EBCC62801D7B}] -> C:\Program Files\Vivaldi\Application\7.9.3970.64\Installer\chrmstp.exe [6576552 2026-05-09] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\148.1.90.121\Installer\chrmstp.exe [6168144 2026-05-07] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install (Keine Datei)
Startup: C:\Users\draftec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2025-01-25]
ShortcutTarget: PhraseExpress.lnk -> C:\Users\draftec\AppData\Local\Programs\PhraseExpress\phraseexpress.exe (Bartels Media GmbH -> Bartels Media GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [ 2026-04-24]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother iPSMonitor.lnk [2026-04-21]
ShortcutTarget: Brother iPSMonitor.lnk -> C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe (iPSMonitor) [Datei ist nicht signiert]
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0F32A26A-CCC7-4A09-82C1-34CECC078F5B} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2024-10-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {80F31F12-9B5B-4A63-BA3E-1D083CE64A19} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2024-10-26] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {B5A99556-ABE1-449D-8CEC-9E984D6A4FA2} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [3286488 2026-04-03] (Microsoft Windows -> Microsoft Corporation)
Task: {4F515B4F-3499-4320-ABB1-0B3BE4958E70} - System32\Tasks\Daten-Backup auf T5 => C:\Program Files\Personal Backup 6\Persbackup.exe [15180800 2026-04-17] (Dr. J. Rathlev, D-24222 Schwentinental) [Datei ist nicht signiert] -> "D:\Daten\Tools\Personal Backup\Backup auf T5.buj" /force /startapp:scheduler /hide /prompt:delay /wait:3
Task: {0E4F6157-6DE1-4BAE-998F-148C889198F1} - System32\Tasks\DiskHealth => C:\Program Files\EaseUS\EaseUS Partition Master\DiskHealth\DiskHealthAuto.exe [115728 2026-04-08] (CHENGDU YIWO Tech Development Co., Ltd. -> )
Task: {72D8EFF2-59E5-4F6E-A7BD-CAC2B6D83D2C} - System32\Tasks\Microsoft\Office\Office Actions Server => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16381224 2026-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {00C6FF42-9427-4083-9AE6-58B782CB1994} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28549952 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {A0E37C3E-3281-4A62-A93F-3DC1B8C85EB9} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [73640 2026-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB947A5F-0DC6-47E9-A28B-92A167881914} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28549952 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {0C0099E5-1795-46B2-9B62-66C861E53BBC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426784 2026-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C383F57-248C-4C61-8D73-BFEC91B67A82} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [426784 2026-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {31C04E51-F7E7-4692-98A9-F6920B79437E} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [1366888 2026-04-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {6F005204-FE6F-4CE0-A528-1BF0175F4D9F} - System32\Tasks\Microsoft\Office\Office Startup Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe [16381224 2026-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {0BB36A32-0D9E-4297-AFD7-6BD7B5DB4C9B} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (Keine Datei)
Task: {61801914-C16F-4D71-85AF-5BC8D52DEB2C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpCmdRun.exe [1790616 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {085007EB-A84E-4F32-AA02-B44F5F18EBF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpCmdRun.exe [1790616 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8896CC6-28EB-4C61-BF2C-AD73D856E1B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpCmdRun.exe [1790616 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9D3DDCB4-7324-427C-AADA-4EB1E225F766} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpCmdRun.exe [1790616 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63916287-58AC-4789-B632-8A57078C5FDA} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3324528 2025-10-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DEB83151-1C92-4E4B-B692-C341C12F60E5} - System32\Tasks\StartupStar Firewall => C:\Program Files (x86)\StartupStar\Program\StartupStar.exe [1621680 2025-11-06] (Ascora GmbH -> )
Task: {86CCE511-A31E-4F8C-9E82-A66F335E4E51} - System32\Tasks\Thunderbird Sicherung => C:\Program Files\Personal Backup 6\TbBackup.exe [9420288 2026-04-17] (Dr. J. Rathlev, D-24222 Schwentinental) [Datei ist nicht signiert]
Task: {FA13EEEC-2F25-4446-87C6-8BBA8587637A} - System32\Tasks\VivaldiUpdateCheck-a2ceee585d6f15dd => C:\Program Files\Vivaldi\Application\update_notifier.exe [5305768 2026-05-07] (Vivaldi Technologies AS -> Vivaldi Technologies AS) -> C:\Program Files\Vivaldi\Application\--from-scheduler
Task: {C45568D4-2E56-46E0-BB4B-9B1400B3C97F} - System32\Tasks\WD Device Agent Task draftec => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Device Agent.exe [727392 2026-03-06] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
Task: {8B933AA7-B5D7-4C45-B0C6-6B1486C0EF34} - System32\Tasks\WD Discovery Service Task draftec => C:\Program Files (x86)\Western Digital\Discovery\Current\Service\WDDiscoveryService.exe [82784 2026-03-06] (Western Digital Technologies, Inc. -> )
Task: {BDE98472-FE1B-4002-93DC-4702B014B987} - System32\Tasks\WindhawkRunUITask => C:\Program Files\Windhawk\windhawk.exe [835160 2025-12-09] (Open Source Developer, Michael Maltsev -> Ramen Software)
Task: {35C78B8F-1C79-4918-A768-9E81261D5FF8} - System32\Tasks\WindhawkUpdateTask => C:\Program Files\Windhawk\windhawk.exe [835160 2025-12-09] (Open Source Developer, Michael Maltsev -> Ramen Software)
Task: {E3AC1749-1B1A-47B7-9ADA-CDC032134E96} - System32\Tasks\Winhance\BloatRemoval => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [454656 2025-09-15] (Microsoft Windows -> Microsoft Corporation) -> -ExecutionPolicy Bypass -NoProfile -Command "iex([IO.File]::ReadAllText('C:\ProgramData\Winhance\Scripts\BloatRemoval.ps1'))" <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.196.1
Tcpip\..\Interfaces\{1dd1d6a8-3212-42ce-8d4c-c68571f7d675}: [DhcpNameServer] 192.168.196.1
Tcpip\..\Interfaces\{1dd1d6a8-3212-42ce-8d4c-c68571f7d675}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{f54a597b-7af3-4196-8699-68eb7b57ebd4}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f54a597b-7af3-4196-8699-68eb7b57ebd4}: [DhcpDomain] fritz.box
FireFox:
========
FF DefaultProfile: zn8mftcg.default
FF ProfilePath: C:\Users\draftec\AppData\Roaming\kompozer.net\KompoZer\Profiles\1oazkvwy.default [2026-05-11]
FF Extension: (AboutConfig) - C:\Users\draftec\AppData\Roaming\kompozer.net\KompoZer\Profiles\1oazkvwy.default\Extensions\aboutconfig@mozilla.org [2024-11-23] [] [ist nicht signiert]
FF Extension: (Deutsches Wörterbuch) - C:\Users\draftec\AppData\Roaming\kompozer.net\KompoZer\Profiles\1oazkvwy.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2024-11-23] [] [ist nicht signiert]
FF Extension: (Table Nette) - C:\Users\draftec\AppData\Roaming\kompozer.net\KompoZer\Profiles\1oazkvwy.default\Extensions\tablenette@chevrel.org [2024-11-23] [] [ist nicht signiert]
FF Extension: (LinkChecker) - C:\Users\draftec\AppData\Roaming\kompozer.net\KompoZer\Profiles\1oazkvwy.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509} [2024-11-23] [] [ist nicht signiert]
FF ProfilePath: C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default [2024-11-17]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-cs@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-de@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Español (España) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Finnish Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-fi@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Français Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-fr@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Galego (España) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-gl@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-he@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-hu@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-it@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Japanese Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-ja@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Korean (KR) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-ko@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-nl@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Polski Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-pl@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Russian (RU) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-ru@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-sl@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (српски (sr) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-sr@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\draftec\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\zn8mftcg.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2024-11-17] [] [ist nicht signiert]
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2026-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking16\Program\x64\npDgnRia2_x64.dll [2023-12-20] (Nuance Communications Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-12-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking16\Program\npDgnRia2.dll [2023-12-20] (Nuance Communications Inc. -> Nuance Communications, Inc.)
Edge:
=======
Edge Profile: C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default [2026-01-20]
Edge HomePage: Default -> hxxp://oem17win10.msn.com/?PC=NMTE
Edge StartupUrls: Default -> "hxxps://www.facebook.com/"
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2025-12-12]
Edge Extension: (uBlock Origin) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2025-12-06]
Edge Extension: (QuillBot: AI Writing and Grammar Checker Tool) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cphpplikchcioccedpjacdanfibnimmh [2026-01-19]
Edge Extension: (Google Docs Offline) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-01-08]
Edge Extension: (Grammatik- und Rechtschreibprüfung - LanguageTool) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hfjadhjooeceemgojogkhlppanjkbobc [2026-01-08]
Edge Extension: (Dragon (DMO, DMD, DPA, DLA) Web Extension) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hhffbmpimhclcocppcaidfhpfeophnde [2025-02-09]
Edge Extension: (Bitwarden Passwortmanager) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2026-01-14]
Edge Extension: (Edge relevant text changes) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-10-26]
Edge Extension: (Recordify Title Discover) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kkgbclpocodjecojibeaaglcgndegljl [2025-12-06]
Edge Extension: (Bookmarked tabs to the front) - C:\Users\draftec\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mmllilpdpplbmjdjhlkagmimpgdflphb [2024-11-16]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKU\S-1-5-21-3987854163-494943310-1457373402-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [cphpplikchcioccedpjacdanfibnimmh]
Edge HKU\S-1-5-21-3987854163-494943310-1457373402-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-3987854163-494943310-1457373402-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Brave:
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2026-05-12]
BRA DownloadDir: C:\Users\draftec\Downloads
BRA HomePage: Default -> file:///D:/Daten/Internet/Browser-Startseite/Startseite.htm
BRA StartupUrls: Default -> "hxxps://docs.google.com/spreadsheets/d/1F6cddA0mZKXmgAQZenYn1Tsa8Yo9XrL4uZAkkzeFTz4/edit?gid=1553140436#gid=1553140436","file:///D:/Daten/Internet/Browser-Startseite/Startseite.htm"
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=bravened
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Session Restore: Default -> ist aktiviert.
BRA Extension: (uBlock Origin) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2026-05-12]
BRA Extension: (change-language) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2026-05-06]
BRA Extension: (Sprucemarks) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fakeocdnmmmnokabaiflppclocckihoj [2025-06-27]
BRA Extension: (Proton Pass: Free Password Manager) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ghmbeldphafepmbegfdlkpapadhbakde [2026-04-23]
BRA Extension: (Cookie-Editor) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hlkenndednhfkekhgcdicdfddnkalmdm [2024-10-26]
BRA Extension: (QuillBot: AI Writing and Grammar Checker Tool) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\iidnbdjijdkbmajdffnidomddglmieko [2026-05-09]
BRA Extension: (Tabs to Front v2) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\iiojfifkpjkhcdjfgekmfobhfdohlecg [2025-07-04]
BRA Extension: (Recordify Title Discover) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\kkgbclpocodjecojibeaaglcgndegljl [2025-10-21]
BRA Extension: (YouTube Anti Translate) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ndpmhjnlfkgfalaieeneneenijondgag [2026-05-06]
BRA Extension: (Keepa™ - Amazon Price Tracker) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2026-03-20]
BRA Extension: (Bitwarden Passwortmanager) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2026-04-07]
BRA Extension: (KeePassXC-Browser) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\oboonakemofpalcgghocfoadofidjkkk [2026-04-06]
BRA Extension: (URL Kürzer) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ppbomgglnlamhfilhibbpaoeddkfpdha [2025-09-26]
BRA Extension: (Brave Ad Block Updater (Brave First Party Adblock Filters (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2026-05-08]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2026-05-12]
BRA Extension: (Brave NTP background images) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2026-04-15]
BRA Extension: (Brave Ad Block Updater (Mobile app promo blocker (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2026-05-11]
BRA Extension: (Brave Ad Block Updater (Cookie notice blocker (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2026-05-12]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2025-11-16]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2026-04-16]
BRA Extension: (Brave Ad Block Updater (Brave Default Adblock Filters (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2026-05-12]
BRA Extension: (Brave Ads Resources) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2026-02-21]
BRA Extension: (Brave Ad Block Updater (Brave Default Privacy Filters (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\kihnoaefogbkmblfimmibknnmkllbhlf [2026-05-12]
BRA Extension: (Brave Ad Block Updater (German website ad blocker (plaintext))) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2026-05-12]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2026-05-12]
BRA Extension: (Brave User Agent) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\nlpaeekllejnmhoonlpcefpfnpbajbpe [2026-05-12]
BRA Extension: (Brave NTP sponsored images) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2026-05-12]
BRA Extension: (P3A Configuration) - C:\Users\draftec\AppData\Local\BraveSoftware\Brave-Browser\User Data\P3AConfig [2025-08-07]
Vivaldi:
=======
VIV Profile: C:\Users\draftec\AppData\Local\Vivaldi\User Data\Default [2026-05-11]
VIV Notifications: Default -> hxxps://www.facebook.com
VIV HomePage: Default -> file:///D:/Daten/Internet/Browser-Startseite/Startseite.htm
VIV StartupUrls: Default -> "file:///D:/Daten/Internet/Browser-Startseite/Startseite.htm"
VIV DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&{ddg:Referral}
VIV DefaultSearchKeyword: Default -> d
VIV DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
VIV Extension: (change-language) - C:\Users\draftec\AppData\Local\Vivaldi\User Data\Default\Extensions\cofdbpoegempjloogbagkncekinflcnj [2026-05-07]
VIV Extension: (YouTube Anti Translate) - C:\Users\draftec\AppData\Local\Vivaldi\User Data\Default\Extensions\ndpmhjnlfkgfalaieeneneenijondgag [2026-05-05]
VIV Extension: (Bitwarden Passwortmanager) - C:\Users\draftec\AppData\Local\Vivaldi\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2026-04-07]
VIV Extension: (Grammatik- und Rechtschreibprüfung - LanguageTool) - C:\Users\draftec\AppData\Local\Vivaldi\User Data\Default\Extensions\oldceeleldhonbafppcapldpdifcinji [2026-05-07]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ashbackuppb; c:\Program Files\Ashampoo\Ashampoo Backup Pro 27\bin_x64\backupService.exe [31136 2026-02-04] (Ashampoo GmbH & Co. KG -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2024-10-26] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\148.1.90.121\elevation_service.exe [4675664 2026-05-07] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162968 2024-10-26] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [512512 2026-01-07] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13345088 2026-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [765736 2026-02-12] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
S3 DiscordSystemHelper; C:\Program Files\Common Files\Discord\Discord\DiscordSystemHelper.exe [2247552 2026-04-23] (discord-code-sign-windows-admin -> Discord Inc.)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [208536 2023-12-20] (Nuance Communications Inc. -> Nuance Communications, Inc.)
R2 Everything; C:\Program Files\Everything\Everything.exe [2270376 2025-11-04] (voidtools PTY LTD -> voidtools)
R2 Focusrite Control Server; C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [1297920 2025-11-05] () [Datei ist nicht signiert]
R2 FoxitReaderUpdateService; C:\Program Files\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [3219040 2025-12-12] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [13004248 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11481048 2026-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-12-12] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MpDefenderCoreService.exe [2088128 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [111568 2017-04-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 NativePushService; C:\Users\draftec\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [595864 2024-03-20] (Wondershare Technology Group Co.,Ltd -> Wondershare)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmdsi.inf_amd64_3c06e86fd1dde89a\Display.NvContainer\NVDisplay.Container.exe [1275584 2025-10-10] (NVIDIA Corporation -> NVIDIA Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [21868184 2026-05-05] (Logitech Inc -> Logitech, Inc.)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [512296 2026-02-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [455592 2026-05-02] (NOVASYNC LABS PTE. LTD. -> Sandboxie-Plus.com)
R2 SyspectrAgent; C:\Program Files (x86)\OO Software\Syspectr\OOSysAgent.exe [48592 2022-11-25] (O&O Software GmbH -> O&O Software GmbH)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe [11776 2026-04-01] () [Datei ist nicht signiert]
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [768312 2026-04-18] (Oracle America, Inc. -> Oracle and/or its affiliates)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [401224 2025-09-15] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\NisSrv.exe [4480592 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26030.3011-0\MsMpEng.exe [290744 2026-04-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Windhawk; C:\Program Files\Windhawk\windhawk.exe [835160 2025-12-09] (Open Source Developer, Michael Maltsev -> Ramen Software)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe [20992 2026-04-01] () [Datei ist nicht signiert]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [457768 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
R2 Dokan2; C:\WINDOWS\System32\drivers\dokan2.sys [395400 2023-12-22] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
S3 ebrntdrv; C:\WINDOWS\system32\ebrntdrv.sys [57512 2025-12-25] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [57512 2025-05-26] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2022-12-29] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [77904 2025-10-14] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [24656 2026-01-12] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R3 FocusritePCIeSwRoot; C:\WINDOWS\System32\drivers\FocusritePCIeSwRoot.sys [122112 2025-08-21] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsb; C:\WINDOWS\System32\drivers\FocusriteUsb.sys [186112 2025-08-21] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbAudio; C:\WINDOWS\System32\drivers\FocusriteUsbAudio.sys [113408 2025-08-21] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R3 FocusriteUsbSwRoot; C:\WINDOWS\System32\drivers\FocusriteUsbSwRoot.sys [122112 2025-08-21] (Focusrite Audio Engineering Ltd -> Focusrite Audio Engineering Ltd.)
R2 hasldisk; C:\WINDOWS\System32\drivers\hasldisk.sys [63592 2024-05-11] (Lagerkvist Teknisk Rådgivning i Borås HB -> Olof Lagerkvist)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
S3 JabraDFU; C:\WINDOWS\System32\Drivers\JabraBcDfuX64.sys [54408 2021-04-28] (GN Netcom A/S -> QTI Ltd)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-12-12] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-03-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [43664 2024-12-21] (Chongqing NIUBI Technology Co., Ltd. -> )
R3 MFDriver_Driver; C:\WINDOWS\system32\drivers\MFDriver.sys [32224 2024-11-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 oodivd; C:\WINDOWS\System32\DRIVERS\oodivd.sys [274424 2025-11-25] (O&O Software GmbH -> O&O Software GmbH)
R0 oodivdh; C:\WINDOWS\System32\DRIVERS\oodivdh.sys [60920 2025-11-25] (O&O Software GmbH -> O&O Software GmbH)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [272064 2026-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
R3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [249376 2026-04-18] (Oracle America, Inc. -> Oracle and/or its affiliates)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [259216 2026-04-18] (Oracle America, Inc. -> Oracle and/or its affiliates)
R1 VBoxSup; C:\WINDOWS\system32\DRIVERS\VBoxSup.sys [1059760 2026-04-18] (Oracle America, Inc. -> Oracle and/or its affiliates)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [197232 2026-04-18] (Oracle America, Inc. -> Oracle and/or its affiliates)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21888 2026-04-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [25704 2022-10-03] (WDKTestCert user,132375440089837053 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [647560 2026-04-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2026-04-14] (Microsoft Windows -> Microsoft Corporation)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys (Keine Datei)
S3 HwRwDrv; \??\C:\Users\draftec\AppData\Local\Temp\HwRwDrv.x64 (Keine Datei) <==== ACHTUNG
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-05-12 21:15 - 2026-05-12 21:16 - 000049489 _____ C:\Users\draftec\Desktop\FRST.txt
2026-05-12 21:15 - 2026-05-12 21:16 - 000000000 ____D C:\FRST
2026-05-12 21:13 - 2026-05-12 21:13 - 002448384 _____ (Farbar) C:\Users\draftec\Desktop\FRST64.exe
2026-05-12 21:05 - 2026-05-12 21:05 - 000745650 _____ C:\WINDOWS\system32\perfh007.dat
2026-05-12 21:05 - 2026-05-12 21:05 - 000158752 _____ C:\WINDOWS\system32\perfc007.dat
2026-05-10 12:44 - 2026-05-12 21:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2026-05-10 08:55 - 2026-05-10 08:55 - 000001520 _____ C:\Users\draftec\Desktop\usbwebserver.lnk
2026-05-09 11:42 - 2026-05-09 11:42 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2026-05-08 20:00 - 2026-05-10 22:05 - 000000128 _____ C:\Users\draftec\AppData\Local\PUTTY.RND
2026-05-08 19:20 - 2026-05-09 19:54 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2026-05-08 18:48 - 2026-05-08 18:48 - 000001149 _____ C:\Users\draftec\Desktop\Oracle VirtualBox.lnk
2026-05-07 23:47 - 2026-05-07 23:47 - 000872133 _____ C:\Users\draftec\Downloads\Termios - 69666c4af67177d44466d64d_Quick_start_manual_DE_digital_QF.pdf
2026-05-07 23:44 - 2026-05-07 23:44 - 000284240 _____ C:\Users\draftec\Downloads\Termios - 695e3982351fd1e33e2ade50_Datenschutz_termios.pdf
2026-05-07 23:35 - 2026-05-07 23:35 - 000190473 _____ C:\Users\draftec\Downloads\Termios - 688b61819b365be36ebd5312_Bedienung_termios_DE.pdf
2026-05-07 23:11 - 2026-05-07 23:11 - 005891056 _____ (Corel Corporation) C:\Users\draftec\Downloads\pinnaclestudio_2601_trial.exe
2026-05-07 22:56 - 2026-05-07 22:56 - 058270424 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Users\draftec\Downloads\EaseUS OS2Go - os2go_4.2.0_portable.exe
2026-05-07 20:49 - 2020-12-16 09:16 - 000001531 _____ C:\Users\draftec\Downloads\Ashampoo_Photo_Card_2 – Kostenlose Vollversion.txt
2026-05-07 20:46 - 2026-05-07 20:48 - 424732488 _____ (Ashampoo GmbH & Co. KG ) C:\Users\draftec\Downloads\ashampoo_photo_card_3_43978.exe
2026-05-07 18:38 - 2026-05-07 18:38 - 000000000 _____ C:\Users\draftec\AppData\Local\settingData.dat
2026-05-06 21:29 - 2026-05-06 21:35 - 000000000 ____D C:\Users\draftec\AppData\Local\State
2026-05-06 21:24 - 2026-05-06 21:22 - 134515504 _____ C:\Users\draftec\Downloads\kdenlive-26.04.0.exe
2026-05-05 21:51 - 2026-05-05 21:51 - 000000000 ____D C:\Program Files\Logi
2026-05-05 21:50 - 2026-05-12 21:00 - 000000000 ____D C:\Users\draftec\AppData\Local\LogiOptionsPlus
2026-05-05 21:50 - 2026-05-06 07:42 - 000000000 ____D C:\Users\draftec\AppData\Roaming\logioptionsplus
2026-05-05 21:50 - 2026-05-05 21:50 - 000000931 _____ C:\Users\Public\Desktop\Logi Options+.lnk
2026-05-05 21:50 - 2026-05-05 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2026-05-05 21:50 - 2026-05-05 21:50 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2026-05-04 22:34 - 2026-05-04 22:34 - 000000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenShot Video Editor.lnk
2026-05-04 22:34 - 2026-05-04 22:34 - 000000965 _____ C:\Users\Public\Desktop\OpenShot Video Editor.lnk
2026-05-04 22:33 - 2026-05-04 22:34 - 000000000 ____D C:\Program Files\OpenShot Video Editor
2026-05-03 12:49 - 2026-05-03 12:49 - 000000306 __RSH C:\ProgramData\ntuser.pol
2026-05-01 23:03 - 2026-05-09 20:57 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Signal
2026-05-01 23:03 - 2026-05-01 23:32 - 000001482 _____ C:\Users\draftec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk
2026-05-01 23:03 - 2026-05-01 23:03 - 000002407 _____ C:\Users\draftec\Desktop\Signal.lnk
2026-04-29 19:55 - 2026-04-29 19:55 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2026-04-28 22:42 - 2024-05-11 16:29 - 000063592 _____ (Olof Lagerkvist) C:\WINDOWS\system32\Drivers\hasldisk.sys
2026-04-28 21:10 - 2026-04-29 10:44 - 000001207 _____ C:\Users\draftec\Desktop\Winhance.lnk
2026-04-28 21:03 - 2026-04-28 21:04 - 000000000 ____D C:\Users\draftec\AppData\Local\Winhance
2026-04-28 21:03 - 2026-04-28 21:03 - 000000000 ____D C:\ProgramData\Winhance
2026-04-28 20:29 - 2026-04-28 20:29 - 000000000 ____D C:\WINDOWS\system32\Tasks\Winhance
2026-04-28 19:58 - 2026-04-28 19:58 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache
2026-04-27 21:09 - 2026-04-27 21:09 - 047443286 _____ (CrazyMax ) C:\Users\draftec\Downloads\cryptomator-portable-win64-1.15.2-15-setup.exe
2026-04-27 18:37 - 2026-04-27 18:37 - 000001340 _____ C:\Users\draftec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhraseExpress.lnk
2026-04-27 18:29 - 2026-04-27 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VirtualBox
2026-04-27 16:06 - 2026-04-27 16:02 - 000001024 _____ C:\Users\draftec\Desktop\Cryptomator.lnk
2026-04-27 16:03 - 2026-04-27 21:37 - 000000000 ____D C:\Users\draftec\AppData\Local\Cryptomator
2026-04-27 16:03 - 2026-04-27 21:32 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Cryptomator
2026-04-27 16:02 - 2026-04-27 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2026-04-27 16:02 - 2026-04-27 16:02 - 000000000 ____D C:\ProgramData\Cryptomator
2026-04-27 16:02 - 2026-04-27 16:02 - 000000000 ____D C:\Program Files\Cryptomator
2026-04-27 15:43 - 2026-04-27 15:43 - 056451072 _____ C:\Users\draftec\Downloads\Cryptomator-1.19.2-x64.msi
2026-04-26 23:50 - 2026-04-26 23:50 - 000000000 ____D C:\Users\draftec\AppData\Local\VS Revo Group
2026-04-26 20:06 - 2026-04-26 20:06 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogiOptionsPlus
2026-04-25 15:25 - 2026-04-25 15:25 - 000360003 _____ C:\Users\draftec\Downloads\1.-Todesunternehmen-Karo-Acht.pdf
2026-04-24 18:27 - 2026-03-18 18:10 - 000535805 _____ C:\Users\draftec\Downloads\7996 How_to_flash_the_BIOS.pdf
2026-04-23 21:32 - 2026-04-23 21:33 - 000000000 ____D C:\WINDOWS\Everdoc
2026-04-23 21:32 - 2026-04-23 21:32 - 000001738 _____ C:\Users\Public\Desktop\EverDoc.lnk
2026-04-23 21:32 - 2026-04-23 21:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EverDoc
2026-04-23 21:32 - 2026-04-23 21:32 - 000000000 ____D C:\Program Files\EverDoc
2026-04-21 23:36 - 2026-04-21 23:36 - 000031263 _____ C:\Users\draftec\Downloads\autounattend.xml
2026-04-21 22:49 - 2026-04-22 08:26 - 000000025 _____ C:\WINDOWS\system32\null
2026-04-21 18:55 - 2026-04-21 18:55 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2026-04-21 18:46 - 2026-04-21 18:46 - 000001398 _____ C:\Users\Public\Desktop\Brother iPrint&Scan.lnk
2026-04-20 22:12 - 2026-04-20 22:12 - 000000000 ____D C:\Users\draftec\AppData\Local\Logi
2026-04-20 21:26 - 2026-04-22 19:36 - 000000000 ____D C:\Users\draftec\AppData\Local\Vanderplanki Misc
2026-04-20 21:26 - 2026-04-22 19:36 - 000000000 ____D C:\Users\draftec\AppData\Local\Vanderplanki Data
2026-04-20 21:17 - 2026-04-20 21:17 - 000001893 _____ C:\Users\Public\Desktop\Stellar Data Recovery.lnk
2026-04-20 21:17 - 2026-04-20 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Data Recovery
2026-04-20 21:17 - 2026-04-20 21:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Codec Pack
2026-04-20 21:17 - 2026-04-20 21:17 - 000000000 ____D C:\Program Files\Stellar Data Recovery
2026-04-20 21:17 - 2026-04-20 21:17 - 000000000 ____D C:\Program Files\Stellar Codec Pack
2026-04-20 21:15 - 2026-04-20 21:15 - 027354549 _____ C:\Users\draftec\Downloads\testdisk-7.2.win64.zip
2026-04-20 21:06 - 2026-04-20 21:07 - 188168800 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\draftec\Downloads\StellarDataRecoveryFree.exe
2026-04-20 18:54 - 2026-04-20 18:54 - 000000000 ____D C:\Users\Default\AppData\Local\Logi
2026-04-20 18:54 - 2026-04-20 18:54 - 000000000 ____D C:\ProgramData\Logi
2026-04-20 18:52 - 2026-05-06 07:41 - 000000000 ____D C:\ProgramData\Logishrd
2026-04-20 18:52 - 2026-05-05 21:50 - 000000000 ____D C:\ProgramData\LogiOptionsPlus
2026-04-20 08:17 - 2026-04-20 08:17 - 000000000 ____D C:\Users\draftec\AppData\Local\DiskHealth
2026-04-19 16:40 - 2026-04-19 16:40 - 000003378 _____ C:\WINDOWS\system32\Tasks\DiskHealth
2026-04-19 13:07 - 2026-04-19 13:07 - 000000000 ____D C:\Users\draftec\AppData\Roaming\HopToDesk
2026-04-18 23:05 - 2026-04-15 20:48 - 000000849 _____ C:\Users\draftec\Desktop\Mp3tag.lnk
2026-04-18 19:10 - 2026-04-18 19:10 - 000000813 _____ C:\Users\draftec\Desktop\Dragon Professional Anywhere.lnk
2026-04-18 19:10 - 2026-04-18 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Professional Anywhere
2026-04-18 05:17 - 2026-04-18 05:17 - 001059760 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxSup.sys
2026-04-18 05:17 - 2026-04-18 05:17 - 000259216 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2026-04-18 05:17 - 2026-04-18 05:17 - 000249376 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2026-04-18 05:17 - 2026-04-18 05:17 - 000197232 _____ (Oracle and/or its affiliates) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2026-04-17 21:28 - 2026-04-17 21:28 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\XLMSoft
2026-04-17 21:27 - 2026-04-17 21:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\DesktopOK
2026-04-17 16:35 - 2026-04-17 16:35 - 000001400 _____ C:\Users\draftec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BIOS.lnk
2026-04-17 16:24 - 2026-04-17 16:24 - 000001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
2026-04-17 16:24 - 2026-04-17 16:24 - 000000000 ____D C:\Program Files\pCloud Drive
2026-04-17 16:19 - 2026-04-27 18:37 - 000001332 _____ C:\Users\draftec\Desktop\PhraseExpress.lnk
2026-04-17 15:59 - 2026-04-17 15:59 - 000511914 _____ C:\Users\draftec\Downloads\wakemeonlan-x64.zip
2026-04-17 15:59 - 2026-04-17 15:59 - 000001857 _____ C:\Users\draftec\Downloads\wakemeonlan_german.zip
2026-04-17 15:29 - 2026-04-21 22:53 - 000001460 _____ C:\Users\draftec\Desktop\Soundgeräte umstellen.lnk
2026-04-17 15:29 - 2026-04-21 22:53 - 000001443 _____ C:\Users\draftec\Desktop\CD-Laufwerk.lnk
2026-04-16 21:43 - 2026-04-16 21:43 - 000021122 _____ C:\Users\draftec\Downloads\wvt.ps1
2026-04-16 20:45 - 2026-04-16 20:45 - 000001158 _____ C:\Users\Public\Desktop\EaseUS Partition Master.lnk
2026-04-16 20:45 - 2026-04-16 20:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master
2026-04-16 20:45 - 2026-04-08 15:41 - 000022032 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2026-04-16 20:45 - 2026-04-08 15:39 - 006473744 _____ C:\WINDOWS\system32\BootMan.exe
2026-04-16 20:45 - 2026-02-26 17:54 - 000174096 _____ C:\WINDOWS\system32\setupbrdrvx64.exe
2026-04-16 20:45 - 2026-02-26 17:54 - 000000010 _____ C:\WINDOWS\system32\setupbrdrv.ini
2026-04-16 20:45 - 2025-12-25 09:14 - 000057512 _____ C:\WINDOWS\system32\ebrntdrv.sys
2026-04-16 20:45 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2026-04-15 21:46 - 2026-04-23 21:33 - 000000000 ____D C:\ActMask
2026-04-15 21:46 - 2024-11-01 11:28 - 000613920 _____ (ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\WINDOWS\system32\PrintDisp.exe.exe
2026-04-15 21:46 - 2024-11-01 11:28 - 000613920 _____ (ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\WINDOWS\system32\PrintDisp.exe
2026-04-15 21:46 - 2024-11-01 11:28 - 000613920 _____ (ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\WINDOWS\system32\PrintDisp.dat
2026-04-15 21:46 - 2024-10-27 06:59 - 000055584 _____ (ActMask Co.,Ltd hxxp://ALL2PDF.COM) C:\WINDOWS\system32\spool\prtprocs\x64\ActPrint.dll
2026-04-15 21:46 - 2022-08-05 03:14 - 000863192 _____ (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\WINDOWS\system32\PrtClient.exe
2026-04-15 21:46 - 2020-10-06 23:27 - 005857064 _____ (DynaForms GmbH) C:\WINDOWS\SysWOW64\CPDF6.dll
2026-04-15 21:46 - 2017-03-25 10:01 - 000411272 _____ (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\WINDOWS\SysWOW64\SetPrinter.exe
2026-04-15 21:46 - 2017-03-25 10:01 - 000411272 _____ (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\WINDOWS\system32\SetPrinter.exe
2026-04-15 21:46 - 2015-10-01 06:46 - 000130184 _____ (ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\WINDOWS\system32\PrintCtrl.exe
2026-04-15 21:46 - 2015-07-16 13:35 - 000929792 _____ (ActMask hxxp://www.all2pdf.com) C:\WINDOWS\SysWOW64\SaveTo.dll
2026-04-15 21:46 - 2013-11-03 19:00 - 000532448 _____ (ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\WINDOWS\system32\PrtPass.exe
2026-04-15 21:46 - 2008-01-19 07:36 - 001391616 _____ C:\WINDOWS\SysWOW64\ActPDF.dll
2026-04-15 20:48 - 2026-04-26 19:15 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Mp3tag
2026-04-15 20:48 - 2026-04-17 16:32 - 000000000 ____D C:\Program Files\Mp3tag
2026-04-15 20:48 - 2026-04-15 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2026-04-15 13:13 - 2026-04-15 13:16 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Music Wizard 9
2026-04-14 22:48 - 2026-04-14 22:48 - 000000000 ____D C:\Users\draftec\AppData\Local\Mythicsoft
2026-04-14 22:48 - 2026-04-14 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
2026-04-14 21:20 - 2026-04-14 21:20 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Everything
2026-04-14 21:13 - 2026-04-14 21:13 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\DesktopOK
2026-04-14 21:13 - 2026-04-14 21:13 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\FreeCommanderXE
2026-04-14 21:13 - 2026-04-14 21:13 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\CrashDumps
2026-04-14 21:10 - 2026-04-14 21:10 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Comms
2026-04-14 20:56 - 2026-04-14 20:56 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Brother
2026-04-14 20:56 - 2026-04-14 20:56 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Brother
2026-04-14 20:44 - 2026-04-14 21:20 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Everything
2026-04-14 20:41 - 2026-04-14 20:41 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Highresolution Enterprises
2026-04-14 20:40 - 2026-04-14 21:12 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\PlaceholderTileLogoFolder
2026-04-14 20:40 - 2026-04-14 20:40 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Publishers
2026-04-14 20:38 - 2026-04-14 21:15 - 000000000 ____D C:\Users\draftecNeu
2026-04-14 20:38 - 2026-04-14 21:10 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Packages
2026-04-14 20:38 - 2026-04-14 20:43 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Malwarebytes
2026-04-14 20:38 - 2026-04-14 20:42 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\D3DSCache
2026-04-14 20:38 - 2026-04-14 20:40 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Microsoft\Windows
2026-04-14 20:38 - 2026-04-14 20:38 - 000000020 ___SH C:\Users\draftecNeu\ntuser.ini
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Vorlagen
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Startmenü
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Netzwerkumgebung
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Lokale Einstellungen
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Eigene Dateien
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Druckumgebung
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\AppData\Local\Verlauf
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\AppData\Local\Anwendungsdaten
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 _SHDL C:\Users\draftecNeu\Anwendungsdaten
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ___SD C:\Users\draftecNeu\AppData\Roaming\Microsoft\SystemCertificates
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ___SD C:\Users\draftecNeu\AppData\Roaming\Microsoft\Protect
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ___SD C:\Users\draftecNeu\AppData\Roaming\Microsoft\Crypto
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ___SD C:\Users\draftecNeu\AppData\Roaming\Microsoft\Credentials
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Microsoft\Vault
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Microsoft\Spelling
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Adobe
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\LocalLow\NVIDIA
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Vivaldi
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\VirtualStore
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\NVIDIA Corporation
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\NVIDIA
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\ConnectedDevicesPlatform
2026-04-14 20:38 - 2026-04-14 20:38 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\BraveSoftware
2026-04-14 20:38 - 2025-10-25 10:56 - 000000000 ____D C:\Users\draftecNeu\AppData\Roaming\Microsoft\Network
2026-04-14 20:38 - 2024-10-27 23:58 - 000000000 ____D C:\Users\draftecNeu\AppData\Local\Microsoft Help
2026-04-13 22:25 - 2026-04-13 22:25 - 000000000 ____D C:\Users\draftec\AppData\Roaming\DA-CryptPad
2026-04-13 22:10 - 2026-04-13 22:27 - 000000000 ____D C:\Users\draftec\Downloads\DA-Software - ekiwi Blog
2026-04-13 16:46 - 2026-04-13 17:30 - 000000000 ____D C:\Users\draftec\AppData\Roaming\tutanota-desktop
2026-04-13 16:46 - 2026-04-13 16:46 - 000000000 ____D C:\Users\draftec\AppData\Local\tutanota-desktop-updater
2026-04-13 16:30 - 2026-04-13 16:30 - 000708542 _____ C:\Users\draftec\Downloads\tuta_recovery_kit_draftec_at_tutanota_de.pdf
2026-04-12 20:38 - 2026-04-12 20:38 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusweisApp.lnk
2026-04-12 20:38 - 2026-04-12 20:38 - 000000000 ____D C:\Program Files\AusweisApp
2026-04-12 13:57 - 2026-04-12 13:57 - 001505373 _____ C:\Users\draftec\Downloads\FSME 09_26.pdf
2026-04-12 13:55 - 2026-04-12 13:55 - 000876713 _____ C:\Users\draftec\Downloads\FSME.pdf
2026-04-12 12:46 - 2026-04-12 12:48 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2026-04-12 12:46 - 2026-04-12 12:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\FreeCommanderXE
2026-04-12 12:10 - 2026-04-12 12:11 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\MMC
2026-04-12 12:08 - 2026-04-12 12:08 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-05-12 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-05-12 21:16 - 2026-01-19 15:15 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Ditto
2026-05-12 21:16 - 2025-12-12 09:27 - 000000000 ____D C:\Users\draftec\AppData\Local\Malwarebytes
2026-05-12 21:09 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-05-12 21:09 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-05-12 21:09 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-05-12 21:08 - 2026-01-05 21:23 - 000000000 ____D C:\Users\draftec\AppData\Local\FreeCommanderXE
2026-05-12 21:08 - 2026-01-05 21:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE x64
2026-05-12 21:08 - 2026-01-05 21:23 - 000000000 ____D C:\Program Files\FreeCommander XE
2026-05-12 21:05 - 2025-10-25 10:59 - 001729512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-05-12 21:05 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2026-05-12 20:59 - 2025-10-25 11:01 - 000061612 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-05-12 20:59 - 2025-10-25 10:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-05-12 20:59 - 2024-10-26 14:53 - 000000000 ____D C:\ProgramData\NVIDIA
2026-05-12 20:59 - 2024-10-26 14:23 - 000012288 ___SH C:\DumpStack.log.tmp
2026-05-11 22:41 - 2024-04-01 09:21 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2026-05-11 22:39 - 2024-10-26 19:28 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Everything
2026-05-11 22:39 - 2024-10-26 19:28 - 000000000 ____D C:\Users\draftec\AppData\Local\Everything
2026-05-11 22:13 - 2024-10-26 20:41 - 000000000 ____D C:\Users\draftec\AppData\Roaming\PersBackup6
2026-05-11 22:00 - 2026-04-11 21:22 - 000066560 _____ C:\WINDOWS\dm_batch.bak
2026-05-11 22:00 - 2026-04-11 21:22 - 000000128 _____ C:\WINDOWS\dm.dmap
2026-05-11 21:38 - 2025-10-25 10:53 - 000001575 _____ C:\WINDOWS\system32\config\VSMIDK
2026-05-11 21:20 - 2024-10-26 21:57 - 000000000 ____D C:\Users\draftec\AppData\Roaming\TeleGuard
2026-05-11 16:32 - 2024-10-26 19:51 - 000000000 ____D C:\Users\draftec\AppData\Roaming\XnViewMP
2026-05-11 14:55 - 2025-09-26 12:04 - 000000000 ____D C:\Users\draftec\Downloads\LocalSend
2026-05-11 13:03 - 2025-09-18 20:31 - 000000000 ____D C:\Users\draftec\AppData\Local\KeePassXC
2026-05-11 12:58 - 2025-10-25 10:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-05-11 12:54 - 2026-01-10 22:31 - 000000000 ____D C:\Users\draftec\AppData\Roaming\discord
2026-05-11 12:48 - 2026-03-22 23:39 - 000000000 ____D C:\Users\draftec\AppData\Local\Discord
2026-05-11 11:22 - 2026-04-03 22:43 - 000000000 ____D C:\Users\draftec\Downloads\MSI Treiber
2026-05-10 23:54 - 2026-02-10 20:21 - 000000000 ____D C:\Users\_ashbackuppb_
2026-05-10 23:48 - 2024-10-26 14:56 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Bitwarden
2026-05-10 22:18 - 2024-11-06 13:07 - 000000000 ____D C:\Users\draftec\AppData\Roaming\PhraseExpress
2026-05-10 22:05 - 2024-11-18 19:37 - 000000000 ____D C:\Users\draftec\AppData\Roaming\FileZilla
2026-05-10 21:58 - 2024-10-26 20:56 - 000000527 _____ C:\Users\draftec\.vivaldi_reporting_data
2026-05-10 12:25 - 2024-10-27 02:46 - 000000000 ____D C:\Users\draftec\.smplayer
2026-05-10 02:52 - 2025-12-09 21:48 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Ashampoo Snap 16
2026-05-09 19:54 - 2024-10-26 15:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2026-05-09 12:29 - 2024-10-26 14:29 - 000000000 ____D C:\Users\draftec\AppData\Local\D3DSCache
2026-05-09 11:45 - 2024-10-26 20:56 - 000002208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2026-05-09 11:45 - 2024-10-26 20:56 - 000000000 ____D C:\Program Files\Vivaldi
2026-05-09 11:42 - 2024-10-28 10:35 - 000000000 ____D C:\Program Files\Microsoft Office
2026-05-09 11:38 - 2024-10-26 15:34 - 000001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2026-05-08 19:13 - 2025-10-25 10:32 - 000000000 ____D C:\Users\draftec
2026-05-08 19:07 - 2024-11-08 21:10 - 000000000 ____D C:\Users\draftec\.VirtualBox
2026-05-08 18:32 - 2026-01-10 22:31 - 000002259 _____ C:\Users\draftec\Desktop\Discord.lnk
2026-05-08 14:25 - 2024-12-23 23:00 - 000000000 ____D C:\Users\draftec\.openshot_qt
2026-05-08 14:04 - 2024-10-26 22:42 - 000000000 ____D C:\ProgramData\Wondershare Filmora
2026-05-07 23:43 - 2025-09-26 12:05 - 000000000 ____D C:\!_Test
2026-05-07 23:12 - 2024-10-26 22:00 - 000000000 ____D C:\Users\draftec\AppData\Local\CrashDumps
2026-05-07 20:53 - 2025-12-23 00:07 - 000001078 _____ C:\Users\Public\Desktop\Ashampoo Photo Card 3.lnk
2026-05-07 20:53 - 2025-04-15 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2026-05-07 20:47 - 2024-10-28 17:53 - 000000000 ____D C:\Users\draftec\AppData\Roaming\AIMP
2026-05-07 18:46 - 2024-10-26 15:15 - 000002362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2026-05-06 21:32 - 2024-11-10 17:35 - 000000000 ____D C:\Users\draftec\AppData\Local\cache
2026-05-06 21:30 - 2024-12-27 18:06 - 000000000 ____D C:\Users\draftec\AppData\Local\mime
2026-05-06 20:44 - 2025-09-12 07:52 - 000002051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banking4 Home.lnk
2026-05-06 20:44 - 2024-10-26 21:23 - 000000000 ____D C:\Program Files (x86)\TopBanking4
2026-05-06 18:10 - 2024-12-17 20:23 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\UniGetUI.lnk
2026-05-06 18:10 - 2024-10-26 19:42 - 000000859 _____ C:\Users\Public\Desktop\UniGetUI.lnk
2026-05-06 18:10 - 2024-10-26 19:42 - 000000000 ____D C:\Program Files\UniGetUI
2026-05-06 18:09 - 2024-10-26 19:42 - 000000000 ____D C:\Users\draftec\AppData\Local\UniGetUI
2026-05-05 21:29 - 2024-10-26 14:27 - 000000000 ____D C:\Users\draftec\AppData\Local\Packages
2026-05-04 22:46 - 2024-10-26 15:11 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Joplin
2026-05-04 22:20 - 2024-10-26 14:56 - 000001273 _____ C:\Users\draftec\Desktop\Youtube DLP.lnk
2026-05-04 20:12 - 2024-10-26 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView MP
2026-05-04 20:12 - 2024-10-26 19:51 - 000000000 ____D C:\Program Files\XnViewMP
2026-05-04 20:11 - 2026-03-24 20:28 - 000000894 _____ C:\Users\draftec\Desktop\Sandboxie-Plus.lnk
2026-05-04 20:11 - 2026-03-24 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie-Plus
2026-05-04 20:11 - 2026-03-24 20:28 - 000000000 ____D C:\Program Files\Sandboxie-Plus
2026-05-04 20:11 - 2025-09-27 23:41 - 000000000 ____D C:\Program Files\REAPER
2026-05-04 20:10 - 2024-10-28 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2026-05-04 20:10 - 2024-10-28 17:49 - 000000000 ____D C:\Program Files\Calibre2
2026-05-04 08:27 - 2025-09-13 20:04 - 000000000 ____D C:\Users\draftec\AppData\Local\Sentry
2026-05-03 17:54 - 2024-12-01 02:01 - 000000000 ____D C:\Users\draftec\AppData\Local\pCloud
2026-05-01 08:17 - 2024-10-27 00:23 - 000012761 _____ C:\WINDOWS\BRRBCOM.INI
2026-05-01 07:44 - 2025-10-25 10:57 - 000003754 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-05-01 07:44 - 2025-10-25 10:57 - 000003704 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{822B9880-9F64-4B3E-8D24-DF39AE2C3F8F}
2026-04-30 10:20 - 2024-10-26 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6
2026-04-30 09:43 - 2025-10-16 21:24 - 000001375 _____ C:\Users\draftec\Desktop\Thunderbird Profilsicherung.lnk
2026-04-29 19:01 - 2025-04-29 21:33 - 000002117 _____ C:\Users\draftec\Desktop\woelkli NextCloud Sicherung.lnk
2026-04-28 21:10 - 2025-01-25 13:29 - 000000000 ____D C:\PortableApps
2026-04-28 20:28 - 2024-10-26 14:26 - 000000000 ____D C:\ProgramData\Packages
2026-04-28 20:15 - 2025-10-25 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2026-04-28 20:15 - 2025-10-25 11:51 - 000000000 ____D C:\Program Files\AIMP
2026-04-27 18:37 - 2024-10-26 20:09 - 000000000 ____D C:\ProgramData\ICS-OpenSSL
2026-04-27 18:31 - 2025-12-30 12:45 - 000000865 _____ C:\Users\Public\Desktop\PDFgear.lnk
2026-04-27 18:31 - 2025-12-30 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFgear
2026-04-27 18:31 - 2025-12-30 12:45 - 000000000 ____D C:\Program Files\PDFgear
2026-04-27 18:29 - 2025-11-05 22:50 - 000000000 ____D C:\Program Files\Oracle
2026-04-27 18:28 - 2024-10-26 19:45 - 000000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2026-04-27 18:28 - 2024-10-26 19:45 - 000000000 ____D C:\Users\draftec\AppData\Roaming\Notepad++
2026-04-26 20:07 - 2024-10-27 00:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Everything
2026-04-24 12:25 - 2025-11-29 13:20 - 000000000 ____D C:\ProgramData\TEMP
2026-04-23 21:33 - 2024-10-28 17:37 - 000000000 ____D C:\Users\draftec\AppData\Local\Abelssoft
2026-04-21 22:54 - 2024-10-26 14:56 - 000001316 _____ C:\Users\draftec\Desktop\RustDesk Dienste.lnk
2026-04-21 18:46 - 2024-10-27 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2026-04-21 18:46 - 2024-10-27 00:25 - 000000000 ____D C:\Program Files (x86)\Browny02
2026-04-21 18:46 - 2024-10-26 14:52 - 000000000 ____D C:\ProgramData\Package Cache
2026-04-20 22:07 - 2024-10-27 00:53 - 000000000 ____D C:\ProgramData\firebird
2026-04-20 21:04 - 2024-10-27 21:49 - 000000000 ____D C:\Users\draftec\AppData\Roaming\JAM Software
2026-04-20 20:39 - 2024-12-21 16:47 - 000000000 ___HD C:\Users\draftec\p2Mtplayer
2026-04-20 20:01 - 2024-11-08 22:15 - 000000000 ____D C:\Program Files\SoftMaker Office 2024
2026-04-19 16:39 - 2025-12-07 14:56 - 000000000 ____D C:\ProgramData\SystemAcCrux
2026-04-19 13:34 - 2026-03-26 21:50 - 000002469 _____ C:\Users\Public\Desktop\O&O DiskImage Premium.lnk
2026-04-19 12:48 - 2024-10-26 14:38 - 000000000 ____D C:\Users\draftec\AppData\Local\NVIDIA Corporation
2026-04-19 12:25 - 2024-10-26 20:41 - 000000000 ____D C:\Program Files\Personal Backup 6
2026-04-18 19:10 - 2025-01-06 16:04 - 000000000 ____D C:\Dragon-Cache
2026-04-17 22:08 - 2026-01-03 00:16 - 000000000 ____D C:\Users\draftec\AppData\Local\RoboMirror
2026-04-17 21:29 - 2024-10-27 00:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Everything
2026-04-17 16:32 - 2025-10-25 10:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2026-04-17 16:32 - 2024-10-27 00:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2026-04-17 16:05 - 2024-10-26 19:34 - 000000000 ____D C:\Users\draftec\AppData\Local\OO Software
2026-04-16 20:52 - 2025-12-07 17:08 - 000000000 ____D C:\ProgramData\EaseUS
2026-04-16 20:47 - 2024-10-27 00:30 - 000000000 ____D C:\Program Files\dotnet
2026-04-16 20:46 - 2024-10-27 00:30 - 000000000 ____D C:\Program Files (x86)\dotnet
2026-04-15 16:48 - 2024-10-26 23:44 - 000000000 ____D C:\Program Files\freac
2026-04-15 16:40 - 2024-10-28 17:05 - 000000000 ____D C:\Program Files (x86)\Music Wizard
2026-04-14 22:36 - 2024-10-26 19:28 - 000000000 ____D C:\Program Files\Everything
2026-04-14 22:29 - 2025-10-25 10:53 - 000837360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2026-04-14 22:28 - 2024-04-01 18:35 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2026-04-14 22:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2026-04-14 21:30 - 2024-10-26 14:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2026-04-14 21:27 - 2024-10-26 14:30 - 218249592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2026-04-14 21:22 - 2025-09-12 22:20 - 000000000 ____D C:\Program Files\DramaQueen
2026-04-14 21:22 - 2024-10-26 23:35 - 000000000 ____D C:\Users\draftec\AppData\Roaming\DramaQueen
2026-04-14 21:12 - 2025-10-25 10:53 - 003268096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2026-04-14 20:40 - 2024-10-26 14:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2026-04-14 20:38 - 2026-03-20 08:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\SoftLanding
2026-04-14 20:38 - 2024-10-26 14:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2026-04-13 17:42 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2026-04-12 12:10 - 2024-10-27 00:35 - 000002409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2026-04-12 11:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\registration
2026-04-12 11:09 - 2024-10-28 17:50 - 000000000 ____D C:\Users\draftec\AppData\Roaming\calibre
2026-04-12 11:09 - 2024-10-28 17:50 - 000000000 ____D C:\Users\draftec\AppData\Local\calibre-cache
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-10-01 16:10 - 2020-10-01 16:10 - 000002010 _____ () C:\Program Files (x86)\Schreib einfach..lnk
2026-05-08 20:00 - 2026-05-10 22:05 - 000000128 _____ () C:\Users\draftec\AppData\Local\PUTTY.RND
2026-05-07 18:38 - 2026-05-07 18:38 - 000000000 _____ () C:\Users\draftec\AppData\Local\settingData.dat
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
__________________ Mit freundlichen Grüßen Ralf Pappers |
| Themen zu Windows 11 verhält sich merkwürdig |
| automatisch, betriebssystem, desktop, erstellt, formatieren, gesperrt, hallo zusammen, home, jahre, langsam, link, malwarebytes, meldung, merkwürdig, passwort, plötzlich, rechner, scan, scannen, sicherheitswarnung, system, webseiten, windows, zugriff, öffnen |
Baum-Darstellung