| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbebanner im SteamclientWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.02.2017, 17:58
| #16 |
 |  Werbebanner im Steamclient Ist noch da. Was sich nun geändert hat. Der Banner, wenn er im Bild erscheint, dann verschwindet er sofort auch wieder. Bleibt also nicht im Bild. Taucht auf und verschwindet wieder. Der Banner wird dabei ins Bild geschoben. Je nach Website mal von unten oder oben. Im Steamclient ist der Banner immer oben, über dem Menu wenn er auftaucht. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by ezztr (25-02-2017 23:55:05)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version: - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version: - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version: - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version: - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Oxygen Not Included (HKLM\...\Steam App 457140) (Version: - Klei Entertainment)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.12 - Vaclav Slavik)
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version: - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version: - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version: - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
YouPloader Version 0.9.3 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.3 - BeCast)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {AC24C798-888C-43FA-9D8B-32F5D902E8DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E5E09893-C0AF-4AA9-B662-4B583E3CDFA6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-04-04 14:54 - 2016-04-04 14:54 - 00575432 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2016-10-25 13:36 - 2015-11-25 02:33 - 01034368 _____ () C:\Program Files\Transmission\dbus-daemon.exe
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-02-16 00:05 - 2017-02-16 00:05 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-24 15:47 - 2017-02-24 15:47 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32api.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pywintypes27.dll
2017-02-24 15:47 - 2017-02-24 15:47 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pythoncom27.dll
2017-02-24 15:47 - 2017-02-24 15:47 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32com.shell.shell.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_hashlib.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._core_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._gdi_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._windows_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._controls_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._misc_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pysqlite2._sqlite.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_ctypes.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\unicodedata.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32file.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32security.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\hashobjs_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\thumbnails_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\usb_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\common.time34.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32event.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32gui.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_socket.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_ssl.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_elementtree.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pyexpat.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32inet.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_psutil_windows.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\windows._lib_cacheinvalidation.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32crypt.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._wizard.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._html2.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_multiprocessing.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_yappi.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32process.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._animate.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32pipe.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\select.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32pdh.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32profile.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32ts.pyd
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-18 18:26 - 2016-03-18 18:26 - 00207872 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-03-18 17:19 - 2016-03-18 17:19 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{A2091538-196A-4ACC-821A-1D8FEE92E88D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{C465A602-10DB-4B2A-B047-266815A93382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
==================== Restore Points =========================
06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal
24-02-2017 11:47:12 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
==================== Faulty Device Manager Devices =============
Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2017 07:33:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- [SOSINSTALLER] TRYMOUNT-DELLSUPPORT: mk_dellsupport_lnk can't find DSP! errno=0
at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
at utilities.PartitionHelper.DellSupportFinder.find()
at DellUpdate.sosinstaller.try_mount_dellsupport() #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/24/2017 03:49:04 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [4] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/24/2017 03:46:14 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-CSVQ63S$ über https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
Methode: GET(141ms)
Phase: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
Error: (02/24/2017 11:47:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
System errors:
=============
Error: (02/25/2017 03:02:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/25/2017 11:48:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/25/2017 11:17:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
und der APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
im Anwendungscontainer "Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe" (SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/25/2017 11:17:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
und der APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
im Anwendungscontainer "Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe" (SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/25/2017 05:08:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/25/2017 02:29:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/24/2017 03:47:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/24/2017 03:47:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/24/2017 03:47:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/24/2017 03:46:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "USER_ESRV_SVC_QUEENCREEK" wurde mit folgendem Fehler beendet:
%%497
CodeIntegrity:
===================================
Date: 2017-02-25 11:17:46.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll that did not meet the Store signing level requirements.
Date: 2017-02-25 11:17:46.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Store signing level requirements.
Date: 2017-02-24 20:45:49.160
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-24 15:45:58.508
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-23 23:37:02.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-23 14:26:54.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-23 09:10:29.592
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 22:37:35.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 20:03:30.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-22 17:29:53.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16238.91 MB
Available physical RAM: 10975.98 MB
Total Virtual: 18670.91 MB
Available Virtual: 11874.22 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:186.21 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
25.02.2017, 17:59
| #17 |
| | Werbebanner im SteamclientFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (25-02-2017 23:54:19)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\Transmission\dbus-daemon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]
FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-25]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-25]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-25 11:28 - 2017-02-25 11:28 - 00001453 _____ C:\Users\ezztr\Desktop\Poedit.exe - Verknüpfung.lnk
2017-02-25 01:12 - 2017-02-25 01:12 - 00087565 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master (1).zip
2017-02-24 19:33 - 2017-02-24 20:28 - 00000000 ____D C:\Users\ezztr\Downloads\Poedit Pro v1.8.8 Setup + Crack
2017-02-24 19:30 - 2017-02-24 19:30 - 00013327 _____ C:\Users\ezztr\Downloads\58CE5E41142D5C807DEC601120F1F9F6164542D5.torrent
2017-02-24 17:57 - 2017-02-24 17:57 - 00000000 ____D C:\Users\ezztr\Documents\Klei
2017-02-24 17:53 - 2017-02-24 17:53 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Poedit
2017-02-24 17:49 - 2017-02-25 11:29 - 00000000 ____D C:\Program Files (x86)\Poedit
2017-02-24 17:49 - 2017-02-24 17:49 - 13952280 _____ (Vaclav Slavik ) C:\Users\ezztr\Downloads\Poedit-1.8.12-setup.exe
2017-02-24 17:49 - 2017-02-24 17:49 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2017-02-24 17:45 - 2017-02-24 17:45 - 00000222 _____ C:\Users\ezztr\Desktop\Oxygen Not Included.url
2017-02-24 17:40 - 2017-02-24 17:40 - 00084150 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master.zip
2017-02-24 17:07 - 2017-02-24 18:24 - 938098688 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 348577.crdownload
2017-02-24 15:55 - 2017-02-24 15:55 - 00165883 _____ C:\Users\ezztr\Desktop\Analytics Alle Websitedaten Default Dashboard MNP 20170217-20170223.pdf
2017-02-24 15:36 - 2017-02-24 15:36 - 00004136 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\Program Files\Dell Support Center
2017-02-24 01:41 - 2017-02-24 01:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-23 23:46 - 2017-02-24 01:41 - 11581544 _____ (SurfRight B.V.) C:\Users\ezztr\Desktop\HitmanPro_x64.exe
2017-02-23 23:41 - 2017-02-23 23:43 - 02870984 _____ (ESET) C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe
2017-02-23 23:35 - 2017-02-23 23:36 - 00019940 _____ C:\Users\ezztr\Desktop\Fixlog.txt
2017-02-23 16:03 - 2017-02-23 16:03 - 60676178 _____ (Inkscape Project) C:\Users\ezztr\Downloads\Inkscape-0.92.1-x64-1.exe
2017-02-23 14:07 - 2017-02-23 14:07 - 00040908 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-23 14:04 - 2017-02-23 14:06 - 02981506 _____ C:\Users\ezztr\Downloads\dejavu-sans.zip
2017-02-23 14:04 - 2017-02-23 14:04 - 00336374 _____ C:\Users\ezztr\Downloads\dejavu_sans1.zip
2017-02-23 11:44 - 2017-02-23 11:44 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-02-23 08:39 - 2017-02-23 08:40 - 77568952 _____ (The GIMP Team ) C:\Users\ezztr\Downloads\gimp-2.8.20-setup.exe
2017-02-22 22:50 - 2017-02-25 23:53 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-25 12:47 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-25 11:18 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:10 - 2017-02-22 17:10 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouPloader.lnk
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Program Files (x86)\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-25 23:54 - 00028968 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-24 01:53 - 00066716 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-25 23:53 - 02423296 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-25 23:54 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-25 23:28 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 23:07 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 13:29 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-02-25 13:27 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-25 11:43 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 11:28 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-25 10:38 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 06:45 - 2016-08-24 00:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-25 03:10 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-25 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-25 01:53 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-25 01:46 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-24 23:07 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-24 22:55 - 2016-08-04 03:47 - 01940498 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-24 22:55 - 2016-08-04 03:47 - 00524304 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-24 22:55 - 2015-12-27 02:15 - 04401872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 20:53 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-24 15:47 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-24 15:47 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-24 15:47 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-24 15:47 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-24 15:46 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-24 15:41 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 15:36 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-23 23:37 - 2016-08-03 12:50 - 05016576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 14:10 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-23 10:47 - 2016-04-10 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:42 - 2016-04-10 16:09 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 08:14 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 14:49 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-23 14:07 - 2017-02-23 14:07 - 0040908 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2017-02-24 16:21 - 2017-02-24 16:21 - 0695808 ____N () C:\Users\ezztr\AppData\Local\Temp\sqlite-3.8.11.2-64fb9435-3781-4d02-b7af-5321af360a37-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-18 12:55
==================== End of FRST.txt ============================
|
|
26.02.2017, 10:54
| #18 |
| /// TB-Ausbilder   | Werbebanner im Steamclient Servus,
__________________in welchem Browser tritt das Problem auf? |
|
26.02.2017, 11:51
| #19 |
| | Werbebanner im Steamclient Im Chrome Browser |
|
27.02.2017, 10:03
| #20 |
| /// TB-Ausbilder | Werbebanner im Steamclient Servus, Schritt 1
Schritt 2
 Gibt es jetzt noch Probleme mit Google Chrome?Bitte poste mit deiner nächsten Antwort
|
|
28.02.2017, 04:17
| #21 |
| | Werbebanner im Steamclient Ok, hier. Habe jetzt einige Stunden gearbeitet, bis jetzt ist kein Banner aufgetaucht. FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (28-02-2017 10:11:21)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4006464 2017-01-31] (GOG.com)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 27.50.20.21 27.50.30.21
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 27.50.20.21 27.50.30.21
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]
FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-28]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{2df3b436-3ec3-4a4a-ac1e-c9d9d07c5db9}\disableSHA1rollout@mozilla.org.xpi [2017-02-26]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [284736 2017-01-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2017-01-31] (GOG.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-28 00:15 - 2017-02-28 00:16 - 06020424 _____ (ExKode Co. Ltd. ) C:\Users\ezztr\Downloads\DxtorySetup2.0.141.exe
2017-02-27 04:25 - 2017-02-27 04:25 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\CDProjektRED
2017-02-27 04:25 - 2017-02-27 04:25 - 00000000 ____D C:\Users\ezztr\AppData\Local\GalaxyCommunicationService
2017-02-27 04:25 - 2017-02-27 04:25 - 00000000 ____D C:\ProgramData\CDProjekt RED
2017-02-27 03:41 - 2017-02-27 03:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-02-27 03:41 - 2017-02-27 03:41 - 00001116 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2017-02-27 03:41 - 2017-02-27 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwent [GOG.com]
2017-02-27 03:40 - 2017-02-27 03:41 - 00000000 ____D C:\Program Files (x86)\GOG Galaxy
2017-02-27 03:40 - 2017-02-27 03:40 - 00000000 ____D C:\ProgramData\GOG.com
2017-02-27 03:36 - 2017-02-27 03:36 - 00000064 _____ C:\Users\ezztr\Downloads\gogGalaxy.auth
2017-02-27 03:35 - 2017-02-27 03:40 - 150855320 _____ (GOG.com ) C:\Users\ezztr\Downloads\setup_gwent_1.1.27.1_de.exe
2017-02-26 23:21 - 2017-02-26 23:21 - 00000279 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb.lnk
2017-02-26 19:08 - 2017-02-26 19:08 - 00087565 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master (1).zip
2017-02-26 11:31 - 2017-02-26 11:31 - 00041439 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-25 11:28 - 2017-02-25 11:28 - 00001453 _____ C:\Users\ezztr\Desktop\Poedit.exe - Verknüpfung.lnk
2017-02-24 19:30 - 2017-02-24 19:30 - 00013327 _____ C:\Users\ezztr\Downloads\58CE5E41142D5C807DEC601120F1F9F6164542D5.torrent
2017-02-24 17:57 - 2017-02-24 17:57 - 00000000 ____D C:\Users\ezztr\Documents\Klei
2017-02-24 17:53 - 2017-02-24 17:53 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Poedit
2017-02-24 17:49 - 2017-02-25 11:29 - 00000000 ____D C:\Program Files (x86)\Poedit
2017-02-24 17:49 - 2017-02-24 17:49 - 13952280 _____ (Vaclav Slavik ) C:\Users\ezztr\Downloads\Poedit-1.8.12-setup.exe
2017-02-24 17:49 - 2017-02-24 17:49 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2017-02-24 17:40 - 2017-02-24 17:40 - 00084150 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master.zip
2017-02-24 17:07 - 2017-02-24 18:24 - 938098688 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 348577.crdownload
2017-02-24 15:55 - 2017-02-24 15:55 - 00165883 _____ C:\Users\ezztr\Desktop\Analytics Alle Websitedaten Default Dashboard MNP 20170217-20170223.pdf
2017-02-24 15:36 - 2017-02-24 15:36 - 00004136 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\Program Files\Dell Support Center
2017-02-24 01:41 - 2017-02-24 01:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-23 23:46 - 2017-02-24 01:41 - 11581544 _____ (SurfRight B.V.) C:\Users\ezztr\Desktop\HitmanPro_x64.exe
2017-02-23 23:41 - 2017-02-23 23:43 - 02870984 _____ (ESET) C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe
2017-02-23 23:35 - 2017-02-23 23:36 - 00019940 _____ C:\Users\ezztr\Desktop\Fixlog.txt
2017-02-23 16:03 - 2017-02-23 16:03 - 60676178 _____ (Inkscape Project) C:\Users\ezztr\Downloads\Inkscape-0.92.1-x64-1.exe
2017-02-23 14:04 - 2017-02-23 14:06 - 02981506 _____ C:\Users\ezztr\Downloads\dejavu-sans.zip
2017-02-23 14:04 - 2017-02-23 14:04 - 00336374 _____ C:\Users\ezztr\Downloads\dejavu_sans1.zip
2017-02-23 11:44 - 2017-02-23 11:44 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-02-23 08:39 - 2017-02-23 08:40 - 77568952 _____ (The GIMP Team ) C:\Users\ezztr\Downloads\gimp-2.8.20-setup.exe
2017-02-22 22:50 - 2017-02-28 10:11 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-26 11:14 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-26 11:05 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-26 11:05 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-26 11:05 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-26 11:05 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-28 10:11 - 00028783 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-25 23:59 - 00069412 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-28 10:11 - 02423296 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-28 10:11 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-28 09:26 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-28 08:58 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-28 08:58 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-28 03:35 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-28 03:25 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-28 02:52 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-02-28 02:43 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-28 02:26 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-28 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-28 00:16 - 2016-10-06 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
2017-02-28 00:12 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-27 09:49 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-27 03:58 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-26 19:07 - 2016-10-25 12:50 - 00000000 ____D C:\Users\ezztr\Downloads\Temp
2017-02-26 15:47 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-02-26 15:26 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-26 15:26 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-26 14:55 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-26 11:31 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-26 11:31 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-26 11:05 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-26 11:05 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-26 11:05 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-26 11:05 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-26 11:05 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-26 11:04 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 11:04 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 10:38 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 06:45 - 2016-08-24 00:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-24 22:55 - 2016-08-04 03:47 - 01940498 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-24 22:55 - 2016-08-04 03:47 - 00524304 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-24 22:55 - 2015-12-27 02:15 - 04401872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 20:53 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-24 15:46 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-24 15:41 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 15:36 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-23 23:37 - 2016-08-03 12:50 - 05016576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 10:47 - 2016-04-10 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:42 - 2016-04-10 16:09 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
==================== Files in the root of some directories =======
2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-26 11:31 - 2017-02-26 11:31 - 0041439 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2017-02-26 00:01 - 2017-02-26 00:01 - 0035680 _____ () C:\Users\ezztr\AppData\Local\Temp\i4jdel0.exe
2017-02-26 00:01 - 2017-02-26 00:01 - 0040448 ____N () C:\Users\ezztr\AppData\Local\Temp\proxy_vole2870947159701469569.dll
2017-02-24 16:21 - 2017-02-24 16:21 - 0695808 ____N () C:\Users\ezztr\AppData\Local\Temp\sqlite-3.8.11.2-64fb9435-3781-4d02-b7af-5321af360a37-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-18 12:55
==================== End of FRST.txt ============================
--- --- --- |
|
28.02.2017, 04:17
| #22 |
| | Werbebanner im SteamclientCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by ezztr (28-02-2017 10:12:11)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version: - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.141 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.141 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version: - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Gwent (HKLM-x32\...\1971477531_is1) (Version: 2.0.0.0 - GOG.com)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version: - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Oxygen Not Included (HKLM\...\Steam App 457140) (Version: - Klei Entertainment)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.12 - Vaclav Slavik)
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version: - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version: - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {AC24C798-888C-43FA-9D8B-32F5D902E8DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E5E09893-C0AF-4AA9-B662-4B583E3CDFA6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-04-04 14:54 - 2016-04-04 14:54 - 00575432 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 17:54 - 2016-06-03 17:57 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-10 22:30 - 2016-04-10 22:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-26 11:05 - 2017-02-26 11:05 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32api.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\pywintypes27.dll
2017-02-26 11:05 - 2017-02-26 11:05 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\pythoncom27.dll
2017-02-26 11:05 - 2017-02-26 11:05 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32com.shell.shell.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_hashlib.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._core_.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._gdi_.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._windows_.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._controls_.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._misc_.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\pysqlite2._sqlite.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_ctypes.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\unicodedata.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32file.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32security.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\hashobjs_ext.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\thumbnails_ext.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\usb_ext.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\common.time34.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32event.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32gui.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_socket.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_ssl.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_elementtree.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\pyexpat.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32inet.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_psutil_windows.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\windows._lib_cacheinvalidation.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32crypt.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._wizard.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._html2.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_multiprocessing.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\_yappi.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32process.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\wx._animate.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32pipe.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\select.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32pdh.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32profile.pyd
2017-02-26 11:05 - 2017-02-26 11:05 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI74002\win32ts.pyd
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-18 18:26 - 2016-03-18 18:26 - 00207872 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-03-18 17:19 - 2016-03-18 17:19 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 27.50.20.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{A2091538-196A-4ACC-821A-1D8FEE92E88D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{C465A602-10DB-4B2A-B047-266815A93382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [TCP Query User{77778A78-3566-4E8D-8E8C-2561B4FBBA77}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe
FirewallRules: [UDP Query User{B7A7A341-3088-4BB3-BD75-B3C5CBCE5CB8}C:\program files (x86)\gog galaxy\games\gwent\gwent.exe] => (Allow) C:\program files (x86)\gog galaxy\games\gwent\gwent.exe
==================== Restore Points =========================
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal
24-02-2017 11:47:12 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
27-02-2017 03:41:00 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
==================== Faulty Device Manager Devices =============
Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/28/2017 01:49:01 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [4] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/27/2017 08:29:40 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [20] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/27/2017 03:41:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/26/2017 07:07:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/26/2017 12:00:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 25.2.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1928
Startzeit: 01d28f87a6591f4a
Beendigungszeit: 4294967295
Anwendungspfad: C:\Users\ezztr\Desktop\FRST64.exe
Berichts-ID: deba4e6f-fb7b-11e6-9c64-b5b49f93f0b8
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (02/24/2017 07:33:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
System errors:
=============
Error: (02/28/2017 04:11:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/28/2017 03:37:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/27/2017 11:57:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (02/27/2017 11:57:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
Error: (02/27/2017 11:57:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 1 0xc 0x4
Error: (02/27/2017 09:05:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/27/2017 09:05:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/27/2017 09:05:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/27/2017 09:05:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/27/2017 09:05:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
CodeIntegrity:
===================================
Date: 2017-02-25 11:17:46.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll that did not meet the Store signing level requirements.
Date: 2017-02-25 11:17:46.392
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Store signing level requirements.
Date: 2017-02-24 20:45:49.160
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-24 15:45:58.508
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-23 23:37:02.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-23 14:26:54.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-23 09:10:29.592
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 22:37:35.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 20:03:30.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-22 17:29:53.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 30%
Total physical RAM: 16238.91 MB
Available physical RAM: 11216.38 MB
Total Virtual: 18670.91 MB
Available Virtual: 12281.98 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:149.47 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
28.02.2017, 14:19
| #23 | ||||||||||
| /// TB-Ausbilder | Werbebanner im Steamclient Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
01.03.2017, 15:57
| #24 |
| | Werbebanner im Steamclient Hallo, ist alles erledigt. Danke Dir. |
|
01.03.2017, 20:51
| #25 |
| /// TB-Ausbilder | Werbebanner im Steamclient Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Werbebanner im Steamclient |
| .dll, adware, defender, detected, explorer.exe, firefox, ftp, geforce, helper, home, hook, html, logfile, monitor, nvcontainer, nvcontainer.exe, nvidia, office 365, scan, security, software, system32, temp, treiber, updates, usb, virtualbox, warum, windowsapps, wireless, wlan |
Linear-Darstellung
