Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Log-Analyse und Auswertung: SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 15.07.2017, 15:09   #1
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Habe SUPER (Video Converter) installiert. Bisher war das immer ganz okay scheinbar hat sich das drastisch geändert

Hier die Scan results:

Ich kann Malwarebytes gar nicht mehr installieren, ständig reakitivert sich die UAC und will die installation verhindern und ausgeschaltet sagt MB "Could not call proc"

Firefox lädt ständig neue tabs mit der Seite bigpicturepop:

Ich kann die Logs von FRST nicht posten. Er sagt immer der Beitrag ist zu lang (trotz code tags) - Ich muss euch das zippen...keine Ahnung warum ich nur teilweise posten kann

FRST Teil 1
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
durchgeführt von *** (Administrator) auf DENNIS (15-07-2017 15:54:37)
Gestartet von C:\Users\***\Downloads
Geladene Profile: *** (Verfügbare Profile: ***)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files\9069783d92779bd29ad0641563a66baf\e1e83fd0dad806658532bb3593b59941.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
() E:\altera\quartus\bin64\jtagserver.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() E:\Matlab\bin\win64\MATLABStartupAccelerator.exe
(LAWV3K) C:\Program Files (x86)\jzuwxpj0sve\13EERPWAQA2M38G.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(ellMibouna) C:\Users\***\AppData\Roaming\y32ws5jla0o\0tiw2jloi14.exe
(LAWV3K) C:\Users\***\AppData\Local\Temp\TL0GJ8ZE6H\Like.exe
(LAWV3K) C:\Program Files\UA0Q0EPQEJ\UA0Q0EPQE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ellMibouna) C:\Users\***\AppData\Roaming\szgoqppwxen\kq0zoc135ds.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(                                                            ) C:\Users\***\AppData\Local\Temp\bwbbDynNI\bwbbDynNI.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Users\***\AppData\Local\Temp\is-PC795.tmp\bwbbDynNI.tmp
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
() C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(LAWV3K) C:\Program Files\MATJBLVCNI\MATJBLVCN.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(LAWV3K) C:\Program Files\8URKEZJE8M\8URKEZJE8.exe
(LAWV3K) C:\Program Files\7SOU0UO9PV\7SOU0UO9P.exe
(LAWV3K) C:\Program Files\NUWXYOYSTJ\NUWXYOYST.exe
(LAWV3K) C:\Program Files (x86)\jzuwxpj0sve\1N5MX.exe
(LAWV3K) C:\Program Files\9C7MQ5NLSV\9C7MQ5NLS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(LAWV3K) C:\Program Files\1ENYJTIJ2N\1ENYJTIJ2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ELLS LLC) C:\Users\***\AppData\Local\WeatherBuddy\WeatherBuddy.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(LAWV3K) C:\Program Files\2YB33B3YSI\2YB33B3YS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(LAWV3K) C:\Program Files\UWK87OEUU5\UWK87OEUU.exe
(LAWV3K) C:\Program Files\YFG3CLV0D2\YFG3CLV0D.exe
(LAWV3K) C:\Program Files\TWPT0WXANH\TWPT0WXAN.exe
(LAWV3K) C:\Program Files\3TGIL1FYJB\3TGIL1FYJ.exe
(LAWV3K) C:\Program Files\VQXIYO2F6D\P5FPQSSY1.exe
(LAWV3K) C:\Program Files\G1YDYYQ3ON\Q768MZ5QG.exe
(LAWV3K) C:\Program Files\R0CY54D5N1\R0CY54D5N.exe
(LAWV3K) C:\Program Files\I8UO1LAA21\I8UO1LAA2.exe
(LAWV3K) C:\Program Files\OXJNZS6SEM\OXJNZS6SE.exe
(ellMibouna) C:\Users\***\AppData\Roaming\y32ws5jla0o\0tiw2jloi14.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LAWV3K) C:\Program Files\UA0Q0EPQEJ\UA0Q0EPQE.exe
(ellMibouna) C:\Users\***\AppData\Roaming\szgoqppwxen\kq0zoc135ds.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_137.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_26_0_0_137.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\***\AppData\Roaming\AppTrailers\AppTrailers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Users\***\AppData\Roaming\AppTrailers\AppTrailers.exe
() C:\Users\***\AppData\Roaming\AppTrailers\AppTrailers.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Windows\TEMP\g634A.tmp.exe
() C:\Windows\TEMP\g70D7.tmp.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGNet.exe
(Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

Alt 15.07.2017, 15:14   #2
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Hier der Anhang

Anhang 80679
__________________
Alt 16.07.2017, 13:48   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
__________________
Alt 16.07.2017, 13:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.07.2017, 20:39   #5
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Neuer stand... im abgesicherten Modus konnte ich den ESET online Scanner nutzen.

Das System ist quasi wieder okay! MBAM kann ich nach wie vor nicht installieren (vll auch ein Problem von MBAM) jedenfalls kommen nun nur noch im Chrome Browser alle paar Minuten russische Titten Pop Ups.

FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
durchgeführt von *** (Administrator) auf DENNIS (18-07-2017 21:34:12)
Gestartet von C:\Users\***\Downloads
Geladene Profile: *** (Verfügbare Profile: ***)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() E:\altera\quartus\bin64\jtagserver.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Creative SB Monitoring Utility Launcher] => RunDll32 SBAVMonL.dll,SBAVMonitorLauncher
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2384984 2016-12-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1481256 2017-04-25] (Sophos Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-07-24] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ACHTUNG
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ACHTUNG
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ACHTUNG
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ACHTUNG
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ACHTUNG
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ACHTUNG
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ACHTUNG
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ACHTUNG
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ACHTUNG
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ACHTUNG
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ACHTUNG
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ACHTUNG
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ACHTUNG
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ACHTUNG
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ACHTUNG
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ACHTUNG
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ACHTUNG
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ACHTUNG
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ACHTUNG
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ACHTUNG
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ACHTUNG
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ACHTUNG
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ACHTUNG
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ACHTUNG
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ACHTUNG
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ACHTUNG
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ACHTUNG
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ACHTUNG
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ACHTUNG
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ACHTUNG
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ACHTUNG
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ACHTUNG
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ACHTUNG
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ACHTUNG
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ACHTUNG
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ACHTUNG
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ACHTUNG
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [TSMApplication] => C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-16] ()
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3155712 2017-01-30] (Unified Intents AB)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-05] (Spotify Ltd)
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Z30EXMJL1G3FYWX] => "C:\Program Files\8URKEZJE8M\8URKEZJE8.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [082NNTU50H0R0A9] => "C:\Program Files\NUWXYOYSTJ\NUWXYOYST.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [H7M12ML8A93J3M1] => "C:\Program Files\9C7MQ5NLSV\9C7MQ5NLS.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [467IPYRY8ESVDOB] => "C:\Program Files\1ENYJTIJ2N\1ENYJTIJ2.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [WeatherBuddy] => C:\Users\***\AppData\Local\WeatherBuddy\WeatherBuddy.exe
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [PHZ5KB27COR8SX2] => "C:\Program Files\2YB33B3YSI\2YB33B3YS.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [XMD9GLAIL0901QN] => "C:\Program Files\UWK87OEUU5\UWK87OEUU.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [UC6I7LB58GEB40G] => "C:\Program Files\YFG3CLV0D2\YFG3CLV0D.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [ZF1EEX2DK2JLDUG] => "C:\Program Files\TWPT0WXANH\TWPT0WXAN.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [SVZWQFB17CNYHUE] => "C:\Program Files\3TGIL1FYJB\3TGIL1FYJ.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [F8SUNXVC7QWTOOD] => "C:\Program Files\VQXIYO2F6D\P5FPQSSY1.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [4861206DOOA101C] => "C:\Program Files\G1YDYYQ3ON\Q768MZ5QG.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [E4U4DYGO85T49D2] => "C:\Program Files\R0CY54D5N1\R0CY54D5N.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [0UKJWQG3XLSBYY4] => "C:\Program Files\I8UO1LAA21\I8UO1LAA2.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [MC7MEQEBHRC8PCS] => "C:\Program Files\OXJNZS6SEM\OXJNZS6SE.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [2gho4x0jmdp] => "C:\Users\***\AppData\Roaming\y32ws5jla0o\0tiw2jloi14.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [FULKLUTFVSOODJV] => "C:\Program Files\UA0Q0EPQEJ\UA0Q0EPQE.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [5TLM3AUQLYFV5ON] => "C:\Program Files\MATJBLVCNI\MATJBLVCN.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [CL04YP20DFRWQ7T] => "C:\Program Files\7SOU0UO9PV\7SOU0UO9P.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [214tr4igtn2] => "C:\Users\***\AppData\Roaming\wannqu4wm2g\n0j3dubjl04.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [385O9206BSKRAWK] => "C:\Program Files\PTZYKW4S4U\PTZYKW4S4.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [yn2ro4m3zen] => "C:\Users\***\AppData\Roaming\q3gzcylttut\dzeqcpoykco.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [SZX87GKIT1ZC50X] => "C:\Program Files\CE1341K0HB\P37IC0Q1G.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [3GTIW59WJ3FLW81] => "C:\Program Files\5APK2DHEFW\5APK2DHEF.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [IIJU8DNC6VO4MVH] => "C:\Program Files\XI1LIKB6BN\XI1LIKB6B.exe"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Run: [Spotify Web Helper] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [7111792 2017-07-05] (Spotify Ltd)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [235928 2017-04-25] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [207864 2017-04-25] (Sophos Limited)
AppInit_DLLs-x32: L,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [207864 2017-04-25] (Sophos Limited)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [207864 2017-04-25] (Sophos Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\odrive.lnk [2016-08-26]
ShortcutTarget: odrive.lnk -> C:\Program Files\odrive\odrive.exe ()
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk [2016-07-25]
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{922fe5b9-eb9f-4c19-9c69-92b7844d74d5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f8ee183a-804f-4847-823d-54a3a5852415}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
BHO: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YiuAskIE\t9WlcCyc.dll => Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (Oracle Corporation)
BHO: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{BAFA400A-21F9-4DE8-9F48-5405498BAFDA}\{35CA290F-D2F5-4321-B46E-1A45C19C9019}.bin => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (Oracle Corporation)
BHO-x32: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YiuAskIE\ktr9tIj.dll => Keine Datei
BHO-x32: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{8F8102D3-DACC-4F6D-942E-E96EC470D739}\{3B334792-F9AD-4415-9152-D27B1FA5D683}.bin => Keine Datei

FireFox:
========
FF DefaultProfile: vxtwx0nv.default
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default [2017-07-18]
FF user.js: detected! => C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\user.js [2017-07-15]
FF Homepage: Mozilla\Firefox\Profiles\vxtwx0nv.default -> www.google.de
FF Extension: (Windscribe) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\Extensions\@windscribeff.xpi [2017-06-08]
FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\Extensions\amptra@keepa.com.xpi [2017-06-15]
FF Extension: (NoScript) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-02]
FF Extension: (Update Scanner) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\Extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2017-02-21]
FF Extension: (Adblock Plus) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vxtwx0nv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{F0D9B6FF-956F-48C1-B855-2905D276D74A}] - C:\WINDOWS\Installer\{78531802-9CD9-41EC-AEF3-68655E00A523}\{F0D9B6FF-956F-48C1-B855-2905D276D74A}.xpi
FF Extension: ( ) - C:\WINDOWS\Installer\{78531802-9CD9-41EC-AEF3-68655E00A523}\{F0D9B6FF-956F-48C1-B855-2905D276D74A}.xpi [2017-07-15]
FF HKLM-x32\...\Firefox\Extensions: [support@geticommerce.com] - C:\Program Files (x86)\Up Pro\up_pro-0.9.35.2-fx.xpi
FF Extension: (Up Pro) - C:\Program Files (x86)\Up Pro\up_pro-0.9.35.2-fx.xpi [2016-10-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-07-15]

Chrome: 
=======
CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default [2017-07-18]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-06]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-06]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-06]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-06]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-06]
CHR Extension: (Tables) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-07-15]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-02-06]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2017-07-14]
CHR Extension: (Adblocker for Youtube™) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgokgcnplbfnkjpejjgafogeecgaini [2017-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-20]
CHR Extension: ( ) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeodddcceljkdkbbjhobagalmodleiha [2017-07-15]
CHR Extension: (ScriptSafe) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-04-02]
CHR Extension: (Kein Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
CHR HKU\S-1-5-21-1505119879-566967852-3136431682-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox, Inc.)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\ElfoService.exe [1283336 2017-04-21] ()
R2 JTAGServer; E:\altera\quartus\bin64\jtagserver.exe [311808 2016-10-25] () [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [229664 2017-04-25] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [200064 2017-04-25] (Sophos Limited)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-08-28] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [761696 2017-04-25] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [360040 2017-04-25] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2499872 2017-02-02] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [475384 2017-04-25] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3644368 2017-04-25] (Sophos Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-08] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 9069783d92779bd29ad0641563a66baf; "C:\Program Files\9069783d92779bd29ad0641563a66baf\e1e83fd0dad806658532bb3593b59941.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 58d8c3965112dd54aee52bda5a36feaa; C:\WINDOWS\system32\drivers\58d8c3965112dd54aee52bda5a36feaa.sys [78720 2017-07-14] (7FUEQJ) <==== ACHTUNG
S3 AlteraUSBBlaster; C:\WINDOWS\system32\drivers\usbblstr.sys [98160 2016-04-28] (FTDI Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [119680 2017-03-08] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [89792 2017-03-08] (Future Technology Devices International Ltd.)
R3 ksaud; C:\WINDOWS\system32\drivers\ksaud.sys [2116728 2017-07-05] (Creative Technology Ltd.)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [199552 2017-04-25] (Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2016-08-28] (Sophos Limited)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R1 SLEE_15_DRIVER; C:\Windows\Sleen1564.sys [86024 2007-02-21] (Softwareentwicklung Remus - ArchiCrypt )
R2 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [116144 2016-08-28] (Sophos Limited)
R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [200760 2017-02-02] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2017-04-25] (Sophos Limited)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2017-02-02] (Sophos Limited)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2017-01-30] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-18 21:34 - 2017-07-18 21:34 - 00032698 _____ C:\Users\***\Downloads\FRST.txt
2017-07-18 21:34 - 2017-07-18 21:34 - 00000000 ____D C:\FRST
2017-07-18 21:33 - 2017-07-18 21:34 - 02435584 _____ (Farbar) C:\Users\***\Downloads\FRST64.exe
2017-07-18 21:33 - 2017-07-18 21:33 - 01780736 _____ (Farbar) C:\Users\***\Downloads\FRST.exe
2017-07-16 15:12 - 2017-07-16 15:12 - 00000000 ____D C:\WINDOWS\Panther
2017-07-16 14:16 - 2017-07-16 14:56 - 00000000 ____D C:\Users\***\AppData\Local\ESET
2017-07-16 14:09 - 2017-07-16 14:09 - 01847296 _____ C:\Users\***\AppData\Local\po.db
2017-07-16 14:09 - 2017-07-16 14:09 - 00140800 _____ C:\Users\***\AppData\Local\installer.dat
2017-07-16 14:09 - 2017-07-16 14:09 - 00011568 _____ C:\Users\***\AppData\Local\InstallationConfiguration.xml
2017-07-15 16:44 - 2017-07-15 16:44 - 00000000 ____D C:\ProgramData\Microleaves
2017-07-15 16:41 - 2017-07-15 17:33 - 00000386 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-07-15 16:41 - 2017-07-15 16:41 - 00003280 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-07-15 16:41 - 2017-07-15 16:41 - 00003244 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-07-15 16:41 - 2017-07-15 16:41 - 00003244 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-07-15 16:41 - 2017-07-15 16:41 - 00003244 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-07-15 16:41 - 2017-07-15 16:41 - 00000000 ____D C:\Users\***\AppData\Roaming\Microleaves
2017-07-15 16:41 - 2017-07-15 16:41 - 00000000 ____D C:\Users\***\AppData\Local\AdvinstAnalytics
2017-07-15 16:38 - 2017-07-16 14:10 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-07-15 16:38 - 2017-07-15 16:39 - 00000000 ____D C:\Users\***\AppData\Local\AppTrailers
2017-07-15 16:38 - 2017-07-15 16:38 - 00003242 _____ C:\WINDOWS\System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B
2017-07-15 16:38 - 2017-07-15 16:38 - 00002904 _____ C:\WINDOWS\System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2
2017-07-15 16:37 - 2017-07-15 16:37 - 00000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBuddy
2017-07-15 16:37 - 2017-07-15 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro
2017-07-15 16:37 - 2017-07-15 16:37 - 00000000 ____D C:\Program Files (x86)\Up Pro
2017-07-15 15:50 - 2017-07-16 14:55 - 00000000 ____D C:\Users\***\AppData\Roaming\szgoqppwxen
2017-07-15 15:37 - 2017-07-16 14:59 - 00532504 _____ C:\WINDOWS\ntbtlog.txt
2017-07-15 15:28 - 2017-07-15 15:28 - 00000306 __RSH C:\Users\***\ntuser.pol
2017-07-15 14:50 - 2017-07-15 14:50 - 00016838 _____ C:\WINDOWS\System32\Tasks\Bulk SMTP Mikinos
2017-07-15 14:50 - 2012-07-11 23:00 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Olepau32.ax
2017-07-15 14:50 - 2011-02-11 10:26 - 00112128 __RSH C:\WINDOWS\SysWOW64\OptimFROG.dll
2017-07-15 14:50 - 2009-08-10 23:00 - 00352768 __RSH C:\WINDOWS\SysWOW64\ac3DX.ax
2017-07-15 14:50 - 2005-02-22 17:55 - 00081920 __RSH C:\WINDOWS\SysWOW64\aac_parser.ax
2017-07-15 14:50 - 2004-04-27 16:03 - 00017408 __RSH (RadLight) C:\WINDOWS\SysWOW64\RLOFRDec.ax
2017-07-15 14:49 - 2017-07-16 15:04 - 00003272 _____ C:\WINDOWS\System32\Tasks\9069783d92779bd29ad0641563a66baf
2017-07-15 14:49 - 2017-07-15 17:33 - 00000300 _____ C:\WINDOWS\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job
2017-07-15 14:49 - 2017-07-15 16:37 - 00003214 __RSH C:\ProgramData\ntuser.pol
2017-07-15 14:49 - 2017-07-15 16:37 - 00002662 _____ C:\WINDOWS\System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B
2017-07-15 14:33 - 2017-07-15 14:33 - 00000000 ____D C:\Users\***\Desktop\WG_ebay
2017-07-15 14:20 - 2017-07-15 14:20 - 00000000 ____D C:\Users\***\AppData\Roaming\Plcore
2017-07-15 14:18 - 2017-07-15 14:47 - 00000000 ____D C:\Users\***\AppData\Roaming\DVDFab10
2017-07-15 14:18 - 2017-07-15 14:19 - 00000000 ____D C:\Users\***\Documents\DVDFab10
2017-07-15 13:28 - 2017-07-15 13:28 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-07-14 15:32 - 2017-07-14 15:32 - 00180747 _____ C:\Users\***\Downloads\calendari_academic_curs_2017-2018_mai_mei_miri.pdf
2017-07-14 06:00 - 2017-07-14 06:00 - 00078720 _____ (7FUEQJ) C:\WINDOWS\system32\Drivers\58d8c3965112dd54aee52bda5a36feaa.sys
2017-07-14 06:00 - 2017-07-14 06:00 - 00051630 _____ C:\WINDOWS\uninstaller.dat
2017-07-13 22:05 - 2017-07-13 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 21:58 - 2017-07-12 21:58 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-07-12 21:58 - 2017-07-12 21:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-07-12 21:58 - 2017-07-12 21:58 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-07-12 00:12 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 00:12 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 00:12 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 00:12 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 00:12 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 00:12 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 00:12 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 00:12 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 00:12 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 00:12 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 00:12 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 00:12 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 00:12 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 00:12 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 00:12 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 00:12 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 00:12 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 00:12 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 00:12 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 00:12 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 00:12 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 00:12 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 00:12 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 00:12 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 00:12 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 00:12 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 00:12 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 00:12 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 00:12 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 00:12 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 00:12 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 00:12 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 00:12 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 00:12 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 00:12 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 00:12 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 00:12 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 00:12 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 00:12 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 00:12 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 00:12 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 00:12 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 00:12 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 00:12 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 00:12 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 00:12 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 00:12 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 00:11 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 00:11 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 00:11 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 00:11 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 00:11 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 00:11 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 00:11 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 00:11 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 00:11 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 00:11 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 00:11 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 00:11 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 00:11 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 00:11 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 00:11 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 00:11 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 00:11 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 00:11 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 00:11 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 00:11 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 00:11 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 00:11 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 00:11 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 00:11 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 00:11 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 00:11 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 00:11 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 00:11 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 00:11 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 00:11 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 00:11 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 00:11 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 00:11 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 00:11 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 00:11 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 00:11 - 2017-07-07 08:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 00:11 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 00:11 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 00:11 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 00:11 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 00:11 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 00:11 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 00:11 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 00:11 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 00:11 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 00:11 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 00:11 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 00:11 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 00:11 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 00:11 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 00:11 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 00:11 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 00:11 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 00:11 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 00:11 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 00:11 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 00:11 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 00:11 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 00:11 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 00:11 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 00:11 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 00:11 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 00:11 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 00:11 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 00:11 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 00:11 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 00:11 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 00:11 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 00:11 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 00:11 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 00:11 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 00:11 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 00:11 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 00:11 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 00:11 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 00:11 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 00:11 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 00:11 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 00:11 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 00:11 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 00:11 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 00:11 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 00:11 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 00:11 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 00:11 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 00:11 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 00:11 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 00:11 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 00:11 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 00:11 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 00:11 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 00:11 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 00:11 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 00:11 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 00:11 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 00:11 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 00:11 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 00:11 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 00:11 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 00:11 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 00:11 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 00:11 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 00:11 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 00:11 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 00:11 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 00:11 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 00:11 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 00:11 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 00:11 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 00:11 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 00:11 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 00:11 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 00:11 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 00:11 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 00:11 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 00:11 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 00:11 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 00:11 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 00:11 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 00:11 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 00:11 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 00:11 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 00:11 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 00:11 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 00:11 - 2017-06-20 07:12 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-12 00:11 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 00:11 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 00:11 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 00:11 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 00:11 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 00:11 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 00:11 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 00:11 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 00:11 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 00:11 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 00:11 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 00:11 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 00:11 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 00:11 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 00:11 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 00:11 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 00:11 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 00:11 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 00:11 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 00:11 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 00:11 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 00:11 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 00:11 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 00:11 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 00:11 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 00:11 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 00:11 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 00:11 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 00:11 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 00:11 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 00:11 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 00:11 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 00:11 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 00:11 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 00:11 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 00:11 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 00:11 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 00:11 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 00:11 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 00:11 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 00:11 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 00:11 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 00:11 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 00:11 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 00:11 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 00:11 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 00:11 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 00:11 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 00:11 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 00:11 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 00:11 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 00:11 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 00:11 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 00:11 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 00:11 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 00:11 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 00:11 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 00:11 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 00:11 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 00:11 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 00:11 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 00:11 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 00:11 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 00:11 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 00:11 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 00:11 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 00:11 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 00:11 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 00:11 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 00:11 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 00:11 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 00:11 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 00:11 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 00:10 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 00:10 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 00:10 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 00:10 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 00:10 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 00:10 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 00:10 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 00:10 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 00:10 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 00:10 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 00:10 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 00:10 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 00:10 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 00:10 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 00:10 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 00:10 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 00:10 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 00:10 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 00:10 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 00:10 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 00:10 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 00:10 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 00:10 - 2017-07-07 09:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 00:10 - 2017-07-07 09:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 00:10 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 00:10 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 00:10 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 00:10 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 00:10 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 00:10 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 00:10 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 00:10 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 00:10 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 00:10 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 00:10 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 00:10 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 00:10 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 00:10 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 00:10 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 00:10 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 00:10 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 00:10 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 00:10 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 00:10 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 00:10 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 00:10 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 00:10 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 00:10 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 00:10 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 00:10 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 00:10 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 00:10 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 00:10 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 00:10 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 00:10 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 00:10 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 00:10 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 00:10 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 00:10 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 00:10 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 00:10 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 00:10 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 00:10 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 00:10 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 00:10 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 00:10 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 00:10 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 00:10 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 00:10 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 00:10 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 00:10 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 00:10 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 00:10 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 00:10 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 00:10 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 00:10 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 00:10 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 00:10 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 00:10 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 00:10 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 00:10 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 00:10 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 00:10 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 00:10 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 00:10 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 00:10 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 00:10 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 00:10 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 00:10 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 00:10 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 00:10 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 00:10 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 00:10 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 00:10 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 00:10 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 00:10 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 00:10 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 00:10 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 00:10 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 00:10 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 00:10 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 00:10 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 00:10 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 00:10 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 00:10 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 00:10 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 00:10 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 00:10 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 00:10 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 00:10 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 00:10 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 00:10 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 00:10 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 00:10 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 00:10 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 00:10 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 00:10 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 00:10 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 00:10 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 00:10 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 00:10 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 00:10 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 00:10 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 00:10 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 00:10 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 00:10 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 00:10 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 00:10 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 00:10 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 00:10 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 00:10 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 00:10 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 00:10 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 00:10 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 00:10 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 00:10 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 00:10 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 00:10 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 00:10 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 00:10 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 00:10 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 00:10 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 00:10 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 00:10 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-09 14:43 - 2017-07-09 14:43 - 00050137 _____ C:\Users\***\Downloads\Kontoauszug_201706.pdf
2017-07-09 14:41 - 2017-07-09 14:41 - 00015361 _____ C:\Users\***\Downloads\Kontoauszug__20170701_144158.pdf
2017-07-07 17:41 - 2017-07-07 17:41 - 00510809 _____ C:\Users\***\Desktop\giroloeschung-bei-fremdbank.pdf
2017-07-05 18:16 - 2017-07-05 18:16 - 00000000 ____D C:\Users\***\Downloads\Dateiordner_Allgemeiner_Dateiordner(1)
2017-07-05 18:16 - 2017-07-05 18:16 - 00000000 ____D C:\Users\***\Downloads\Dateiordner_Allgemeiner_Dateiordner
2017-07-05 17:01 - 2017-07-05 17:01 - 00000159 ___RH C:\WINDOWS\ctfile.rfc
2017-07-05 17:01 - 2016-09-27 17:23 - 00089600 _____ C:\WINDOWS\system32\CmdRtr64.DLL
2017-07-05 17:01 - 2016-09-27 17:22 - 00074240 _____ C:\WINDOWS\SysWOW64\CmdRtr.DLL
2017-07-05 17:01 - 2016-09-27 17:21 - 00363520 _____ C:\WINDOWS\system32\APOMgr64.DLL
2017-07-05 17:01 - 2016-09-27 17:19 - 00273920 _____ C:\WINDOWS\SysWOW64\APOMngr.DLL
2017-07-05 02:14 - 2017-07-05 02:14 - 00466048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\KSVSPI64.dll
2017-07-05 02:14 - 2017-07-05 02:14 - 00342648 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\KSVSPI32.dll
2017-07-05 02:14 - 2017-07-05 02:14 - 00245888 _____ (Creative Technology Limited) C:\WINDOWS\system32\KsDvInst.dll
2017-07-05 02:14 - 2017-07-05 02:14 - 00129656 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\SBAVMon.dll
2017-07-05 02:14 - 2017-07-05 02:14 - 00067200 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\KSPPLD64.dll
2017-07-05 02:14 - 2017-07-05 02:14 - 00067192 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\SBAVMonL.dll
2017-07-05 02:13 - 2017-07-05 02:13 - 02116728 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\ksaud.sys
2017-07-05 02:13 - 2017-07-05 02:13 - 01159856 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\KSAPO64.dll
2017-07-05 02:13 - 2017-07-05 02:13 - 00962544 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\KSAPO32.dll
2017-07-05 02:13 - 2017-07-05 02:13 - 00740096 _____ (Creative Technology Ltd) C:\WINDOWS\KSAIM64.exe
2017-07-05 02:13 - 2017-07-05 02:13 - 00496760 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\JDetect.exe
2017-07-05 02:13 - 2017-07-05 02:13 - 00051840 _____ (Creative Technology Ltd.) C:\WINDOWS\AddCat.exe
2017-07-04 18:50 - 2017-07-04 18:50 - 00000000 ____D C:\Users\***\.config
2017-06-27 16:28 - 2017-06-27 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-06-27 16:28 - 2017-04-25 14:52 - 00044304 _____ (Sophos Limited) C:\WINDOWS\system32\SophosBootTasks.exe
2017-06-27 16:28 - 2017-02-02 19:40 - 00047760 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2017-06-25 17:29 - 2017-06-25 17:34 - 00000000 ____D C:\Users\***\AppData\Local\latexdraw
2017-06-25 17:29 - 2017-06-25 17:29 - 00000870 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaTeXDraw.LNK
2017-06-25 17:29 - 2017-06-25 17:29 - 00000000 ____D C:\Users\***\.latexdraw
2017-06-20 18:31 - 2017-06-20 18:31 - 00000000 ____D C:\Users\***\Desktop\IoT
2017-06-20 17:26 - 2017-03-08 11:06 - 00314552 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftd2xx.dll
2017-06-20 17:26 - 2017-03-08 11:06 - 00274616 _____ (FTDI Ltd.) C:\WINDOWS\system32\FTLang.dll
2017-06-20 17:26 - 2017-03-08 11:06 - 00272568 _____ (FTDI Ltd.) C:\WINDOWS\SysWOW64\ftd2xx.dll
2017-06-20 17:26 - 2017-03-08 11:06 - 00168120 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftbusui.dll
2017-06-20 17:26 - 2017-03-08 11:06 - 00119680 _____ (Future Technology Devices International Ltd.) C:\WINDOWS\system32\Drivers\ftdibus.sys
2017-06-20 17:26 - 2017-03-08 11:06 - 00089792 _____ (Future Technology Devices International Ltd.) C:\WINDOWS\system32\Drivers\ftser2k.sys
2017-06-20 17:26 - 2017-03-08 11:06 - 00074968 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftcserco.dll
2017-06-20 17:26 - 2017-03-08 11:06 - 00065240 _____ (FTDI Ltd.) C:\WINDOWS\system32\ftserui2.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-07-18 21:32 - 2016-11-15 21:13 - 00000000 ____D C:\Users\***\AppData\LocalLow\Mozilla
2017-07-18 21:31 - 2017-04-20 18:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 19:13 - 2017-05-09 17:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-18 19:13 - 2016-07-25 19:12 - 00000000 ____D C:\Users\***\AppData\Roaming\stickies
2017-07-18 19:11 - 2017-04-20 19:06 - 04150574 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-18 19:11 - 2017-03-20 06:41 - 02038222 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-18 19:11 - 2017-03-20 06:41 - 00518162 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-18 19:06 - 2017-04-20 19:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-18 13:21 - 2017-03-18 13:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-18 12:31 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 12:31 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 12:29 - 2016-07-25 19:27 - 00000000 ____D C:\Users\***\AppData\Local\Adobe
2017-07-18 00:33 - 2017-04-20 18:54 - 00000000 ____D C:\Users\***
2017-07-18 00:26 - 2016-07-25 18:36 - 00000000 ____D C:\Users\***\AppData\Local\Battle.net
2017-07-17 22:52 - 2016-08-19 23:07 - 00000000 ____D C:\Users\***\AppData\Roaming\vlc
2017-07-17 21:18 - 2016-07-25 18:16 - 00000000 ____D C:\Users\***\AppData\Roaming\Spotify
2017-07-17 21:16 - 2016-07-25 18:35 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-07-17 21:11 - 2017-05-16 20:09 - 00000000 ____D C:\ProgramData\Unified Remote
2017-07-16 15:05 - 2016-08-31 18:20 - 00000000 ____D C:\Users\***\AppData\LocalLow\Temp
2017-07-16 14:59 - 2017-05-09 15:51 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-16 14:55 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Bulk SMTP Mikinos
2017-07-16 14:10 - 2017-05-21 23:06 - 00000000 ____D C:\Users\***\AppData\Local\CrashDumps
2017-07-15 17:28 - 2017-01-05 16:18 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2017-07-15 17:19 - 2016-08-06 12:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-07-15 16:48 - 2017-02-06 00:27 - 00002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-15 16:48 - 2017-02-06 00:27 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-15 16:37 - 2017-05-04 17:17 - 00026192 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-07-15 15:50 - 2017-04-20 19:03 - 00003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-15 15:50 - 2017-04-20 19:03 - 00003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-15 15:42 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-15 14:49 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-15 00:07 - 2017-02-19 23:52 - 00000000 ____D C:\Users\***\AppData\Roaming\Curse Client
2017-07-14 14:16 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 14:04 - 2016-07-28 15:50 - 00000000 ____D C:\Users\***\AppData\Roaming\texstudio
2017-07-14 12:39 - 2016-07-25 18:16 - 00000000 ____D C:\Users\***\AppData\Local\Spotify
2017-07-13 22:05 - 2016-07-25 18:23 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-07-13 00:00 - 2017-04-25 13:01 - 00002948 _____ C:\Users\***\.bash_history
2017-07-12 23:46 - 2016-08-07 21:05 - 00000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2017-07-12 15:00 - 2016-07-25 19:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 14:50 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 14:47 - 2016-07-25 17:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 14:42 - 2017-04-20 18:53 - 00461704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 00:54 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 00:53 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 00:15 - 2016-07-25 18:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 00:12 - 2016-07-25 18:09 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-11 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-03 22:06 - 2016-08-30 15:14 - 00000000 ____D C:\Spiele
2017-07-03 21:53 - 2016-07-25 18:35 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-03 11:25 - 2017-05-03 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2017-07-03 11:25 - 2016-07-25 18:30 - 00000000 ____D C:\ProgramData\elsterformular
2017-07-03 11:23 - 2016-11-15 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-03 11:23 - 2016-07-25 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-27 16:28 - 2016-08-28 15:55 - 00000000 ____D C:\ProgramData\Sophos
2017-06-27 16:27 - 2016-07-25 18:11 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-23 20:06 - 2016-09-07 19:36 - 00000000 ____D C:\Users\***\Documents\Soundaufnahmen
2017-06-23 19:20 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-22 11:11 - 2017-04-20 19:03 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-22 11:11 - 2016-07-25 17:53 - 00002383 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-22 11:11 - 2016-07-25 17:53 - 00000000 ___RD C:\Users\***\OneDrive
2017-06-20 18:35 - 2016-11-24 17:08 - 00000000 ____D C:\Users\***\Documents\ArduinoData

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-31 13:12 - 2016-08-27 18:29 - 0000600 _____ () C:\Users\***\AppData\Roaming\winscp.rnd
2017-07-16 14:09 - 2017-07-16 14:09 - 0011568 _____ () C:\Users\***\AppData\Local\InstallationConfiguration.xml
2017-07-16 14:09 - 2017-07-16 14:09 - 0140800 _____ () C:\Users\***\AppData\Local\installer.dat
2017-07-16 14:09 - 2017-07-16 14:09 - 1847296 _____ () C:\Users\***\AppData\Local\po.db
2015-03-20 11:23 - 2015-03-20 11:23 - 0001697 _____ () C:\ProgramData\CfGH0250.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001696 _____ () C:\ProgramData\CfGH0280.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000939 _____ () C:\ProgramData\CfSB1170.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0002844 _____ () C:\ProgramData\cfSB1240.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0002844 _____ () C:\ProgramData\cfSB1240A.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0003077 _____ () C:\ProgramData\cfSB1290A.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000806 _____ () C:\ProgramData\cfSB1300.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000806 _____ () C:\ProgramData\cfSB1300A.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\CfSB1360.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\CfSB1380.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\CfSB1390.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\CfSB1530.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\CfSB1532.ini
2015-03-20 11:23 - 2015-03-20 11:23 - 0000715 _____ () C:\ProgramData\cfSB1540.ini
2015-04-07 14:18 - 2015-04-07 14:18 - 0002111 _____ () C:\ProgramData\cfSB1560.ini

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Program Files (x86)\Google\Chrome\Application\wtsapi32.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-07-15 00:01

==================== Ende von FRST.txt ============================


Alt 18.07.2017, 20:40   #6
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Additions:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-07-2017
durchgeführt von *** (18-07-2017 21:35:16)
Gestartet von C:\Users\***\Downloads
Windows 10 Pro Version 1703 (X64) (2017-04-20 17:07:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1505119879-566967852-3136431682-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1505119879-566967852-3136431682-503 - Limited - Disabled)
*** (S-1-5-21-1505119879-566967852-3136431682-1001 - Administrator - Enabled) => C:\Users\***
Gast (S-1-5-21-1505119879-566967852-3136431682-501 - Limited - Disabled)
SophosSAUDENNISaaa (S-1-5-21-1505119879-566967852-3136431682-1003 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Sophos Anti-Virus (Enabled - Up to date) {FFADE7EA-DC92-4602-D6B2-626CD3450A0F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {44CC060E-FAA8-498C-EC02-591EA8C240B2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 0.0.503316767.10168048 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
calibre 64bit (HKLM\...\{C50C44CA-48EE-4052-B629-6413080A0DDD}) (Version: 2.63.0 - Kovid Goyal)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.04011 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{0FC5E486-6EA0-4665-A39D-DCC016D88632}) (Version: 4.1.04011 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DVDFab Media Player 2 (HKLM-x32\...\DVDFab Media Player 2_is1) (Version: 2.5.0.3 - Fengtao Software Inc.)
DVDFab Media Player 3 (HKLM-x32\...\DVDFab Media Player 3_is1) (Version: 3.0.0.1 - Fengtao Software Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 18.4 - Thüringer Landesfinanzdirektion)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FreeFileSync 8.10 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.10 - www.FreeFileSync.org)
Git version 2.12.2.2 (HKLM\...\Git_is1) (Version: 2.12.2.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{55669453-883A-4F15-9D3B-BC990F5C9A32}) (Version: 6.0.6 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Joe (HKLM-x32\...\{43290FA7-B861-4BC7-8AAA-00D64E87EB30}) (Version: 5.03.0000 - Wirth IT Design)
Joe (HKLM-x32\...\{F8C986EA-13F8-4B39-91C3-A6B9A851CD34}) (Version: 4.01.0000 - Wirth IT Design)
LibreOffice 5.1.5.2 (HKLM-x32\...\{03E3A5F6-2B2C-4CF6-9C18-FBB28AFA512B}) (Version: 5.1.5.2 - The Document Foundation)
MakeMKV v1.10.5 (HKLM-x32\...\MakeMKV) (Version: v1.10.5 - GuinpinSoft inc)
MATLAB R2016b (HKLM\...\Matlab R2016b) (Version: 9.1 - MathWorks)
Microsoft OneDrive (HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.7.2 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
ModelSim - Intel FPGA Starter Edition 16.1.0.196 (HKLM\...\ModelSim - Intel FPGA Starter Edition 16.1.0.196) (Version: 16.1 - Intel Corporation)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Node.js (HKLM-x32\...\{AB6EBCFD-32DA-43C4-AB2B-9461433CB57A}) (Version: 7.0.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
odrive (HKLM\...\{6273F285-379C-4044-AFEC-F04611261668}) (Version: 1.00.5659 - Oxygen Cloud, Inc.) Hidden
odrive (HKLM-x32\...\{912b68dd-1d47-4b3a-bde9-ca15e85f597b}) (Version: 1.0.5659 - Oxygen Cloud, Inc.)
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version:  - )
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Quartus Prime Lite Edition (Free) 16.1.0.196 (HKLM\...\Quartus Prime Lite Edition (Free) 16.1.0.196) (Version: 16.1 - Intel Corporation)
RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 2.01.00.04 - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (HKLM-x32\...\Samsung Scan Process Machine) (Version: 1.03.05.28 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
Simulationcraft(x64) version 7.0.3.03 (HKLM-x32\...\{AC025546-B7C5-45A7-B16A-80AE482CBB01}_is1) (Version: 7.0.3.03 - Simulationcraft)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Social2Search (HKLM\...\9069783d92779bd29ad0641563a66baf) (Version: 11.14.1.86 (i1.0) - Social2Search) <==== ACHTUNG
Sophos Anti-Virus (HKLM-x32\...\{788B9788-7F03-4A2B-8258-3445C0278C33}) (Version: 10.7.2.49 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{AFBCA1B9-496C-4AE6-98AE-3EA1CFF65C54}) (Version: 5.7.220 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 1.0.0.265 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\Spotify) (Version: 1.0.58.573.g57c9cd87 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steganos Live Encryption Engine 15 (HKLM-x32\...\{43DDC07F-2867-4407-B4FF-28EB7BA6A846}) (Version: 15.2.1 - Steganos GmbH)
Stickies 9.0b (HKLM-x32\...\ZhornStickies) (Version:  - Zhorn Software)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
TeXstudio 2.11.0 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.0 - Benito van der Zander)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.6.0 - Unified Intents AB)
Up Pro version 0.9.35.2 (HKLM-x32\...\{40369812-21FB-4BE0-8508-387636F329D1}_is1) (Version: 0.9.35.2 - Up Pro)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WeatherBuddy (HKLM-x32\...\{58E801CB-F746-428A-9211-E69469B220BB}) (Version: 1.0.21 - ELLS LLC) <==== ACHTUNG
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows-Treiberpaket - Altera (WinUSB) JTAG cables  (02/11/2014,2014.02.11 ) (HKLM\...\6D27F566AFC20C2281F903D0D9620D335BBAF1AB) (Version: 02/11/2014,2014.02.11  - Altera)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSCP 5.9 (HKLM-x32\...\winscp3_is1) (Version: 5.9 - Martin Prikryl)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)
yEd Graph Editor 3.17 (HKLM\...\3309-7404-0599-8908) (Version: 3.17 - yWorks GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.279 - Company Inc.) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6A1CBC5EACA5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{12169bcc-8965-4f35-93ae-e3c8554b7599}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{35B08E96-DA1F-4321-BF80-D6B53C20F3CF}\InprocServer32 -> C:\Users\***\.odrive\bin\6207\x64\SyncedOverlay.dll ()
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{4585263E-BEF5-4A39-A2E8-8F69E0054F0C}\InprocServer32 -> C:\Users\***\.odrive\bin\6207\x64\ActiveOverlay.dll ()
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{679ADC87-66BB-43BF-9DC3-3DE2E4A32B8C}\InprocServer32 -> C:\Users\***\.odrive\bin\6207\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{E07BCA71-E88B-4A5E-BA46-69A52D6B9B20}\InprocServer32 -> C:\Users\***\.odrive\bin\6207\x64\LockedOverlay.dll ()
CustomCLSID: HKU\S-1-5-21-1505119879-566967852-3136431682-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ 0drive.Active] -> {4585263E-BEF5-4A39-A2E8-8F69E0054F0C} => C:\Users\***\.odrive\bin\6207\x64\ActiveOverlay.dll [2017-03-04] ()
ShellIconOverlayIdentifiers: [ 0drive.Locked] -> {E07BCA71-E88B-4A5E-BA46-69A52D6B9B20} => C:\Users\***\.odrive\bin\6207\x64\LockedOverlay.dll [2017-03-04] ()
ShellIconOverlayIdentifiers: [ 0drive.Synced] -> {35B08E96-DA1F-4321-BF80-D6B53C20F3CF} => C:\Users\***\.odrive\bin\6207\x64\SyncedOverlay.dll [2017-03-04] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [ 0drive] -> {679ADC87-66BB-43BF-9DC3-3DE2E4A32B8C} => C:\Users\***\.odrive\bin\6207\x64\ContextMenu.dll [2017-03-04] ()
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-03-08] ()
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers01: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers01: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2017-04-25] (Sophos Limited)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Keine Datei
ContextMenuHandlers02: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2017-04-25] (Sophos Limited)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers04: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers04: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2017-04-25] (Sophos Limited)
ContextMenuHandlers05: [ 0drive] -> {679ADC87-66BB-43BF-9DC3-3DE2E4A32B8C} => C:\Users\***\.odrive\bin\6207\x64\ContextMenu.dll [2017-03-04] ()
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [ 0drive] -> {679ADC87-66BB-43BF-9DC3-3DE2E4A32B8C} => C:\Users\***\.odrive\bin\6207\x64\ContextMenu.dll [2017-03-04] ()
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers06: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2017-04-25] (Sophos Limited)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> Keine Datei

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0430631C-1AF9-451E-9AEE-3A1A86E8A998} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {0B69BD62-50C1-415D-A310-D07A82BAE2F7} - System32\Tasks\U2_2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files (x86)\YiuAskU2\EUJHowC.dll",#1
Task: {2B0CD646-23DD-4205-B0DD-3973586DB101} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {30F0E87D-3218-498E-95C3-62439A0B1C4F} - System32\Tasks\Bulk SMTP Mikinos => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Bulk SMTP Mikinos\Bulk SMTP Mikinos.dll",vpMwTenvT <==== ACHTUNG
Task: {347F33CB-BE6C-4D96-AEB4-832FA061742D} - System32\Tasks\MATLAB R2016b Startup Accelerator => E:\Matlab\bin\win64\MATLABStartupAccelerator.exe [2016-07-22] ()
Task: {3582FC1A-1FFD-4FA5-BACA-4F5C93FC1354} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {3AA54152-0F35-4DFC-AD8C-A1F9F0B8A338} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {49E4F9C7-3B83-4D70-BA64-09D567FC16CD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
Task: {4AEB2C41-A7DA-4965-AE6C-F303DD0B3D3D} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe
Task: {4E106BCB-BBC1-4789-8ED6-34B7BD36F7E7} - System32\Tasks\9069783d92779bd29ad0641563a66baf => sc start 9069783d92779bd29ad0641563a66baf <==== ACHTUNG
Task: {5E85FA1E-40CC-44A3-A733-A2759212C456} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Task: {6055DD6C-DE62-4850-9D3D-46D74F076D33} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B2 => rundll32 "C:\Program Files (x86)\YiuAskU\nISNhLA.dll",#1 <==== ACHTUNG
Task: {68B8315F-0289-4AD8-9DBB-A917E970D25D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {70E69644-1EC2-4ED7-848A-18B312B4ABFE} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {73A96261-91EA-445C-8C0C-895ACFFB640E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {764051A1-FECA-4AF9-9932-BB6C66DF9885} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {768446D0-8F2F-4D24-AACB-77FBDA2165E9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {9965EF27-4E5E-4788-A807-FF581C62F3FE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {A1A5D3D9-6FCE-46CE-9870-DEF6EBE6FC0B} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Task: {B9B0F4B8-B7CA-4F7D-8C99-718ACD60C007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-25] (Google Inc.)
Task: {C6F0A288-3D22-4C09-B83F-A2CCBD3059A6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-25] (Dropbox, Inc.)
Task: {DFA72166-5E63-4A83-BEBC-41C75D913B19} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)
Task: {E34F5027-196E-4BCB-9705-F744535EA4C4} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-***l@web.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {EB214995-796D-4DAA-AB5F-82CCA2C10D85} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
Task: {F0C10851-8114-44BB-8ABB-E561CCDD851B} - System32\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B => rundll32 "C:\Program Files (x86)\YiuAskU\nISNhLA.dll",#1 <==== ACHTUNG
Task: {F4ED6C87-D321-4CD6-9A3C-FCEE3D07000F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-07-25] (Dropbox, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\2C6A44CB-AD42-4731-A544-3FBD3D83AB5B.job => C:\Program Files (x86)\YiuAskU\nISNhLA.dll <==== ACHTUNG
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2016b Startup Accelerator.job => E:\Matlab\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ACHTUNG

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-05-09 17:31 - 2017-05-03 22:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-04-26 17:12 - 2016-10-25 01:59 - 00311808 _____ () E:\altera\quartus\bin64\jtagserver.exe
2017-04-26 17:12 - 2016-10-25 01:56 - 00056320 _____ () E:\altera\quartus\bin64\ccl_ver.dll
2017-04-26 17:12 - 2016-10-25 07:27 - 00064512 _____ () E:\altera\quartus\bin64\pgm_pgmdrv_apu_usb.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00179200 _____ () E:\altera\quartus\bin64\ccl_mem.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00427520 _____ () E:\altera\quartus\bin64\CCL_GEN.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00185344 _____ () E:\altera\quartus\bin64\CCL_FIO.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00823296 _____ () E:\altera\quartus\bin64\CCL_MSG.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00056832 _____ () E:\altera\quartus\bin64\CCL_ERR.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00054272 _____ () E:\altera\quartus\bin64\ccl_thr.dll
2017-04-26 17:13 - 2016-10-25 00:49 - 00007168 _____ () E:\altera\quartus\bin64\tbbamalloc.dll
2017-04-26 17:12 - 2015-12-09 01:54 - 00903680 _____ () E:\altera\quartus\bin64\boost_regex-mt.dll
2017-04-26 17:12 - 2015-12-09 01:54 - 00019456 _____ () E:\altera\quartus\bin64\boost_system-mt.dll
2017-04-26 17:12 - 2015-12-09 01:54 - 00116736 _____ () E:\altera\quartus\bin64\boost_filesystem-mt.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00156672 _____ () E:\altera\quartus\bin64\ccl_cfg_ini.dll
2017-04-26 17:12 - 2016-10-25 08:49 - 00132096 _____ () E:\altera\quartus\bin64\ccl_qtl.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00100352 _____ () E:\altera\quartus\bin64\CCL_BIG.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00108032 _____ () E:\altera\quartus\bin64\CCL_FSTR.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00057856 _____ () E:\altera\quartus\bin64\ccl_tst.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00378368 _____ () E:\altera\quartus\bin64\ccl_atcl.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00046592 _____ () E:\altera\quartus\bin64\ccl_xml.dll
2017-04-26 17:12 - 2016-10-25 08:49 - 00158720 _____ () E:\altera\quartus\bin64\DB_PDB.dll
2017-04-26 17:12 - 2016-10-25 01:57 - 00771072 _____ () E:\altera\quartus\bin64\ccl_sqlite3.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00076800 _____ () E:\altera\quartus\bin64\ccl_zlib.dll
2017-04-26 17:12 - 2016-10-25 01:56 - 00018944 _____ () E:\altera\quartus\bin64\CCL_CLW.dll
2017-04-26 17:12 - 2016-10-25 00:49 - 00002048 _____ () E:\altera\quartus\bin64\icudt34.dll
2016-08-28 15:57 - 2016-08-28 15:57 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-08-28 15:56 - 2016-08-28 15:56 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-08-28 15:57 - 2016-08-28 15:57 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-08-28 15:56 - 2016-08-28 15:56 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-08-28 15:56 - 2016-08-28 15:56 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-08-28 15:56 - 2016-08-28 15:56 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-17 21:58 - 2017-03-04 05:38 - 00715020 _____ () C:\Users\***\.odrive\bin\6207\x64\ContextMenu.dll
2017-03-17 21:58 - 2016-01-11 22:53 - 00130560 _____ () C:\Users\***\.odrive\bin\6207\x64\win32api.pyd
2017-03-17 21:58 - 2016-01-11 22:52 - 00137728 _____ () C:\Users\***\.odrive\bin\6207\x64\pywintypes27.dll
2017-03-17 21:58 - 2016-01-11 22:54 - 00548864 _____ () C:\Users\***\.odrive\bin\6207\x64\pythoncom27.dll
2017-03-17 21:58 - 2016-01-11 22:53 - 00017920 _____ () C:\Users\***\.odrive\bin\6207\x64\win32trace.pyd
2017-03-17 21:58 - 2016-06-27 17:26 - 00051712 _____ () C:\Users\***\.odrive\bin\6207\x64\_socket.pyd
2017-03-17 21:58 - 2016-01-11 22:53 - 00223744 _____ () C:\Users\***\.odrive\bin\6207\x64\win32gui.pyd
2017-03-17 21:58 - 2016-01-11 22:57 - 00522240 _____ () C:\Users\***\.odrive\bin\6207\x64\win32com.shell.shell.pyd
2017-03-17 21:58 - 2016-06-27 17:25 - 00121344 _____ () C:\Users\***\.odrive\bin\6207\x64\_ctypes.pyd
2017-03-18 22:59 - 2017-03-20 06:43 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2017-07-05 17:01 - 2016-09-27 17:23 - 00089600 _____ () C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2017-07-05 17:01 - 2016-09-27 17:21 - 00363520 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2016-09-19 11:30 - 2016-08-16 03:26 - 01623040 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe
2016-10-25 10:57 - 2016-10-25 10:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-05-23 17:36 - 2017-05-23 17:36 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 22:07 - 2017-06-22 22:07 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 22:07 - 2017-06-22 22:07 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 22:07 - 2017-06-22 22:07 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-13 15:52 - 2017-06-13 15:52 - 04323840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-13 15:50 - 2017-06-13 15:51 - 03500456 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1602.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 23624704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-07-09 12:49 - 2017-07-09 12:49 - 08850944 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17054.14711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-09 12:49 - 2017-07-09 12:49 - 27590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 00428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 20649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 02305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 02856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-05-23 17:36 - 2017-05-23 17:36 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-05 21:14 - 2017-06-05 21:15 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-07-25 18:46 - 2016-07-25 18:47 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-09 12:49 - 2017-07-09 12:49 - 01127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-05 11:45 - 2017-05-05 11:46 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2015-07-24 14:34 - 2015-07-24 14:34 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-05-09 17:31 - 2017-05-03 22:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-05-09 17:32 - 2017-05-03 22:20 - 65709176 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-07-18 19:13 - 2017-07-18 19:13 - 00098816 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32api.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00110080 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\pywintypes27.dll
2017-07-18 19:13 - 2017-07-18 19:13 - 00364544 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\pythoncom27.dll
2017-07-18 19:13 - 2017-07-18 19:13 - 00320512 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32com.shell.shell.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00914432 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_hashlib.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 01176576 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._core_.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00806400 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._gdi_.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00816128 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._windows_.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 01067008 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._controls_.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00733184 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._misc_.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00682496 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\pysqlite2._sqlite.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00088064 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_ctypes.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00686080 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\unicodedata.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00119808 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32file.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00108544 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32security.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00007168 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\hashobjs_ext.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00017920 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\thumbnails_ext.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00088064 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\usb_ext.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00012800 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\common.time34.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00018432 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32event.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00167936 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32gui.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00046080 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_socket.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 01303552 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_ssl.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00128512 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_elementtree.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00127488 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\pyexpat.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00038912 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32inet.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00036864 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_psutil_windows.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00524248 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\windows._lib_cacheinvalidation.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00011264 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32crypt.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00123392 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._wizard.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00077312 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._html2.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00027648 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_multiprocessing.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00020480 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\_yappi.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00035840 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32process.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00078848 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\wx._animate.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00024064 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32pipe.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00010240 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\select.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00025600 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32pdh.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00017408 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32profile.pyd
2017-07-18 19:13 - 2017-07-18 19:13 - 00022528 ____R () C:\Users\***\AppData\Local\Temp\_MEI120682\win32ts.pyd
2016-09-19 11:30 - 2015-02-24 23:44 - 00783360 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_hashlib.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00047104 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_socket.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00009728 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\select.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00758784 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\unicodedata.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00084992 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_ctypes.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00053760 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_bz2.pyd
2016-09-19 11:30 - 2015-10-25 05:32 - 01861120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtCore.pyd
2016-09-19 11:30 - 2015-10-25 05:00 - 00075264 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\sip.pyd
2016-09-19 11:30 - 2015-02-24 23:43 - 00137216 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\_lzma.pyd
2016-09-19 11:30 - 2015-10-25 05:36 - 02002944 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtGui.pyd
2016-09-19 11:30 - 2015-10-25 05:43 - 04101120 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\PyQt5.QtWidgets.pyd
2016-09-19 11:30 - 2015-12-16 00:18 - 00039424 _____ () C:\Program Files (x86)\TradeSkillMaster Application\app\psutil._psutil_windows.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 22:05 - 2017-07-12 21:58 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-06-15 12:23 - 2017-07-12 21:58 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 01862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-06-15 12:23 - 2017-07-12 21:58 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 22:05 - 2017-07-12 21:58 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-06-15 12:23 - 2017-07-12 21:58 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 22:05 - 2017-07-12 21:59 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 22:05 - 2017-07-12 21:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 22:05 - 2017-07-12 21:59 - 00181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-06-15 12:23 - 2017-07-12 22:01 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 22:05 - 2017-07-12 21:59 - 00024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 22:05 - 2017-07-12 21:59 - 01637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-06-15 12:23 - 2017-07-12 22:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-06-15 12:23 - 2017-07-12 22:01 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 22:05 - 2017-07-12 22:00 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-12-09 16:09 - 2016-12-09 16:09 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-12-02 02:54 - 2016-12-02 02:54 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-12-02 02:54 - 2016-12-02 02:54 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-12-02 02:54 - 2016-12-02 02:54 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-12-02 02:54 - 2016-12-02 02:54 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-12-09 16:09 - 2016-12-09 16:09 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-12-02 02:54 - 2016-12-02 02:54 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 09:24 - 2017-07-15 15:29 - 00013566 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 clients2.google.com 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
127.0.0.1	gf.tools.avast.com
127.0.0.1	pair.ff.avast.com
127.0.0.1	ipm-provider.ff.avast.com
127.0.0.1	ipm-provider.ff.avast.com
127.0.0.1	ipm-provider.ff.avast.com
127.0.0.1	id.avast.com
127.0.0.1	v4618535.iavs9x.u.avast.com
127.0.0.1	v4618535.ivps9x.u.avast.com
127.0.0.1	v4618535.ivps9tiny.u.avast.com
127.0.0.1	v4618535.vpsnitro.u.avast.com
127.0.0.1	v4618535.vpsnitrotiny.u.avast.com
127.0.0.1	v4618535.iavs5x.u.avast.com
127.0.0.1	v7.stats.avast.com
127.0.0.1	v7.stats.avast.com
127.0.0.1	v7event.stats.avast.com
127.0.0.1	sm00.avast.com
127.0.0.1	submit5.avast.com
127.0.0.1	geoip.avast.com
127.0.0.1	w9448963.iavs9x.u.avast.com
127.0.0.1	w9448963.ivps9x.u.avast.com
127.0.0.1	w9448963.ivps9tiny.u.avast.com
127.0.0.1	w9448963.vpsnitro.u.avast.com
127.0.0.1	w9448963.vpsnitrotiny.u.avast.com
127.0.0.1	w9448963.iavs5x.u.avast.com
127.0.0.1	v7.stats.avast.com
127.0.0.1	v7.stats.avast.com
127.0.0.1	v7event.stats.avast.com

Da befinden sich 333 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1505119879-566967852-3136431682-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\03357_upekkha_2560x1080.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\StartupFolder: => "odrive.lnk"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "RESTART_STICKY_NOTES"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "CL04YP20DFRWQ7T"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "5TLM3AUQLYFV5ON"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "FULKLUTFVSOODJV"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "MC7MEQEBHRC8PCS"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "0UKJWQG3XLSBYY4"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "E4U4DYGO85T49D2"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "4861206DOOA101C"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "F8SUNXVC7QWTOOD"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "SVZWQFB17CNYHUE"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "ZF1EEX2DK2JLDUG"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "UC6I7LB58GEB40G"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "XMD9GLAIL0901QN"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "PHZ5KB27COR8SX2"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "467IPYRY8ESVDOB"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "H7M12ML8A93J3M1"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "ZG0GLXIMTPWFRF0"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "082NNTU50H0R0A9"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "Z30EXMJL1G3FYWX"
HKU\S-1-5-21-1505119879-566967852-3136431682-1001\...\StartupApproved\Run: => "WeatherBuddy"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{E997F6FB-1D95-4C40-825C-B8E49264BCD1}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A9441D-8A91-48A9-BE1D-E61BE38E07BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe
FirewallRules: [{299E6EE1-F137-4061-A30F-0586F2756A89}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe
FirewallRules: [{B476B051-C73B-4C36-A2EB-84BCD689D0D7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{84705CE8-32A4-4B4B-8DD0-92EF2DEDC9B5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe
FirewallRules: [{87183F6A-DF35-42A4-85E5-D43AA0A58E1C}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1D7F6AFB-9563-48F5-80B4-522424B4A698}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [UDP Query User{92B18C6F-CF85-4015-9E03-B59172D915D3}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [TCP Query User{0187E4F7-3A17-4D92-9AFE-2FD4113B3A7D}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{520C62A1-A625-447E-B1AB-90D939CF8C49}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{65850A49-42D8-49CB-83D3-0057A16F2EBB}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{4CAD215E-181E-417F-B895-BF366E6B813D}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{CF4B5E8E-9D8F-47D3-BCDD-CDAC2B63258A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [UDP Query User{5E60F8B0-74E3-4669-8F0F-7701DEC46DFD}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Block) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [TCP Query User{F452E079-2AE7-4FD0-A4C2-8C872332F565}C:\program files (x86)\makemkv\makemkvcon64.exe] => (Block) C:\program files (x86)\makemkv\makemkvcon64.exe
FirewallRules: [{7AEADE6F-1EE6-4A31-B469-DDF1E9C18337}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{867B4CF3-5EBE-4558-BAE1-A95BF4671DA1}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [UDP Query User{8DB9955A-5E54-4537-A7B8-AD294A8B529B}E:\spiele\overwatch\overwatch.exe] => (Allow) E:\spiele\overwatch\overwatch.exe
FirewallRules: [TCP Query User{40F36F2E-7CB7-41A6-8010-6ECDBD75F41F}E:\spiele\overwatch\overwatch.exe] => (Allow) E:\spiele\overwatch\overwatch.exe
FirewallRules: [UDP Query User{7CA6DDE1-726A-4C40-AC05-2867DCE8F6F0}C:\program files\windowsapps\arduinollc.arduinoide_1.8.1.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.1.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{4FFDBA27-A5B3-421A-AA65-E7ABBE4AE16F}C:\program files\windowsapps\arduinollc.arduinoide_1.8.1.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.1.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{78717CFC-DAB4-409E-9D89-90117FE2B283}E:\matlab\bin\win64\matlab.exe] => (Allow) E:\matlab\bin\win64\matlab.exe
FirewallRules: [TCP Query User{8102AC8F-6943-4AAF-A7C5-F365E79BBBDA}E:\matlab\bin\win64\matlab.exe] => (Allow) E:\matlab\bin\win64\matlab.exe
FirewallRules: [UDP Query User{82AEA682-44BD-4DEB-9A1E-4D9820B21F4E}C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{43D79E03-53D9-4AB7-AF4E-44D41B2F758A}C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.13.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{3F661070-92F5-4AA2-8050-27E17D40386E}C:\program files\windowsapps\arduinollc.arduinoide_1.6.11.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.11.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [TCP Query User{093CBDB6-A804-4533-A7C0-5E1C01F1F84E}C:\program files\windowsapps\arduinollc.arduinoide_1.6.11.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.6.11.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{63A10C49-C0BF-4261-A3A3-AB4D1F4694FF}E:\altera\quartus\bin64\quartus.exe] => (Allow) E:\altera\quartus\bin64\quartus.exe
FirewallRules: [TCP Query User{FC94F2C5-466B-4637-86B1-4C88B2078FCA}E:\altera\quartus\bin64\quartus.exe] => (Allow) E:\altera\quartus\bin64\quartus.exe
FirewallRules: [UDP Query User{D07EB5C6-AC24-4CA4-A905-BBDEE975FFC6}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [TCP Query User{B2148CA7-62A6-4A3C-897B-DA097DD346BD}C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8098\battle.net.exe
FirewallRules: [{6F7D5033-9F65-49EA-B1EE-674EE5B7078C}] => (Allow) E:\altera\quartus\bin64\jtagserver.exe
FirewallRules: [{97C38A16-A500-4C21-820F-88898299E228}] => (Allow) E:\altera\quartus\bin64\jtagserver.exe
FirewallRules: [{963A0D43-19C5-4DD7-A674-85661A8D1912}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA8667FC-7DCA-44C5-BE89-1F3DA61065DD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FAADB4BC-A7D3-4D14-A371-CDEA8E497C58}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{50117800-5B93-4C91-AB1E-B9AE170C7E41}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C4BDCAA4-992A-4EA0-A9F3-BFDE20D48183}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{30536E30-6871-4B0E-8929-6ECF847A8193}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FBF897CC-BD0C-409A-8D45-1349E64D44D7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4C566C5A-A9F1-4575-8AEC-D75A8C13C75E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5DFFBC7-B3BD-4F9E-B381-700993ED22FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6549275F-DD21-4EEE-B026-8AD653815851}E:\spiele\hearthstone\hearthstone.exe] => (Allow) E:\spiele\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BC433E58-98A5-408E-950F-01E3FAA2D56E}E:\spiele\hearthstone\hearthstone.exe] => (Allow) E:\spiele\hearthstone\hearthstone.exe
FirewallRules: [{B90AF9CD-178F-4AD8-8DBE-7A5831F3B558}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BF9FB831-24BC-4DAF-A034-6ED2B848119A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{3E6AD64E-AE55-4B9E-8ABB-534E03E4AA8E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E85A1E0E-BDC1-4E10-B1EB-DB9038FAED97}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{7496ADBE-164B-4BDC-A1CC-156189469B49}E:\spiele\diabolo iii\diablo iii\diablo iii.exe] => (Allow) E:\spiele\diabolo iii\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{2D01F9D0-7B5F-41AD-B36D-1271EACE4CAA}E:\spiele\diabolo iii\diablo iii\diablo iii.exe] => (Allow) E:\spiele\diabolo iii\diablo iii\diablo iii.exe
FirewallRules: [{DA99AE1A-394E-4584-99EE-A88747FF9997}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{437A70A3-EFA2-436A-8897-257F85064A72}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6C578B20-142D-403D-8251-3949490438D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{66C2C1B1-9FB2-44FA-AB9B-E8D23C8225B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{52603933-E670-49AB-8247-E2A5C4B1036E}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [UDP Query User{B88CDE6C-9C90-4E44-BA96-009AEB2F3802}C:\program files (x86)\gigabyte\@bios\flashbios.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\flashbios.exe
FirewallRules: [{519A87FD-C346-4EDF-B3D7-3BE514CEB515}] => (Allow) LPort=9009
FirewallRules: [{4BFC3780-01FF-494E-8439-725BAA1DB9B3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{468F46F2-F6BA-4D9A-97C3-63143A8B99BE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{090EE680-987E-460B-BCC8-1DCB0E87FF79}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{B4DBAE43-DD0B-4038-999D-CFA0A0539FC4}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{70E6E973-F84D-418E-AFB7-52EA5182CA9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DDA28C08-D877-4B9C-AE6F-01971A974AA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{5DBC46E5-CC75-4F6E-9C52-82AED85A8BEA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{12C5FCC3-6090-40D9-8FDD-BAF4A2D5BB97}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3035A74-1014-4360-8345-92BF6A6AF5C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8251A27A-74A4-4571-9C8B-79503EA9E539}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D25EE9D8-49C8-4885-810E-D609546FA11A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3701E7D0-4ED2-462A-9D69-74B80765CEA6}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [{A7108D67-CE8A-4A00-A198-6FCAFD094949}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
FirewallRules: [TCP Query User{63370AB5-2AB6-4010-98D2-5B1DECF103EC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{638B6448-0BD6-4DFF-B449-224F03EA1AA2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{E427D4FD-774D-4471-9335-24124436FDDB}C:\program files\windowsapps\arduinollc.arduinoide_1.8.6.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.6.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [UDP Query User{1FD8DCDC-432D-4BD5-A6EF-23C2D423FD41}C:\program files\windowsapps\arduinollc.arduinoide_1.8.6.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.6.0_x64__mdqgnx93n4wtt\java\bin\javaw.exe
FirewallRules: [{0BACD1F7-16DE-4E04-8CFA-5F7D80A443CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{545C3DB8-C4DC-4845-9E90-667324CC17B1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{5929CF01-72F4-4CC3-BE10-2CEB5C217B6F}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{41C496EA-5B4C-4848-A899-237CCB75FE57}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [{C96E98AA-7228-40BF-AC14-7788C80C6E30}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{8ED389AE-2BE3-4D5E-A399-6542C4650335}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{9C0E0AAA-3779-49FC-8CB2-4B3EC0AB43B4}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/18/2017 12:39:55 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (07/17/2017 11:14:58 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (07/16/2017 02:14:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DENNIS)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147024865. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/16/2017 02:14:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DENNIS)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/16/2017 02:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.447, Zeitstempel: 0xd51d5c5e
Ausnahmecode: 0xc0000028
Fehleroffset: 0x000a38a6
ID des fehlerhaften Prozesses: 0x3274
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c7173d52f
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\GHaz6QtMs\linker.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 2bcfa22c-3f11-4cf5-8ac6-ae96bf37bc0c
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 02:10:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.447, Zeitstempel: 0xd51d5c5e
Ausnahmecode: 0xc0000028
Fehleroffset: 0x000a38a6
ID des fehlerhaften Prozesses: 0x32d8
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c71b592db
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\SNPc6Wmli\linker.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: cd7e1b02-9720-4c2e-aa26-dda6ebc16538
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 02:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00450e2a
ID des fehlerhaften Prozesses: 0x3274
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c7173d52f
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\GHaz6QtMs\linker.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 61a0a419-8d83-4f9d-9860-712871784b59
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 02:10:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00450e2a
ID des fehlerhaften Prozesses: 0x32d8
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c71b592db
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\SNPc6Wmli\linker.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 3eb113d6-8b2a-4bcf-a3f9-92dc9fca2651
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 02:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00450e2a
ID des fehlerhaften Prozesses: 0x32d8
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c71b592db
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\SNPc6Wmli\linker.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: ebddec93-fb59-4599-92e1-e70dc34d0fd9
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 02:10:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: linker.exe, Version: 1.0.0.1, Zeitstempel: 0x596b563b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00001a5
Fehleroffset: 0x00450e2a
ID des fehlerhaften Prozesses: 0x3274
Startzeit der fehlerhaften Anwendung: 0x01d2fe2c7173d52f
Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\GHaz6QtMs\linker.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 2af9c1b8-eea3-4ba4-806e-5d644758dbae
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (07/18/2017 07:06:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "9069783d92779bd29ad0641563a66baf" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (07/18/2017 07:06:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "9069783d92779bd29ad0641563a66baf" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (07/18/2017 07:06:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/18/2017 01:21:18 PM) (Source: DCOM) (EventID: 10010) (User: DENNIS)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/18/2017 01:21:18 PM) (Source: DCOM) (EventID: 10010) (User: DENNIS)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/18/2017 01:21:18 PM) (Source: DCOM) (EventID: 10010) (User: DENNIS)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/18/2017 01:21:18 PM) (Source: DCOM) (EventID: 10010) (User: DENNIS)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/18/2017 01:21:18 PM) (Source: DCOM) (EventID: 10010) (User: DENNIS)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/18/2017 12:26:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "9069783d92779bd29ad0641563a66baf" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (07/18/2017 12:26:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "9069783d92779bd29ad0641563a66baf" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU G4560 @ 3.50GHz
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 8145.43 MB
Verfügbarer physikalischer RAM: 5028.79 MB
Summe virtueller Speicher: 12753.43 MB
Verfügbarer virtueller Speicher: 8973.6 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:116.94 GB) (Free:7.67 GB) NTFS
Drive e: (Intern) (Fixed) (Total:931.51 GB) (Free:406.64 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 117.4 GB) (Disk ID: 07F88B43)
Partition 1: (Not Active) - (Size=116.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D8F89135)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Alt 19.07.2017, 10:50   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Zitat:
im abgesicherten Modus konnte ich den ESET online Scanner nutzen.
Schön, dass du das Log dazu nicht postest
__________________
Logfiles bitte immer in CODE-Tags posten
Geändert von cosinus (19.07.2017 um 11:05 Uhr)

Alt 19.07.2017, 12:06   #8
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Ich fürchte das log hab ich nicht mehr

Hatte wohl die portable Version geladen und in meiner säuberungsaktion danach das log direkt mit gelöscht. Finde nur noch ein log von 2016...das aktuelle ist wohl weg.

Wenn dir FRST und ADDITIONS keine Infos mehr geben dann ist es wohl wirklich nur noch irgendein Chrome Addon was da PopUps erzeugt. Firefox geht wieder einwandfrei

Alt 19.07.2017, 14:29   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


nö, du hast einfach auf eigene Faust gehandelt obwohl du hier schon vorher Hilfe angefordert hast...und wenn man dann Anleitungen nicht richtig liest passiert sowas.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.07.2017, 18:14   #10
Master1991
 
SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Standard

SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


Gut gut, ist ja auch alles wieder gut
Ist ja nicht so das ich keine Ahnung hätte.

Das mit dem posten war ja so ein Problem. Es wäre eben einige riesige Anzahl Beiträge geworden, weil das posten mit Code Tags eben Trojanerbedingt nicht richtig ging. Der ganze Browser hat gesponnen...ich musste selber handeln.

Ich danke dir dennoch für die Bemühung mir helfen zu wollen

Antwort

Themen zu SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop
apptrailers, ausgeschaltet, beitrag, code, converter, installation, installiere, installieren, installiert, lädt, malwarebytes, neue, nicht mehr, node.js, not, poste, scan, schei, seite, spamming, super, troja, trojaner, trotz, verhindern, video, voller, website, windowsapps


« Windows 8: launchpage.org und "Startmenü wurde aktualisiert" Meldung beim Hochfahren | Windows 10: Keine Downloads mehr möglich »


Ähnliche Themen: SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop


  1. Super Konverter installiert und Malware/Viren bekommen
    Log-Analyse und Auswertung - 07.03.2017 (21)
  2. Trojaner Super Easy Driver Updater bei Windows Vista wie kann ich es entfernen? Geek Uninstaller installiert keine Entfernung möglich
    Log-Analyse und Auswertung - 18.10.2015 (4)
  3. Danke schrauber, alles super!
    Lob, Kritik und Wünsche - 19.03.2015 (0)
  4. Win 7 (64): Browser voller Toolbars, Startseite geändert, alles doppelt unterstrichen; MBAM startet nicht ...
    Plagegeister aller Art und deren Bekämpfung - 07.07.2014 (20)
  5. ALLES voller Werbung (und wer weiß was sonst noch)
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (11)
  6. Alles Super funktioniert Danke an Schrauber
    Lob, Kritik und Wünsche - 09.07.2013 (1)
  7. C festplatte wird voller, ohne das was installiert wird
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (11)
  8. Trojaner über eigene Website - alles probiert, Problem nach wie vor
    Plagegeister aller Art und deren Bekämpfung - 06.08.2012 (28)
  9. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare [Update]
    Nachrichten - 10.07.2010 (0)
  10. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare
    Nachrichten - 09.07.2010 (0)
  11. alles voller viren, von würmern bis trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.01.2009 (14)
  12. Hilfe alles voller Viren!!!!!!!!!!!!
    Mülltonne - 11.01.2009 (0)
  13. Hilfe ! alles voller viren ?!
    Plagegeister aller Art und deren Bekämpfung - 15.09.2008 (6)
  14. AHHHHhhh, alles voller Viren... was tun?
    Mülltonne - 14.11.2007 (0)
  15. XP neu installiert-winExplorer super langsam
    Alles rund um Windows - 21.07.2005 (4)
  16. Virenscanner weg und alles voller Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 10.12.2004 (4)
  17. Alles super-langsam
    Log-Analyse und Auswertung - 08.11.2004 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop - Habe SUPER (Video Converter) installiert. Bisher war das immer ganz okay scheinbar hat sich das drastisch geändert Hier die Scan results: Ich kann Malwarebytes gar nicht mehr installieren, ständig reakitivert - SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop...
Archiv
Du betrachtest: SUPER installiert --> alles voller Trojaner / Website spamming bigpicturepop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54