| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RAT Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.10.2016, 13:38
| #1 |
| |  RAT Trojaner? Hallo! Heute hat sich mir während der PC Nutzung die Maus bewegt, ein neues Chrome Fenster geöffnet und jemand wollte mir pazpal öffnen. Gut, dass ich ein deutsches Keyboard Layout habe und es mir ein paar Sekunden gegeben hat noch das Netzwerkkabel zu ziehen und den PC runterzufahren. Malwarebytes hat nichts gefunden, jedoch Avira (ja ich weiß, ich wollte nur schnell etwas machen). Code:
ATTFilter
Free Antivirus
Report file date: Thursday, October 27, 2016 12:21
The program is running as an unrestricted full version.
Online services are available.
Licensee : Free
Serial number : 0000149996-AVHOE-0000001
Platform : Windows 10 Education
Windows version : (plain) [10.0.14393]
Boot mode : Normally booted
Username : Gregor
Computer name : DESKTOP-5EGOQLI
Version information:
build.dat : 15.0.23.58 92766 Bytes 17/10/2016 12:18:00
AVSCAN.EXE : 15.0.23.58 1483560 Bytes 17/10/2016 11:18:31
AVSCANRC.DLL : 15.0.23.48 54456 Bytes 17/10/2016 11:18:31
LUKE.DLL : 15.0.23.58 80224 Bytes 17/10/2016 11:18:33
AVSCPLR.DLL : 15.0.23.58 144560 Bytes 17/10/2016 11:18:31
REPAIR.DLL : 15.0.23.58 687424 Bytes 17/10/2016 11:18:30
repair.rdf : 1.0.21.14 1799772 Bytes 27/10/2016 11:15:40
AVREG.DLL : 15.0.23.58 427864 Bytes 17/10/2016 11:18:30
avlode.dll : 15.0.23.58 786256 Bytes 17/10/2016 11:18:30
avlode.rdf : 14.0.5.62 142475 Bytes 27/10/2016 11:15:40
XBV00006.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00007.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00008.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00009.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00010.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00011.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00012.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00013.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00014.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00015.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00016.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00017.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00018.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00019.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00020.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00021.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00022.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00023.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00024.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00025.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00026.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00027.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00028.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00029.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00030.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00031.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00032.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00033.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00034.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00035.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00036.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00037.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00038.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00039.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00040.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00041.VDF : 8.12.107.34 2048 Bytes 27/07/2016 11:18:34
XBV00166.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00167.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00168.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00169.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00170.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00171.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00172.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00173.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:34
XBV00174.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00175.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00176.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00177.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00178.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00179.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00180.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00181.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00182.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00183.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00184.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00185.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00186.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00187.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00188.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00189.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00190.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00191.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00192.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00193.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00194.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00195.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00196.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00197.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00198.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00199.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00200.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00201.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00202.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00203.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00204.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00205.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00206.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00207.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00208.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00209.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00210.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00211.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00212.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00213.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00214.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00215.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00216.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00217.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00218.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00219.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00220.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00221.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00222.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00223.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00224.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00225.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00226.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00227.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00228.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00229.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00230.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00231.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00232.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00233.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00234.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00235.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00236.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00237.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00238.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00239.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00240.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00241.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00242.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00243.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00244.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00245.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00246.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00247.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00248.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00249.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00250.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00251.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00252.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00253.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00254.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00255.VDF : 8.12.125.14 2048 Bytes 11/10/2016 11:18:35
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 11:18:34
XBV00001.VDF : 7.11.237.0 48041984 Bytes 02/06/2015 11:18:34
XBV00002.VDF : 7.12.106.228 44941312 Bytes 27/07/2016 11:18:34
XBV00003.VDF : 8.12.113.174 5299200 Bytes 22/08/2016 11:18:34
XBV00004.VDF : 8.12.118.140 3998720 Bytes 15/09/2016 11:18:34
XBV00005.VDF : 8.12.125.14 6024704 Bytes 11/10/2016 11:18:34
XBV00042.VDF : 8.12.125.16 10240 Bytes 11/10/2016 11:18:34
XBV00043.VDF : 8.12.125.18 21504 Bytes 11/10/2016 11:18:34
XBV00044.VDF : 8.12.125.20 14336 Bytes 11/10/2016 11:18:34
XBV00045.VDF : 8.12.125.24 112640 Bytes 12/10/2016 11:18:34
XBV00046.VDF : 8.12.125.26 18432 Bytes 12/10/2016 11:18:34
XBV00047.VDF : 8.12.125.28 2048 Bytes 12/10/2016 11:18:34
XBV00048.VDF : 8.12.125.30 22528 Bytes 12/10/2016 11:18:34
XBV00049.VDF : 8.12.125.46 13824 Bytes 12/10/2016 11:18:34
XBV00050.VDF : 8.12.125.48 2048 Bytes 12/10/2016 11:18:34
XBV00051.VDF : 8.12.125.66 51712 Bytes 12/10/2016 11:18:34
XBV00052.VDF : 8.12.125.82 22016 Bytes 12/10/2016 11:18:34
XBV00053.VDF : 8.12.125.100 114176 Bytes 13/10/2016 11:18:34
XBV00054.VDF : 8.12.125.102 25600 Bytes 13/10/2016 11:18:34
XBV00055.VDF : 8.12.125.104 10752 Bytes 13/10/2016 11:18:34
XBV00056.VDF : 8.12.125.106 2048 Bytes 13/10/2016 11:18:34
XBV00057.VDF : 8.12.125.110 111104 Bytes 13/10/2016 11:18:34
XBV00058.VDF : 8.12.125.126 9728 Bytes 13/10/2016 11:18:34
XBV00059.VDF : 8.12.125.140 9728 Bytes 13/10/2016 11:18:34
XBV00060.VDF : 8.12.125.154 12800 Bytes 13/10/2016 11:18:34
XBV00061.VDF : 8.12.125.168 19968 Bytes 13/10/2016 11:18:34
XBV00062.VDF : 8.12.125.172 95232 Bytes 14/10/2016 11:18:34
XBV00063.VDF : 8.12.125.174 30720 Bytes 14/10/2016 11:18:34
XBV00064.VDF : 8.12.125.176 18432 Bytes 14/10/2016 11:18:34
XBV00065.VDF : 8.12.125.178 11776 Bytes 14/10/2016 11:18:34
XBV00066.VDF : 8.12.125.180 13312 Bytes 14/10/2016 11:18:34
XBV00067.VDF : 8.12.125.184 86528 Bytes 14/10/2016 11:18:34
XBV00068.VDF : 8.12.125.210 10752 Bytes 14/10/2016 11:18:34
XBV00069.VDF : 8.12.125.224 20992 Bytes 14/10/2016 11:18:34
XBV00070.VDF : 8.12.125.238 16384 Bytes 14/10/2016 11:18:34
XBV00071.VDF : 8.12.125.252 16384 Bytes 14/10/2016 11:18:34
XBV00072.VDF : 8.12.126.0 105472 Bytes 15/10/2016 11:18:34
XBV00073.VDF : 8.12.126.2 17920 Bytes 15/10/2016 11:18:34
XBV00074.VDF : 8.12.126.4 2048 Bytes 15/10/2016 11:18:34
XBV00075.VDF : 8.12.126.6 16384 Bytes 15/10/2016 11:18:34
XBV00076.VDF : 8.12.126.8 15360 Bytes 15/10/2016 11:18:34
XBV00077.VDF : 8.12.126.12 202752 Bytes 16/10/2016 11:18:34
XBV00078.VDF : 8.12.126.14 2048 Bytes 16/10/2016 11:18:34
XBV00079.VDF : 8.12.126.26 29696 Bytes 16/10/2016 11:18:34
XBV00080.VDF : 8.12.126.38 15872 Bytes 16/10/2016 11:18:34
XBV00081.VDF : 8.12.126.50 15872 Bytes 16/10/2016 11:18:34
XBV00082.VDF : 8.12.126.64 171520 Bytes 17/10/2016 11:15:33
XBV00083.VDF : 8.12.126.66 2048 Bytes 17/10/2016 11:15:33
XBV00084.VDF : 8.12.126.68 15360 Bytes 17/10/2016 11:15:33
XBV00085.VDF : 8.12.126.70 18432 Bytes 17/10/2016 11:15:33
XBV00086.VDF : 8.12.126.72 22528 Bytes 17/10/2016 11:15:33
XBV00087.VDF : 8.12.126.76 114176 Bytes 17/10/2016 11:15:33
XBV00088.VDF : 8.12.126.80 10752 Bytes 17/10/2016 11:15:33
XBV00089.VDF : 8.12.126.82 12800 Bytes 17/10/2016 11:15:33
XBV00090.VDF : 8.12.126.84 13824 Bytes 17/10/2016 11:15:33
XBV00091.VDF : 8.12.126.88 109568 Bytes 18/10/2016 11:15:33
XBV00092.VDF : 8.12.126.100 2048 Bytes 18/10/2016 11:15:33
XBV00093.VDF : 8.12.126.110 19968 Bytes 18/10/2016 11:15:33
XBV00094.VDF : 8.12.126.120 11264 Bytes 18/10/2016 11:15:33
XBV00095.VDF : 8.12.126.130 12800 Bytes 18/10/2016 11:15:33
XBV00096.VDF : 8.12.126.132 13824 Bytes 18/10/2016 11:15:33
XBV00097.VDF : 8.12.126.134 31232 Bytes 18/10/2016 11:15:33
XBV00098.VDF : 8.12.126.136 56320 Bytes 18/10/2016 11:15:33
XBV00099.VDF : 8.12.126.138 2048 Bytes 18/10/2016 11:15:33
XBV00100.VDF : 8.12.126.140 22016 Bytes 18/10/2016 11:15:34
XBV00101.VDF : 8.12.126.142 13824 Bytes 18/10/2016 11:15:34
XBV00102.VDF : 8.12.126.144 31744 Bytes 18/10/2016 11:15:34
XBV00103.VDF : 8.12.126.146 45056 Bytes 19/10/2016 11:15:34
XBV00104.VDF : 8.12.126.148 2048 Bytes 19/10/2016 11:15:34
XBV00105.VDF : 8.12.126.150 17920 Bytes 19/10/2016 11:15:34
XBV00106.VDF : 8.12.126.152 11776 Bytes 19/10/2016 11:15:34
XBV00107.VDF : 8.12.126.170 14336 Bytes 19/10/2016 11:15:34
XBV00108.VDF : 8.12.126.190 2048 Bytes 19/10/2016 11:15:34
XBV00109.VDF : 8.12.126.208 2560 Bytes 19/10/2016 11:15:34
XBV00110.VDF : 8.12.126.226 60928 Bytes 19/10/2016 11:15:34
XBV00111.VDF : 8.12.126.244 24576 Bytes 19/10/2016 11:15:34
XBV00112.VDF : 8.12.127.6 14848 Bytes 19/10/2016 11:15:34
XBV00113.VDF : 8.12.127.24 11264 Bytes 19/10/2016 11:15:34
XBV00114.VDF : 8.12.127.42 13312 Bytes 19/10/2016 11:15:34
XBV00115.VDF : 8.12.127.60 11776 Bytes 19/10/2016 11:15:34
XBV00116.VDF : 8.12.127.78 2048 Bytes 19/10/2016 11:15:34
XBV00117.VDF : 8.12.127.98 105984 Bytes 20/10/2016 11:15:34
XBV00118.VDF : 8.12.127.100 26624 Bytes 20/10/2016 11:15:34
XBV00119.VDF : 8.12.127.118 2048 Bytes 20/10/2016 11:15:34
XBV00120.VDF : 8.12.127.136 29184 Bytes 20/10/2016 11:15:34
XBV00121.VDF : 8.12.127.154 14336 Bytes 20/10/2016 11:15:34
XBV00122.VDF : 8.12.127.206 125952 Bytes 20/10/2016 11:15:34
XBV00123.VDF : 8.12.127.224 2048 Bytes 20/10/2016 11:15:34
XBV00124.VDF : 8.12.127.242 2048 Bytes 20/10/2016 11:15:34
XBV00125.VDF : 8.12.128.4 35840 Bytes 20/10/2016 11:15:35
XBV00126.VDF : 8.12.128.22 12800 Bytes 20/10/2016 11:15:35
XBV00127.VDF : 8.12.128.42 84480 Bytes 21/10/2016 11:15:35
XBV00128.VDF : 8.12.128.60 25600 Bytes 21/10/2016 11:15:35
XBV00129.VDF : 8.12.128.78 4608 Bytes 21/10/2016 11:15:35
XBV00130.VDF : 8.12.128.96 35840 Bytes 21/10/2016 11:15:35
XBV00131.VDF : 8.12.128.132 183296 Bytes 21/10/2016 11:15:36
XBV00132.VDF : 8.12.128.150 2048 Bytes 21/10/2016 11:15:36
XBV00133.VDF : 8.12.128.152 2048 Bytes 21/10/2016 11:15:36
XBV00134.VDF : 8.12.128.170 32256 Bytes 21/10/2016 11:15:36
XBV00135.VDF : 8.12.128.188 18944 Bytes 21/10/2016 11:15:36
XBV00136.VDF : 8.12.128.210 100864 Bytes 22/10/2016 11:15:36
XBV00137.VDF : 8.12.128.242 58368 Bytes 22/10/2016 11:15:36
XBV00138.VDF : 8.12.129.4 24064 Bytes 22/10/2016 11:15:36
XBV00139.VDF : 8.12.129.22 125952 Bytes 23/10/2016 11:15:36
XBV00140.VDF : 8.12.129.40 2048 Bytes 23/10/2016 11:15:36
XBV00141.VDF : 8.12.129.58 23040 Bytes 23/10/2016 11:15:36
XBV00142.VDF : 8.12.129.76 13312 Bytes 23/10/2016 11:15:36
XBV00143.VDF : 8.12.129.94 90112 Bytes 24/10/2016 11:15:36
XBV00144.VDF : 8.12.129.110 16896 Bytes 24/10/2016 11:15:36
XBV00145.VDF : 8.12.129.124 12288 Bytes 24/10/2016 11:15:36
XBV00146.VDF : 8.12.129.140 60928 Bytes 24/10/2016 11:15:36
XBV00147.VDF : 8.12.129.154 2048 Bytes 24/10/2016 11:15:36
XBV00148.VDF : 8.12.129.156 2048 Bytes 24/10/2016 11:15:36
XBV00149.VDF : 8.12.129.158 18944 Bytes 24/10/2016 11:15:36
XBV00150.VDF : 8.12.129.160 13312 Bytes 24/10/2016 11:15:36
XBV00151.VDF : 8.12.129.166 58880 Bytes 25/10/2016 11:15:36
XBV00152.VDF : 8.12.129.168 45056 Bytes 25/10/2016 11:15:36
XBV00153.VDF : 8.12.129.170 27648 Bytes 25/10/2016 11:15:36
XBV00154.VDF : 8.12.129.188 88576 Bytes 25/10/2016 11:15:36
XBV00155.VDF : 8.12.129.202 22528 Bytes 25/10/2016 11:15:36
XBV00156.VDF : 8.12.129.216 17920 Bytes 25/10/2016 11:15:36
XBV00157.VDF : 8.12.129.244 99840 Bytes 26/10/2016 11:15:36
XBV00158.VDF : 8.12.130.2 2048 Bytes 26/10/2016 11:15:36
XBV00159.VDF : 8.12.130.16 22528 Bytes 26/10/2016 11:15:36
XBV00160.VDF : 8.12.130.30 48128 Bytes 26/10/2016 11:15:36
XBV00161.VDF : 8.12.130.46 30720 Bytes 26/10/2016 11:15:36
XBV00162.VDF : 8.12.130.58 97280 Bytes 26/10/2016 11:15:37
XBV00163.VDF : 8.12.130.82 135168 Bytes 27/10/2016 11:15:37
XBV00164.VDF : 8.12.130.94 2048 Bytes 27/10/2016 11:15:37
XBV00165.VDF : 8.12.130.116 19456 Bytes 27/10/2016 11:15:37
LOCAL001.VDF : 8.12.130.116 182472192 Bytes 27/10/2016 11:15:56
Engine version : 8.3.42.28
AEBB.DLL : 8.1.3.0 59296 Bytes 17/10/2016 11:18:29
AECORE.DLL : 8.3.12.4 247720 Bytes 17/10/2016 11:18:29
AECRYPTO.DLL : 8.2.1.0 129904 Bytes 17/10/2016 11:18:29
AEDROID.DLL : 8.4.3.384 2726768 Bytes 27/10/2016 11:15:39
AEEMU.DLL : 8.1.3.8 404328 Bytes 17/10/2016 11:18:29
AEEXP.DLL : 8.4.3.2 325536 Bytes 27/10/2016 11:15:38
AEGEN.DLL : 8.1.8.216 609136 Bytes 27/10/2016 11:15:37
AEHELP.DLL : 8.3.2.10 284584 Bytes 17/10/2016 11:18:29
AEHEUR.DLL : 8.1.4.2544 10532776 Bytes 27/10/2016 11:15:38
AELIBINF.DLL : 8.2.1.4 68464 Bytes 17/10/2016 11:18:29
AEMOBILE.DLL : 8.1.18.0 346024 Bytes 27/10/2016 11:15:39
AEOFFICE.DLL : 8.3.6.50 538536 Bytes 27/10/2016 11:15:38
AEPACK.DLL : 8.4.2.22 805744 Bytes 17/10/2016 11:18:29
AERDL.DLL : 8.2.1.46 812960 Bytes 17/10/2016 11:18:29
AESBX.DLL : 8.2.22.4 1633128 Bytes 17/10/2016 11:18:29
AESCN.DLL : 8.3.4.6 141216 Bytes 17/10/2016 11:18:29
AESCRIPT.DLL : 8.3.1.16 707440 Bytes 27/10/2016 11:15:38
AEVDF.DLL : 8.3.3.4 142184 Bytes 17/10/2016 11:18:29
AVWINLL.DLL : 15.0.23.48 29200 Bytes 17/10/2016 11:18:31
AVPREF.DLL : 15.0.23.48 55456 Bytes 17/10/2016 11:18:30
AVREP.DLL : 15.0.23.48 223400 Bytes 17/10/2016 11:18:30
AVARKT.DLL : 15.0.23.48 229032 Bytes 17/10/2016 11:18:29
SQLITE3.DLL : 15.0.23.48 459752 Bytes 17/10/2016 11:18:34
AVSMTP.DLL : 15.0.23.48 80200 Bytes 17/10/2016 11:18:31
NETNT.DLL : 15.0.23.48 16880 Bytes 17/10/2016 11:18:33
CommonImageRc.dll: 15.0.23.48 4099760 Bytes 17/10/2016 11:18:33
CommonTextRc.dll: 15.0.23.48 70400 Bytes 17/10/2016 11:18:33
Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files (x86)\Avira\Antivirus\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:, K:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................:
Start of the scan: Thursday, October 27, 2016 12:21
Start scanning boot sectors:
Boot sector 'HDD2(C:, K:)'
[INFO] No virus was found!
Boot sector 'HDD1(D:)'
[INFO] No virus was found!
Boot sector 'HDD0(F:)'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'dwm.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '233' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'OfficeClickToRun.exe' - '102' Module(s) have been scanned
Scan process 'nvwirelesscontroller.exe' - '37' Module(s) have been scanned
Scan process 'DbxSvc.exe' - '27' Module(s) have been scanned
Scan process 'NVDisplay.Container.exe' - '43' Module(s) have been scanned
Scan process 'RzSDKService.exe' - '36' Module(s) have been scanned
Scan process 'GameScannerService.exe' - '74' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'nvcontainer.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '66' Module(s) have been scanned
Scan process 'sihost.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '58' Module(s) have been scanned
Scan process 'taskhostw.exe' - '65' Module(s) have been scanned
Scan process 'DropboxUpdate.exe' - '54' Module(s) have been scanned
Scan process 'RuntimeBroker.exe' - '100' Module(s) have been scanned
Scan process 'Explorer.EXE' - '265' Module(s) have been scanned
Scan process 'nvcontainer.exe' - '74' Module(s) have been scanned
Scan process 'ShellExperienceHost.exe' - '120' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned
Scan process 'SkypeHost.exe' - '153' Module(s) have been scanned
Scan process 'NVIDIA Web Helper.exe' - '95' Module(s) have been scanned
Scan process 'conhost.exe' - '29' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'nvtray.exe' - '51' Module(s) have been scanned
Scan process 'SettingSyncHost.exe' - '82' Module(s) have been scanned
Scan process 'smartscreen.exe' - '86' Module(s) have been scanned
Scan process 'MSASCuiL.exe' - '48' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '57' Module(s) have been scanned
Scan process 'Greenshot.exe' - '75' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'OneDrive.exe' - '128' Module(s) have been scanned
Scan process 'Steam.exe' - '133' Module(s) have been scanned
Scan process 'chrome.exe' - '124' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'iPodService.exe' - '32' Module(s) have been scanned
Scan process 'nvspcaps64.exe' - '74' Module(s) have been scanned
Scan process 'chrome.exe' - '76' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'NVIDIA Share.exe' - '90' Module(s) have been scanned
Scan process 'steamwebhelper.exe' - '76' Module(s) have been scanned
Scan process 'NVIDIA Share.exe' - '65' Module(s) have been scanned
Scan process 'SteamService.exe' - '56' Module(s) have been scanned
Scan process 'Discord.exe' - '120' Module(s) have been scanned
Scan process 'Discord.exe' - '78' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '44' Module(s) have been scanned
Scan process 'hostex.exe' - '74' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '44' Module(s) have been scanned
Scan process 'RzSynapse.exe' - '159' Module(s) have been scanned
Scan process 'Discord.exe' - '74' Module(s) have been scanned
Scan process 'Dropbox.exe' - '214' Module(s) have been scanned
Scan process 'fontdrvhost.exe' - '10' Module(s) have been scanned
Scan process 'Agile1pAgent.exe' - '65' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'DllHost.exe' - '30' Module(s) have been scanned
Scan process 'SearchUI.exe' - '139' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '117' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '149' Module(s) have been scanned
Scan process 'ApplicationFrameHost.exe' - '51' Module(s) have been scanned
Scan process 'MSASCui.exe' - '55' Module(s) have been scanned
Scan process 'avguard.exe' - '131' Module(s) have been scanned
Scan process 'avshadow.exe' - '45' Module(s) have been scanned
Scan process 'sched.exe' - '83' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'Avira.SystemSpeedup.SpeedupService.exe' - '110' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'Avira.VpnService.exe' - '86' Module(s) have been scanned
Scan process 'avcenter.exe' - '130' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'avscan.exe' - '119' Module(s) have been scanned
Scan process 'vssvc.exe' - '37' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '36' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '23' Module(s) have been scanned
Scan process 'winlogon.exe' - '38' Module(s) have been scanned
Scan process 'lsass.exe' - '100' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '2075' files ).
Starting the file scan:
Begin scan in 'C:\'
[0] Archive type: Runtime Packed
--> C:\Users\Gregor\cheavy.7z
[1] Archive type: 7-Zip
--> Maintrance/start.exe
[DETECTION] Is the TR/ATRAPS.vqpab Trojan
[WARNING] Infected files in archives cannot be repaired
C:\Users\Gregor\cheavy.7z
[DETECTION] Is the TR/ATRAPS.vqpab Trojan
Begin scan in 'D:\' <Games>
Begin scan in 'F:\' <Data Dump>
Begin scan in 'K:\' <Windows 7>
K:\hiberfil.sys
[WARNING] The file could not be opened!
Beginning disinfection:
C:\Users\Gregor\cheavy.7z
[DETECTION] Is the TR/ATRAPS.vqpab Trojan
[NOTE] The file was moved to the quarantine directory under the name '385e49a8.qua'!
End of the scan: Thursday, October 27, 2016 13:19
Used time: 58:02 Minute(s)
The scan has been done completely.
81635 Scanned directories
3180533 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
3180530 Files not concerned
21678 Archives were scanned
2 Warnings
1 Notes
338306 Objects were scanned with rootkit scan
0 Hidden objects were found
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/27/2016 Scan Time: 1:31 PM Logfile: AMB.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.27.05 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Gregor Scan Type: Threat Scan Result: Completed Objects Scanned: 345893 Time Elapsed: 3 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/27/2016 Scan Time: 1:31 PM Logfile: AMB.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.27.05 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Gregor Scan Type: Threat Scan Result: Completed Objects Scanned: 345893 Time Elapsed: 3 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Gregor (27-10-2016 13:28:44)
Running from C:\Users\Gregor\Downloads
Windows 10 Education Version 1607 (X64) (2016-08-17 17:53:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2517125553-2289925176-1808856583-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2517125553-2289925176-1808856583-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2517125553-2289925176-1808856583-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gregor (S-1-5-21-2517125553-2289925176-1808856583-1001 - Administrator - Enabled) => C:\Users\Gregor
Guest (S-1-5-21-2517125553-2289925176-1808856583-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password 4.6.1.616 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{772ed258-65d1-4d57-ac70-7087049d1576}) (Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.8.1.23778 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.7.0.3165 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Discord (HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2517125553-2289925176-1808856583-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03F98804-A75C-4093-9750-EF2A7FBD788D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {06DE5636-578C-4B5D-84EF-43A7405ED7AF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {090E1755-0113-4D39-AA52-00EEB9470606} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {2C0BCEDB-0A12-4597-BECC-32DC3AED8CF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {3AB50A2B-30FE-4FC3-BDF5-990F0C050A99} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-10-18] (Avira Operations GmbH & Co. KG)
Task: {45B2E87D-AC76-4118-8441-A7649CCE26B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {4FD5D09D-44AA-4FDA-8C10-84A406A5B4A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
Task: {559A9E96-30B7-4764-9E3E-E27D85644192} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {673C1216-417F-49DC-961F-7C504A5A4295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {7FE723A8-BF74-421F-BE62-F982DFED213F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {9DD81C87-F465-4FC9-8D61-28C1D9217089} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {9F8096A3-0AF0-4632-9213-851944A474B6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {A94DA948-87EC-4CCE-98C2-A30348AEAFD5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {CC96FB80-21E9-4A88-AB14-2F23A10D7155} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {EAA58ED6-1873-4D31-B9AA-9BF1ADEA884D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {EBAFBB26-F8E1-4171-9C3E-3CF46C9C878C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00039424 _____ () C:\Windows\SYSTEM32\efsext.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-24 23:20 - 2016-09-24 23:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-14 11:15 - 2016-09-30 05:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-08-17 18:57 - 2016-10-22 07:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 01864384 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2016-09-22 08:31 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 13:19 - 2016-10-20 13:19 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00110592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00181760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-08-28 22:24 - 2016-08-28 22:24 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-10-14 11:15 - 2016-09-30 05:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-14 11:15 - 2016-09-29 18:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-14 11:15 - 2016-09-29 18:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-08-18 18:55 - 2016-08-18 18:55 - 01383616 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 00118976 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-17 19:26 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-17 19:26 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-15 10:19 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 01050296 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-28 22:20 - 2016-08-28 22:20 - 03793080 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 00894136 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-28 22:20 - 2016-08-28 22:20 - 01119416 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-28 22:20 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-20 07:33 - 2016-10-20 07:33 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-27 12:11 - 2016-10-27 12:11 - 00170496 _____ () \\?\C:\Users\Gregor\AppData\Local\Temp\955A.tmp.node
2016-08-28 22:20 - 2016-10-14 11:13 - 02658304 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-22 08:28 - 2016-10-14 11:13 - 02147328 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-08-17 20:06 - 2016-09-22 02:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-13 20:53 - 2016-09-22 02:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-17 20:06 - 2016-09-22 02:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-13 20:53 - 2016-09-22 02:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-13 20:53 - 2016-09-22 02:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-10-13 20:53 - 2016-10-10 19:30 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-13 20:53 - 2016-10-10 19:35 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-13 20:53 - 2016-09-22 02:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-13 20:53 - 2016-09-22 02:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-17 20:06 - 2016-09-22 02:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-17 22:36 - 2016-03-17 17:04 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B06E59C-6DD2-4277-AB18-72864D5B1255}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8BA341C7-8C12-435C-8CF5-32C64DFE0994}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA935703-281B-447B-B275-375C3C479800}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A82B8021-D5F9-4ADC-A069-379BAE3CA65D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4711E74F-5508-4F4F-BABF-1A6DA2A6CD19}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31186C5F-B602-43F2-902A-4FBE7039F5C8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B9C6195C-36CA-4814-AF65-158195D9C6F8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{70C5E0D4-ADB4-42AC-BFBE-83918188E883}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{512CA846-0E9C-4B6B-ADC5-D345A51421F4}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{4BABCD7C-A615-4930-AD59-B21109B0F334}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C92D1568-8768-4739-8003-C704AC317B18}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{64112DFA-008A-48EF-ACE6-586559D1A500}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{832AC24B-7745-4507-AF5C-7165E774888C}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{CFFBF928-930A-4DBE-BBEC-483512B6884D}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{23CA234B-5FCF-4848-92A8-655A088F6646}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{DC1CAD8D-FBB1-4D26-A7AF-9E4F2EAB008C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D475E5CB-DBD9-42FD-82EB-063067B69AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{713E1470-9694-4C06-A984-38F7CE9340BC}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{2FD3CC73-9FB7-471D-903B-B00AC0F289A8}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{15F22BF2-8637-40E9-9422-7E67E59C6F1B}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A7EAAB5A-2035-445C-9C48-F6B41F36C0AD}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{34A44EF0-4B3E-4EAC-91DE-4CCE663C4A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AA3F0A-E712-4108-8769-780598541055}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CB3C5C8-6060-4FFF-9507-C76EA6FC5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57D551EA-01F4-49AE-9870-F7421F7DFAD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C336E04-E62A-4A1A-A704-8F465B4C009C}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F35AA936-CCD8-4ABD-BFB8-99593A6E4D15}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{81CCC2C1-CB4E-4FE0-9313-A8E8B44EA213}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AEA4F2CD-10CB-4617-8700-6349EA4134F3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{3562EA4E-06DC-4B9F-8AE1-4C96C100A87F}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [UDP Query User{F1F7A6E6-4AFB-4748-9C87-78B4BC7A8A33}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [{6EA5E38B-5080-4306-8E3B-CFB5DFF82B02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B04DDCE-6752-4ABB-8B81-FD8D2409B9C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E975F0E1-DD62-485F-873C-F948D2F91DBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{983B25F4-A3C7-45B4-94BA-2BDE61E9821D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A791368-B6A0-41ED-B416-BB6A8B5B13DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{387FC42E-5236-4C6B-B98D-52C612192239}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-10-2016 14:35:05 Windows Update
14-10-2016 11:16:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
17-10-2016 19:00:43 paint.net 4.0.12
26-10-2016 19:25:32 Scheduled Checkpoint
27-10-2016 12:15:39 Avira System Speedup 2.7.0
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2016 12:15:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/27/2016 12:11:38 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
Error: (10/27/2016 10:33:44 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
Error: (10/26/2016 07:25:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (10/26/2016 11:30:25 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
Error: (10/25/2016 12:21:55 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.
Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5453
Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5453
Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/24/2016 02:56:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4406
System errors:
=============
Error: (10/27/2016 12:11:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/27/2016 12:11:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:59:02 on 27/10/2016 was unexpected.
Error: (10/27/2016 10:33:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/27/2016 12:34:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (10/27/2016 12:34:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (10/26/2016 11:30:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/25/2016 09:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (10/25/2016 09:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
Error: (10/25/2016 12:21:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (10/24/2016 11:02:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.
CodeIntegrity:
===================================
Date: 2016-10-14 11:14:40.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-14 11:14:40.928
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8133.64 MB
Available physical RAM: 4258.61 MB
Total Virtual: 9413.64 MB
Available Virtual: 4076.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:147.51 GB) (Free:107.74 GB) NTFS
Drive d: (Games) (Fixed) (Total:931.51 GB) (Free:726.38 GB) NTFS
Drive f: (Data Dump) (Fixed) (Total:931.51 GB) (Free:544.81 GB) NTFS
Drive k: (Windows 7) (Fixed) (Total:85.37 GB) (Free:12.01 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E03AB4B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 260D3280)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5E9AE640)
Partition 1: (Active) - (Size=85.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
|
| Themen zu RAT Trojaner? |
| avira, code, data, detected, dllhost.exe, explorer.exe, file, helper.exe, ics, infected, lsass.exe, malwarebytes, mas, maus, msascuil.exe, nvcontainer.exe, nvidia, office 365, schnell, sekunden, services, sihost.exe, spoolsv.exe, svchost.exe, system, trojaner, trojaner?, warning, web, windows, windowsapps, winlogon.exe |
Baum-Darstellung