Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Microsoft-Ansage "Pc deaktivieren" Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.09.2017, 21:55   #1
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Hallo,

als ich gerade meinen PC angemacht habe kam eine Ansage: Ihr PC ist mit einem Virus infiziert, rufen sie sofort bei Microsoft an. Der Virus gibt Kreditkartendaten weiter. Wenn sie nicht anrufen müssen wir ihren PC deaktivieren".

Bin total besorgt.

So ungefähr wurde das gesagt, AVIRA meinte auch irgendwas gefunden zu haben, kann jetzt ohne Datensicherung erst nicht direkt neuaufsetzen. Könnt ihr mir dabei irgendwie helfen?

Vielen Dank schonmal

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2017 01
durchgeführt von Christophh (Administrator) auf CHRISTOPH (19-09-2017 22:11:41)
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh (Verfügbare Profile: Christophh)
Platform: Windows 10 Pro N Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(AVM Berlin) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [919032 2017-09-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-02-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ebeed22-0f5c-4834-a642-ac386011e952}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-10-28] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-19] (Microsoft Corporation)
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-28] (DVDVideoSoft Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-19] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF DefaultProfile: wnpf6fue.default
FF ProfilePath: C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default [2017-09-19]
FF NetworkProxy: Mozilla\Firefox\Profiles\wnpf6fue.default -> type", 0
FF Extension: (OffersOlymp) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\@offersolymp.xpi [2017-08-24]
FF Extension: (ProxTube) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\ich@maltegoetz.de.xpi [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-19] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Google Slides) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (OffersOlymp) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Yahoo Partner) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbiilhoacmmppcmcogfmaailncbelbgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-13] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [404816 2017-08-15] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-24] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176856 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-11-01] (AVM Berlin)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-19 22:11 - 2017-09-19 22:11 - 000025413 _____ C:\Users\Christophh\Downloads\FRST.txt
2017-09-19 22:11 - 2017-09-19 22:11 - 000000000 ____D C:\FRST
2017-09-19 22:10 - 2017-09-19 22:10 - 002399744 _____ (Farbar) C:\Users\Christophh\Downloads\FRST64.exe
2017-09-12 23:00 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 23:00 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 23:00 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 23:00 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 23:00 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 23:00 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 23:00 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 23:00 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 23:00 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 22:59 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 22:59 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 22:59 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 22:59 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 22:59 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 22:59 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 22:59 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 22:59 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 22:59 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 22:59 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 22:59 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 22:59 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 22:59 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 22:59 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 22:59 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 22:59 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 22:59 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 22:59 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 22:59 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 22:59 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 22:59 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 22:59 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 22:59 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 22:59 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 22:59 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 22:59 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 22:59 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 22:59 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 22:59 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 22:59 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 22:59 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 22:59 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 22:59 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-08 11:59 - 2017-09-08 11:59 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-06 23:49 - 2017-09-06 23:49 - 000000041 _____ C:\Users\Christophh\Desktop\sky.txt
2017-09-05 00:11 - 2017-09-05 00:11 - 005004137 _____ C:\Users\Christophh\Desktop\867c5e9ab0891a8d.mp4
2017-08-27 19:38 - 2017-08-27 19:38 - 000461541 _____ C:\Users\Christophh\Downloads\8CTVBK
2017-08-27 19:36 - 2017-08-27 19:36 - 000188608 _____ C:\Users\Christophh\Downloads\Documents(1).zip
2017-08-27 19:36 - 2017-06-07 11:04 - 000037225 ____N C:\Users\Christophh\Desktop\Tutorium06-SS17.pdf
2017-08-27 19:36 - 2017-05-29 11:33 - 000037344 ____N C:\Users\Christophh\Desktop\Tutorium05-SS17.pdf
2017-08-27 19:36 - 2017-05-24 15:05 - 000037470 ____N C:\Users\Christophh\Desktop\Tutorium04-SS17.pdf
2017-08-27 19:36 - 2017-05-17 11:57 - 000037932 ____N C:\Users\Christophh\Desktop\Tutorium03-SS17.pdf
2017-08-27 19:36 - 2017-05-15 08:43 - 000032988 ____N C:\Users\Christophh\Desktop\Tutorium02-SS17.pdf
2017-08-27 19:36 - 2017-05-04 09:54 - 000048413 ____N C:\Users\Christophh\Desktop\Tutorium01-SS17.pdf
2017-08-27 19:35 - 2017-08-27 19:35 - 015613585 _____ C:\Users\Christophh\Downloads\Documents.zip
2017-08-26 21:39 - 2017-08-26 21:39 - 020317282 _____ C:\Users\Christophh\Downloads\Gmail.zip
2017-08-23 19:05 - 2017-08-23 19:05 - 000000000 ____D C:\Steamspiele
2017-08-23 16:11 - 2017-09-19 21:33 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Spotify
2017-08-23 16:11 - 2017-09-19 21:33 - 000000000 ____D C:\Users\Christophh\AppData\Local\Spotify
2017-08-23 16:11 - 2017-08-23 16:11 - 000001914 _____ C:\Users\Christophh\Desktop\Spotify.lnk
2017-08-23 16:11 - 2017-08-23 16:11 - 000001900 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-23 16:10 - 2017-08-23 16:10 - 058203272 _____ (Spotify Ltd) C:\Users\Christophh\Downloads\SpotifyFullSetup.exe
2017-08-23 16:10 - 2017-08-23 16:10 - 000000247 _____ C:\SILENT
2017-08-23 16:10 - 2017-08-23 16:10 - 000000000 ____D C:\Program Files (x86)\Offers Olymp

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-19 22:10 - 2017-06-30 17:03 - 000000000 ____D C:\Users\Christophh\AppData\Local\Deployment
2017-09-19 21:54 - 2015-12-18 22:56 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Skype
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-19 21:37 - 2017-06-27 13:25 - 002490142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-19 21:37 - 2017-03-20 06:40 - 001145038 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-19 21:37 - 2017-03-20 06:40 - 000261166 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-19 21:37 - 2016-11-20 12:30 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Mozilla
2017-09-19 21:36 - 2017-03-18 23:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-19 21:36 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
2017-09-19 21:36 - 2015-10-28 19:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-19 21:35 - 2017-06-27 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-19 21:33 - 2015-10-16 15:11 - 000000000 ____D C:\ProgramData\Origin
2017-09-17 12:09 - 2015-11-08 15:35 - 000000000 ____D C:\Users\Christophh\AppData\Local\LogMeIn Hamachi
2017-09-17 12:08 - 2017-06-27 13:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16B4380E-769C-4734-94C3-69A9011C9AF2}
2017-09-17 12:08 - 2017-06-27 13:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-17 12:06 - 2017-06-27 13:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-17 11:42 - 2017-06-27 13:16 - 000000000 ____D C:\Users\Christophh
2017-09-17 11:42 - 2015-10-16 15:20 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\TS3Client
2017-09-14 14:14 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-13 18:49 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-13 18:48 - 2015-10-16 13:14 - 000176856 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-09-13 18:48 - 2015-10-16 13:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-09-13 14:38 - 2017-06-27 13:15 - 000381288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 14:38 - 2016-04-27 07:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 00:08 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-13 00:07 - 2017-03-20 06:39 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 23:02 - 2015-10-16 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 23:01 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 23:01 - 2015-10-16 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-08 11:59 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-08 10:01 - 2017-07-27 14:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647985832-747989680-4269839675-1001
2017-09-08 10:01 - 2016-07-29 20:50 - 000002437 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 10:01 - 2015-10-28 19:14 - 000000000 ___RD C:\Users\Christophh\OneDrive
2017-09-02 19:30 - 2015-10-16 15:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 17:57 - 2016-01-24 17:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-27 19:58 - 2016-11-19 13:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 19:58 - 2015-10-16 14:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:44 - 2017-07-27 22:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-25 15:40 - 2016-01-15 21:16 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-25 15:40 - 2016-01-15 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-24 21:30 - 2016-08-12 16:59 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-24 21:30 - 2016-08-12 16:59 - 000000000 ____D C:\Users\Christophh\AppData\Local\UnrealEngine
2017-08-23 14:38 - 2015-10-28 19:16 - 000000000 ____D C:\Users\Christophh\AppData\Local\MSfree Inc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-31 20:07 - 2017-01-27 18:49 - 000007591 _____ () C:\Users\Christophh\AppData\Local\Resmon.ResmonCfg
2015-10-29 20:55 - 2015-10-29 20:55 - 000000003 _____ () C:\Users\Christophh\AppData\Local\updater.log
2015-10-29 20:55 - 2017-05-06 11:08 - 000000425 _____ () C:\Users\Christophh\AppData\Local\UserProducts.xml
2016-09-25 17:14 - 2016-09-25 17:14 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-08 19:02

==================== Ende von FRST.txt ============================
         

Geändert von banshing (19.09.2017 um 22:16 Uhr) Grund: Untersuchung FRST

Alt 20.09.2017, 16:54   #2
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Vielen Dank schonmal Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-09-2017 01
durchgeführt von Christophh (19-09-2017 22:12:03)
Gestartet von C:\Users\Christophh\Downloads
Windows 10 Pro N Version 1703 (X64) (2017-06-27 11:22:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2647985832-747989680-4269839675-500 - Administrator - Disabled)
Christophh (S-1-5-21-2647985832-747989680-4269839675-1001 - Administrator - Enabled) => C:\Users\Christophh
DefaultAccount (S-1-5-21-2647985832-747989680-4269839675-503 - Limited - Disabled)
Gast (S-1-5-21-2647985832-747989680-4269839675-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Avira (HKLM-x32\...\{4771539a-931b-4378-8d4a-721ba62effca}) (Version: 1.2.95.14694 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{C22F76F2-AC9E-44BA-B297-71485F94022F}) (Version: 1.2.95.14694 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.30.29 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlefield™ 1 CTE (HKLM-x32\...\{E970EAB6-8F6F-4E72-AB13-F6648397322C}) (Version: 1.0.49.53737 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
Fallout 4 Update 7 MULTi2 1.3.47 (HKLM-x32\...\Fallout 4 Update 7 MULTi2 1.3.47) (Version:  - )
Far Cry 4 Final DLC Edition (HKLM-x32\...\Far Cry 4 Final DLC Edition) (Version: 1.01 - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.163.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.642 - IBM Corp)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Demo (HKLM\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-13] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> Keine Datei
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-13] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {079C14B1-CB36-4B02-B028-CE0CEDA98B4A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {12499066-3D4B-4DED-83CB-F1FFC715E2D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {145BC74F-115A-4698-B56C-BFC772C08436} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {1B85927A-612F-4181-85EE-63FE2ED0865B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1CC83974-E9D3-4810-BA4C-7220F4900776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2174755F-05CE-49D0-AE15-747D140A045B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23E845F4-7EBF-4E56-AC3B-366E26A110AC} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {4251EA1E-A6D3-45D4-AFC1-95DE3060F863} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {49B78674-9BE2-4E99-8E88-AC2E440BC2B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {555A41E3-676C-4710-B88E-201FC8C82C05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {5616F5D0-8636-485C-B6CC-57BBDB454828} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5AA4E1B3-CBE0-4B2B-BDEF-A78B1C85B868} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {5DB0FBE3-2D87-4192-AA89-2F4CF88D24F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {63A3C67B-2DA1-4C68-8C6A-B4C1EFF5C3CA} - System32\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {65376000-8CC5-41DE-9120-D2B71DC04235} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {67A30A74-9E49-4542-BF72-B99B5AC568F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {6B4F050C-85D1-45D4-BC79-3DFD6C69368B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {6EFCD18D-6694-43F7-B182-2EE79B5F01BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {75639B92-6F08-447D-9DB6-2C9EB681FEE9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {7829529D-F801-4A48-BE78-01C847E2EBB4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {7CC31553-2D5E-438B-A5DA-27AF6A753689} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8690B4D6-D373-4296-AD8C-77CCA8827DF9} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {90486FE1-A505-47DA-A1B3-4A19B2E5BE65} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {96F6BD3B-3A9D-4A82-B65F-BCEBF51B29BC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {9EF9EE6E-F43C-4EA4-A946-03448AF1AD19} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {B40A4036-DD57-47F9-858C-63F09F3AB501} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B6B33C06-EB44-4CFA-84ED-342E4C5E7039} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {C8373F93-1E5D-4461-9FB5-EB6FEB1E9CFD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-19] ()
Task: {E3490B13-F99A-4811-B177-587C23626ADE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {ED950690-48CA-447A-AB14-0DE3300969AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F0FAB5DD-8534-4FD2-84F4-9F6707BF3BA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {F4D99559-374E-46D7-BF35-2CFC0C780B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-06-27 13:16 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-10-29 21:11 - 2015-11-10 18:38 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-10-24 20:51 - 2017-02-23 20:34 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 22:56 - 2017-03-18 22:56 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:58 - 2017-03-20 06:41 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-28 19:16 - 2008-07-11 17:04 - 000200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2015-10-28 19:16 - 2008-07-11 17:03 - 000282112 _____ () C:\Windows\System\HsMgr64.exe
2017-04-11 19:12 - 2017-08-23 17:49 - 000021856 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-06-27 13:16 - 2017-09-17 12:08 - 000038544 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-27 13:16 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-10-24 20:51 - 2017-02-23 20:33 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 15:48 - 2017-08-23 17:48 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-10-20 15:48 - 2017-08-23 17:48 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 15:20 - 2016-07-03 11:42 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-08-23 16:11 - 2017-09-14 13:55 - 071818864 _____ () C:\Users\Christophh\AppData\Roaming\Spotify\libcef.dll
2017-09-19 21:33 - 2017-09-19 21:33 - 000098816 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32api.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000110080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\pywintypes27.dll
2017-09-19 21:33 - 2017-09-19 21:33 - 000364544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\pythoncom27.dll
2017-09-19 21:33 - 2017-09-19 21:33 - 000320512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32com.shell.shell.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000914432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_hashlib.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 001176576 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._core_.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000806400 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._gdi_.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000816128 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._windows_.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 001067008 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._controls_.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000733184 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._misc_.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000682496 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\pysqlite2._sqlite.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_ctypes.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000686080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\unicodedata.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000119808 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32file.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000108544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32security.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000007168 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\hashobjs_ext.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000017920 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\thumbnails_ext.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\usb_ext.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000012800 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\common.time34.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000018432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32event.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000167936 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32gui.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000046080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_socket.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 001303552 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_ssl.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000128512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_elementtree.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000127488 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\pyexpat.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000038912 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32inet.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000036864 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_psutil_windows.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000524248 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\windows._lib_cacheinvalidation.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000011264 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32crypt.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000123392 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._wizard.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000077312 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._html2.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000027648 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_multiprocessing.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000020480 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\_yappi.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000035840 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32process.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000078848 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\wx._animate.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000024064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32pipe.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000010240 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\select.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000025600 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32pdh.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000017408 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32profile.pyd
2017-09-19 21:33 - 2017-09-19 21:33 - 000022528 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI135282\win32ts.pyd
2017-08-23 16:11 - 2017-09-14 13:55 - 002969200 _____ () C:\Users\Christophh\AppData\Roaming\Spotify\libglesv2.dll
2017-08-23 16:11 - 2017-09-14 13:55 - 000086640 _____ () C:\Users\Christophh\AppData\Roaming\Spotify\libegl.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-02 17:53 - 2017-08-04 23:19 - 000678176 _____ () D:\Steam\SDL2.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 004969248 _____ () D:\Steam\v8.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 002505504 _____ () D:\Steam\video.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 002549760 _____ () D:\Steam\libavcodec-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000442880 _____ () D:\Steam\libavutil-54.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001195296 _____ () D:\Steam\icuuc.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001563936 _____ () D:\Steam\icui18n.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000491008 _____ () D:\Steam\libavformat-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000485888 _____ () D:\Steam\libswscale-3.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000332800 _____ () D:\Steam\libavresample-2.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 000885024 _____ () D:\Steam\bin\chromehtml.DLL
2016-10-14 21:39 - 2016-07-05 00:17 - 000266560 _____ () D:\Steam\openvr_api.dll
2017-06-09 09:16 - 2017-05-17 03:54 - 000678176 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-02 17:53 - 2017-07-18 00:50 - 073115424 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2016-10-14 21:39 - 2015-09-25 01:52 - 000119208 _____ () D:\Steam\winh264.dll
2016-10-24 20:51 - 2017-02-23 16:30 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-24 20:51 - 2017-02-23 16:30 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B35FBDA9-C65B-47A7-89EA-57B01B60EA65}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [{099D13E3-C461-4BC6-8AA9-D8FE2A5A3C87}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [UDP Query User{F3A72D23-B603-4F7B-94FB-759242EC9FE3}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [TCP Query User{7E91D023-B68C-446F-A88D-AF8F190CA3CF}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [{68DECFC6-06EC-4A89-9460-8AD119AB25DE}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{4B97FF0B-B5CC-4D2C-91C8-54E7C412E087}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{054FFD83-2C35-425A-8D3D-4D2E82399EAA}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{FAB710FB-1EE2-43CA-BE36-54DC74DEB183}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{EAF85DE4-1BA5-4707-A2E7-D559A31DFBD1}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{3B78D03A-6E75-4D58-9501-21A2B6179C24}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{4D87E320-DF34-41A4-8F18-D8116E522B26}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8E11CAB3-6576-4470-A984-06E21B7CCD74}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8ADDDCD5-DD4B-4D61-812C-374174D98790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{4084F086-02AC-47E7-9C96-3B15B1247049}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A1C76DAE-E2B2-41EE-801B-3E9D69D8B13A}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{3031581B-B895-41FE-BE61-D71E733A7EB4}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C727FE97-2BFC-4CC6-9DE8-4017614559DA}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{109DC5D2-65DD-41CE-84AF-48D9AAB0B717}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{9A3EAE5E-89B1-4AD2-8DFD-CB336B818FDD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{F91E551C-A116-48CC-B153-40A168C2E616}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{88534B71-581A-4D5F-B59D-6B2AF72CD5B4}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{577290BA-FE8E-4C77-824B-6DEC20F4E200}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6085BDC2-49FA-49F2-B94C-349731FF7144}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{DC19986E-04F8-4976-A8C9-A877E30A65A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EB2C4A04-B263-4F53-8C48-25BD52BA1022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF91B00A-D570-4A7D-A43A-656A7DCCF011}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C452347E-DFEE-4634-9D0E-C1B309A53B9B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E54F1CF7-D890-4660-A8FF-3B33B3B48422}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{950EC891-E6F9-408D-9B5D-D7EC6AB72F0C}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1604F9C6-4398-4F60-88EC-A2176B902862}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C72357B3-559F-4A68-BBB2-3FBCBDBF7A1A}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{2BEAFD9D-1698-49B7-95F2-2A97A6FC0CFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7582F3C4-C10A-4E89-90AB-C81232CBBCF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F6420D1C-B234-4DA2-954A-726B72908CC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FB4EACAA-BF4A-49E8-A136-700565C97C0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{CEB9BBAB-08A5-4389-B817-020D69F17D79}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{3F6BDE10-997F-4291-A3B5-4F19C9293999}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7FBA1017-EA2A-4C53-B1AF-CAEE09FECB0F}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{AC1A3B22-C1AE-40E1-BA66-72DD31308CD7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{46862880-DA2A-4AA5-917B-832CD216B58B}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{81A9155B-97BA-42AA-84ED-DCDE97025F32}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5CCC69C3-4230-46E2-A782-737A0F54BC49}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{D2140964-DED8-4194-BAE6-3EA3D82B8B6F}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{EA757548-9659-449E-8199-E51C3F89E26D}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{00C2E2E4-3633-49B0-9970-4524C088C2B1}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{9E454426-9F44-4B08-A3DB-02FE95983C52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3A48BD7-716E-4B88-AC0F-2E68EECF9CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1CB37054-8DFE-45C6-B743-0569AAC3CF0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6515389-2662-43D2-8E06-F2C5290E9289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0D4F991-F4B8-4F57-8100-4E837C976F1F}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{1C40E035-51C4-4CB8-80AD-D93FF9F5B8E2}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{43EDC139-DF01-4D40-8CDE-95A7B93F3938}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{439074AF-839D-4F06-964E-941A5FBF869B}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{C0E4A294-6429-44E1-9433-E1B2B666707D}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{77DFD709-BD5A-4749-882E-F9486930E8A5}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{37EB6D7F-DFCE-4039-9F1B-1CE7CB28305F}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{7B6ABA40-F303-4C47-8B04-6E79AB68BF95}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{43D3BF8B-4235-48FA-A8D1-CCEAB3DE7B26}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{2723C32B-DE08-477A-BC47-B9AE48A6B32C}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{B5D2E769-682B-4CA6-830D-7B3D6993DA0D}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [{153174ED-074B-4C06-86DF-3FE701EAE4B2}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [UDP Query User{0B868E1C-C3B3-4D2B-9B32-17D522FCE3FE}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [TCP Query User{ED90E7CB-DBBA-4801-BA56-79C8372373AB}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [{47DB389D-A6C1-40A5-A325-E412016A8B43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8920E0-8239-4023-A97E-CE5267CCD157}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{7D3173BA-064A-461E-A0CE-85179956DEA0}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{C093C513-6B31-4E3F-B857-CA50004719AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AF4945FB-B71B-4916-885F-A60C3898874D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EEEDCE2-1BCB-459D-A368-30C5CC49F0C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B363055-D6FD-486B-B3D7-6EA6C33899E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FCADDE1-0029-47CB-998E-04C33F148A61}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{BB23A4F2-1441-462D-B0BB-FB7A03B332CA}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{D4C7EA1B-1517-4351-A08E-564C66FE839B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBFBEA75-7A73-4E80-BB55-87284A15977E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B801FC59-120D-49DA-9EAE-BD56C4A18D81}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{C441A6F7-E05E-4C85-ADB1-79104BFDB08E}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{1182DFCA-2A8B-47B3-A4A6-262E767AE0C9}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{7503F75F-238A-4A7C-899C-FB96C6019A07}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{EEEA93BE-EBEF-4499-806F-E2E33963FFF9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{52211986-6A85-43E4-BE5A-1FC707E379E0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD01900F-317E-494C-83BA-D57748671EBB}] => (Allow) C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{434A2C7B-F770-4086-9BD0-4CAECC9527DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{847190F2-960B-451F-8F4D-456C9A44530C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75F57C39-04D7-41C6-9643-BDC52266E5FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA513ED1-547C-4D5A-B36C-B7C94B26CCEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{50C2DA0F-76A2-4917-9335-0F6223DBD2E4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [UDP Query User{64C3315C-C436-4FFA-9E36-F7EC7CEBD1A4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [TCP Query User{845F1EDC-DFDD-4A88-8640-1665F249666D}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [UDP Query User{71508D2D-3E58-4453-BB15-72BA86B6FCC3}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{CF9B3EB5-9D48-45C7-8343-EC606051C258}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{124E2EF1-88B1-43C5-871D-1F55AF3E0B38}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{5C5C2DFC-FFF6-4416-9B39-87041120CF09}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{642977D6-B138-4E9F-B7DB-EAD38DCA1682}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7A70B9E9-6BD6-422E-93E1-CF728AF6DE15}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{9EDC662F-5646-461B-B397-FC57EE2E20BF}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{CE89E561-D33C-4E57-9A60-0B730AB2F192}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{B7D96811-0573-4899-98EC-A0893B9E88F7}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [TCP Query User{D9F4D7D1-32EB-40C0-8863-F86532D0D71F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{052CCC83-FB80-4C6F-B8DA-4E68E91C5CB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1E12540D-455F-483A-A2CC-F21FAF82B23B}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B0CAA0EC-C64E-4B2F-B4A6-53D829A11C1D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{52059795-9EF3-4B25-B320-F03FB1C1C544}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E34EFAEF-361F-4813-BD7C-E018EFD198F5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8766D8A0-9D2C-4170-A10D-F713DF360CF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3118D20C-60CA-402F-BA96-45E77CF8079C}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{E3907755-C264-403D-A56A-45AEAC3CB4F4}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{764473A7-036F-4825-BB17-CF7B4414023C}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A4D0C427-7344-4B19-9D6F-89526017F839}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FA28E123-C83B-438B-B91A-21B1ACB30F98}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D645DE72-22F3-4D3A-A75D-A1A1FDF2ED80}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{119EC3DC-E7AA-4141-BE01-CFB25FA7A03C}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEF82CAC-01D6-47C8-A17C-9AD1F9E4F4B6}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC1368CB-8DD5-4543-BEF2-315DCB2A08D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5B717D7D-AA42-4908-BBE6-3674B2966586}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{C56B60BB-8721-488E-A9F8-2F6B2763092C}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8555A0F3-A453-40A2-B000-1A1426E60F11}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{ACE19388-438D-4F8B-B62E-90CB7288CCD7}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/19/2017 09:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 55.0.3.6445, Zeitstempel: 0x599ed78a
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x168
Startzeit der fehlerhaften Anwendung: 0x01d3317e3c197368
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: be20cbde-1b32-487f-9ab2-2f02e702ef22
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:35:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 55.0.3.6445, Zeitstempel: 0x599edbef
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x3944
Startzeit der fehlerhaften Anwendung: 0x01d3317e523afba7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: a815ae63-7104-4138-b0ab-fc219dde8d0b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:33:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:33:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/17/2017 12:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NVDisplay.Container.exe, Version: 1.2.0.0, Zeitstempel: 0x59079e96
Name des fehlerhaften Moduls: NvXDCore.dll_unloaded, Version: 8.17.13.8205, Zeitstempel: 0x59079dd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c1951
ID des fehlerhaften Prozesses: 0x56c
Startzeit der fehlerhaften Anwendung: 0x01d32c8d2faed14d
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Pfad des fehlerhaften Moduls: NvXDCore.dll
Berichtskennung: 5dce9ebc-6bc4-455b-99c3-103d52523f16
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/17/2017 11:53:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/17/2017 10:22:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/16/2017 11:16:06 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/16/2017 10:55:18 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/15/2017 10:07:36 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (09/17/2017 12:08:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (09/17/2017 12:08:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "chip1click" hat einen ungültigen aktuellen Status gemeldet: 0

Error: (09/17/2017 12:08:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SysMain" wurde mit folgendem Fehler beendet: 
Die Anforderung wird nicht unterstützt.

Error: (09/17/2017 12:08:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/17/2017 12:08:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎17.‎09.‎2017 um 12:07:41 unerwartet heruntergefahren.

Error: (09/17/2017 12:07:29 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/17/2017 12:07:29 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/17/2017 12:07:29 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/17/2017 12:07:28 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/17/2017 12:07:28 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2017-08-23 16:10:28.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 8133.69 MB
Verfügbarer physikalischer RAM: 3677.13 MB
Summe virtueller Speicher: 18885.69 MB
Verfügbarer virtueller Speicher: 13703.34 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.8 GB) (Free:42.86 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:185.18 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 261C8E12)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C2F9017A)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
Kann jemand helfen?
__________________


Alt 20.09.2017, 21:24   #3
M-K-D-B
/// TB-Ausbilder
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus









Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.



Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
  1. Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.

  2. Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.

  3. Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!

  4. Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
    Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
    Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.


  5. Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!

  6. Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!

  7. Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

  8. Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
    Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.


  9. Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.

  10. In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
    Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.





Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!






Wo erschien diese Meldung? In einem Internet-Browser bzw. während ein Browser geöffent war?
Oder ganz normal unter Windows (ohne Browser), wenn der Rechner gestartet wird?
Ist die Nachricht schon öfter erschienen?








Schritt 1
  • Deinstalliere über die Systemsteuerung (Bebilderte Anleitung):
    • chip 1-click download service
  • Starte den Rechner im Anschluss neu auf.







Schritt 2
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Schritt 3
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________
__________________

Geändert von M-K-D-B (20.09.2017 um 21:34 Uhr)

Alt 20.09.2017, 21:41   #4
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
durchgeführt von Christophh (Administrator) auf CHRISTOPH (20-09-2017 21:38:27)
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh (Verfügbare Profile: Christophh)
Platform: Windows 10 Pro N Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Berlin) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-02-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ebeed22-0f5c-4834-a642-ac386011e952}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-10-28] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-28] (DVDVideoSoft Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF DefaultProfile: wnpf6fue.default
FF ProfilePath: C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default [2017-09-20]
FF NetworkProxy: Mozilla\Firefox\Profiles\wnpf6fue.default -> type", 0
FF Extension: (OffersOlymp) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\@offersolymp.xpi [2017-08-24]
FF Extension: (ProxTube) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\ich@maltegoetz.de.xpi [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default [2017-09-17]
CHR Extension: (Google Slides) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (OffersOlymp) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn [2017-08-23]
CHR Extension: (YouTube) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Yahoo Partner) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbiilhoacmmppcmcogfmaailncbelbgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-24] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [Datei ist nicht signiert]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-11-01] (AVM Berlin)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 cpuz143; \??\C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-20 21:38 - 2017-09-20 21:38 - 000000000 ____D C:\Users\Christophh\Downloads\FRST-OlderVersion
2017-09-20 21:35 - 2017-09-20 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-20 18:39 - 2017-09-20 18:39 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-09-20 18:39 - 2017-09-20 18:39 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-20 18:39 - 2017-09-20 18:39 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-19 22:12 - 2017-09-19 22:12 - 000062755 _____ C:\Users\Christophh\Downloads\Addition.txt
2017-09-19 22:11 - 2017-09-20 21:38 - 000024179 _____ C:\Users\Christophh\Downloads\FRST.txt
2017-09-19 22:11 - 2017-09-20 21:38 - 000000000 ____D C:\FRST
2017-09-19 22:10 - 2017-09-20 21:38 - 002399744 _____ (Farbar) C:\Users\Christophh\Downloads\FRST64.exe
2017-09-12 23:00 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 23:00 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 23:00 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 23:00 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 23:00 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 23:00 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 23:00 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 23:00 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 23:00 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 22:59 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 22:59 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 22:59 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 22:59 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 22:59 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 22:59 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 22:59 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 22:59 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 22:59 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 22:59 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 22:59 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 22:59 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 22:59 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 22:59 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 22:59 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 22:59 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 22:59 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 22:59 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 22:59 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 22:59 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 22:59 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 22:59 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 22:59 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 22:59 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 22:59 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 22:59 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 22:59 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 22:59 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 22:59 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 22:59 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 22:59 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 22:59 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 22:59 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-06 23:49 - 2017-09-06 23:49 - 000000041 _____ C:\Users\Christophh\Desktop\sky.txt
2017-09-05 00:11 - 2017-09-05 00:11 - 005004137 _____ C:\Users\Christophh\Desktop\867c5e9ab0891a8d.mp4
2017-08-27 19:38 - 2017-08-27 19:38 - 000461541 _____ C:\Users\Christophh\Downloads\8CTVBK
2017-08-27 19:36 - 2017-08-27 19:36 - 000188608 _____ C:\Users\Christophh\Downloads\Documents(1).zip
2017-08-27 19:36 - 2017-06-07 11:04 - 000037225 ____N C:\Users\Christophh\Desktop\Tutorium06-SS17.pdf
2017-08-27 19:36 - 2017-05-29 11:33 - 000037344 ____N C:\Users\Christophh\Desktop\Tutorium05-SS17.pdf
2017-08-27 19:36 - 2017-05-24 15:05 - 000037470 ____N C:\Users\Christophh\Desktop\Tutorium04-SS17.pdf
2017-08-27 19:36 - 2017-05-17 11:57 - 000037932 ____N C:\Users\Christophh\Desktop\Tutorium03-SS17.pdf
2017-08-27 19:36 - 2017-05-15 08:43 - 000032988 ____N C:\Users\Christophh\Desktop\Tutorium02-SS17.pdf
2017-08-27 19:36 - 2017-05-04 09:54 - 000048413 ____N C:\Users\Christophh\Desktop\Tutorium01-SS17.pdf
2017-08-27 19:35 - 2017-08-27 19:35 - 015613585 _____ C:\Users\Christophh\Downloads\Documents.zip
2017-08-26 21:39 - 2017-08-26 21:39 - 020317282 _____ C:\Users\Christophh\Downloads\Gmail.zip
2017-08-23 19:05 - 2017-08-23 19:05 - 000000000 ____D C:\Steamspiele
2017-08-23 16:11 - 2017-09-20 21:37 - 000000000 ____D C:\Users\Christophh\AppData\Local\Spotify
2017-08-23 16:11 - 2017-09-20 21:36 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Spotify
2017-08-23 16:11 - 2017-08-23 16:11 - 000001914 _____ C:\Users\Christophh\Desktop\Spotify.lnk
2017-08-23 16:11 - 2017-08-23 16:11 - 000001900 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-23 16:10 - 2017-08-23 16:10 - 058203272 _____ (Spotify Ltd) C:\Users\Christophh\Downloads\SpotifyFullSetup.exe
2017-08-23 16:10 - 2017-08-23 16:10 - 000000247 _____ C:\SILENT
2017-08-23 16:10 - 2017-08-23 16:10 - 000000000 ____D C:\Program Files (x86)\Offers Olymp

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-20 21:38 - 2017-06-27 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-20 21:38 - 2015-11-08 15:35 - 000000000 ____D C:\Users\Christophh\AppData\Local\LogMeIn Hamachi
2017-09-20 21:37 - 2016-11-20 12:30 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Mozilla
2017-09-20 21:37 - 2015-12-18 22:56 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Skype
2017-09-20 21:36 - 2017-06-27 13:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-20 21:36 - 2015-10-16 15:11 - 000000000 ____D C:\ProgramData\Origin
2017-09-20 21:35 - 2017-06-27 13:16 - 000000000 ____D C:\Users\Christophh
2017-09-20 21:35 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-20 21:29 - 2017-06-27 13:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16B4380E-769C-4734-94C3-69A9011C9AF2}
2017-09-20 18:55 - 2015-10-28 19:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-20 18:38 - 2015-10-16 13:14 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-09-19 22:10 - 2017-06-30 17:03 - 000000000 ____D C:\Users\Christophh\AppData\Local\Deployment
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-19 21:37 - 2017-06-27 13:25 - 002490142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-19 21:37 - 2017-03-20 06:40 - 001145038 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-19 21:37 - 2017-03-20 06:40 - 000261166 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-19 21:36 - 2017-03-18 23:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-19 21:36 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
2017-09-17 12:09 - 2015-10-16 15:20 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\TS3Client
2017-09-17 12:06 - 2017-06-27 13:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-14 14:14 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-13 18:48 - 2015-10-16 13:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-09-13 14:38 - 2017-06-27 13:15 - 000381288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 14:38 - 2016-04-27 07:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 00:07 - 2017-03-20 06:39 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 23:02 - 2015-10-16 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 23:01 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 23:01 - 2015-10-16 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-08 10:01 - 2017-07-27 14:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647985832-747989680-4269839675-1001
2017-09-08 10:01 - 2016-07-29 20:50 - 000002437 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-08 10:01 - 2015-10-28 19:14 - 000000000 ___RD C:\Users\Christophh\OneDrive
2017-09-02 19:30 - 2015-10-16 15:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 17:57 - 2016-01-24 17:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-27 19:58 - 2016-11-19 13:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 19:58 - 2015-10-16 14:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:44 - 2017-07-27 22:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-25 15:40 - 2016-01-15 21:16 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-25 15:40 - 2016-01-15 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-24 21:30 - 2016-08-12 16:59 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-24 21:30 - 2016-08-12 16:59 - 000000000 ____D C:\Users\Christophh\AppData\Local\UnrealEngine
2017-08-23 14:38 - 2015-10-28 19:16 - 000000000 ____D C:\Users\Christophh\AppData\Local\MSfree Inc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-31 20:07 - 2017-01-27 18:49 - 000007591 _____ () C:\Users\Christophh\AppData\Local\Resmon.ResmonCfg
2015-10-29 20:55 - 2015-10-29 20:55 - 000000003 _____ () C:\Users\Christophh\AppData\Local\updater.log
2015-10-29 20:55 - 2017-05-06 11:08 - 000000425 _____ () C:\Users\Christophh\AppData\Local\UserProducts.xml
2016-09-25 17:14 - 2016-09-25 17:14 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-20 18:48

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
21:40:12.0964 0x310c  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
21:40:12.0964 0x310c  UEFI system
21:40:15.0552 0x310c  ============================================================
21:40:15.0552 0x310c  Current date / time: 2017/09/20 21:40:15.0552
21:40:15.0553 0x310c  SystemInfo:
21:40:15.0553 0x310c  
21:40:15.0553 0x310c  OS Version: 10.0.15063 ServicePack: 0.0
21:40:15.0553 0x310c  Product type: Workstation
21:40:15.0553 0x310c  ComputerName: CHRISTOPH
21:40:15.0553 0x310c  UserName: Christophh
21:40:15.0553 0x310c  Windows directory: C:\WINDOWS
21:40:15.0553 0x310c  System windows directory: C:\WINDOWS
21:40:15.0553 0x310c  Running under WOW64
21:40:15.0553 0x310c  Processor architecture: Intel x64
21:40:15.0553 0x310c  Number of processors: 8
21:40:15.0553 0x310c  Page size: 0x1000
21:40:15.0553 0x310c  Boot type: Normal boot
21:40:15.0553 0x310c  CodeIntegrityOptions = 0x00000001
21:40:15.0553 0x310c  ============================================================
21:40:15.0717 0x310c  KLMD registered as C:\WINDOWS\system32\drivers\86904143.sys
21:40:15.0717 0x310c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
21:40:15.0762 0x310c  System UUID: {42818D32-713F-D9C6-D168-EF1613B04455}
21:40:15.0982 0x310c  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:15.0983 0x310c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:15.0984 0x310c  ============================================================
21:40:15.0984 0x310c  \Device\Harddisk0\DR0:
21:40:15.0984 0x310c  GPT partitions:
21:40:15.0985 0x310c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {A7057A71-64BE-4C51-9C2D-286A09E72273}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
21:40:15.0985 0x310c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {AE59B4F8-3AA4-4017-9E7F-D89BC81A53FD}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
21:40:15.0985 0x310c  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {172A688E-7891-4698-A7EE-9D801249C17B}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
21:40:15.0985 0x310c  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EE7D1E2A-286A-4206-AA2F-5A41664D81A9}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0xDD99FAE
21:40:15.0985 0x310c  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D5DD98AC-9B0E-4188-8FE7-774B59039CDD}, Name: , StartLBA 0xDEA2800, BlocksNum 0xF2000
21:40:15.0985 0x310c  MBR partitions:
21:40:15.0985 0x310c  \Device\Harddisk1\DR1:
21:40:16.0007 0x310c  GPT partitions:
21:40:16.0008 0x310c  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {74C63CD4-A3CE-41EC-87C4-03A03F8F8252}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74706000
21:40:16.0008 0x310c  MBR partitions:
21:40:16.0008 0x310c  ============================================================
21:40:16.0008 0x310c  C: <-> \Device\Harddisk0\DR0\Partition4
21:40:16.0033 0x310c  D: <-> \Device\Harddisk1\DR1\Partition1
21:40:16.0033 0x310c  ============================================================
21:40:16.0033 0x310c  Initialize success
21:40:16.0033 0x310c  ============================================================
21:40:39.0757 0x249c  ============================================================
21:40:39.0757 0x249c  Scan started
21:40:39.0757 0x249c  Mode: Manual; SigCheck; TDLFS; 
21:40:39.0757 0x249c  ============================================================
21:40:39.0757 0x249c  KSN ping started
21:40:39.0870 0x249c  KSN ping finished: true
21:40:40.0427 0x249c  ================ Scan system memory ========================
21:40:40.0427 0x249c  System memory - ok
21:40:40.0427 0x249c  ================ Scan services =============================
21:40:40.0450 0x249c  1394ohci - ok
21:40:40.0452 0x249c  3ware - ok
21:40:40.0454 0x249c  ACPI - ok
21:40:40.0456 0x249c  AcpiDev - ok
21:40:40.0458 0x249c  acpiex - ok
21:40:40.0460 0x249c  acpipagr - ok
21:40:40.0462 0x249c  AcpiPmi - ok
21:40:40.0463 0x249c  acpitime - ok
21:40:40.0467 0x249c  [ 9B112FDA1D5FB7B75627461001AC692A, 2EDF7C8FD59CD5FCD19FA528F60CBD6DDB9A8076AE0280B11D8EA8EAF7D39958 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:40:40.0481 0x249c  AdobeARMservice - ok
21:40:40.0498 0x249c  [ 3E27E2DAA6869642B2DCB85C777E38B7, FB60068DFEA117006D8236DE73CC5A9B65272C6F739E2C8D1DD771360B9D989F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:40.0506 0x249c  AdobeFlashPlayerUpdateSvc - ok
21:40:40.0510 0x249c  ADP80XX - ok
21:40:40.0512 0x249c  AFD - ok
21:40:40.0514 0x249c  ahcache - ok
21:40:40.0516 0x249c  AJRouter - ok
21:40:40.0519 0x249c  ALG - ok
21:40:40.0521 0x249c  AmdK8 - ok
21:40:40.0523 0x249c  AmdPPM - ok
21:40:40.0525 0x249c  amdsata - ok
21:40:40.0527 0x249c  amdsbs - ok
21:40:40.0529 0x249c  amdxata - ok
21:40:40.0546 0x249c  [ 9C1974448C54690510224184B742716A, 4CD1ED929C5DDAF2A5850F83DAC4B1223FDAF35BD8547435BCDC76D501DF0D63 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
21:40:40.0568 0x249c  AntiVirMailService - ok
21:40:40.0577 0x249c  [ 6FBD71CC9E997C9A7D62BF9CE1F59352, 55CD16DE14308B13DA824E52FB8BFC8D63DE6A7F74C42DB7B61B035633410FE8 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
21:40:40.0587 0x249c  AntiVirSchedulerService - ok
21:40:40.0595 0x249c  [ 6FBD71CC9E997C9A7D62BF9CE1F59352, 55CD16DE14308B13DA824E52FB8BFC8D63DE6A7F74C42DB7B61B035633410FE8 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
21:40:40.0604 0x249c  AntiVirService - ok
21:40:40.0626 0x249c  [ A1314FD19CC8C2B8C4A9B34EC676B9BE, EB462CF4483D681E74302F90A6E5C4FCFB4DAAD94BE490518CB356F36FC99DD8 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
21:40:40.0648 0x249c  AntiVirWebService - ok
21:40:40.0651 0x249c  AppID - ok
21:40:40.0653 0x249c  AppIDSvc - ok
21:40:40.0654 0x249c  Appinfo - ok
21:40:40.0656 0x249c  applockerfltr - ok
21:40:40.0658 0x249c  AppMgmt - ok
21:40:40.0660 0x249c  AppReadiness - ok
21:40:40.0662 0x249c  AppVClient - ok
21:40:40.0663 0x249c  AppvStrm - ok
21:40:40.0665 0x249c  AppvVemgr - ok
21:40:40.0667 0x249c  AppvVfs - ok
21:40:40.0669 0x249c  AppXSvc - ok
21:40:40.0670 0x249c  arcsas - ok
21:40:40.0688 0x249c  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
21:40:40.0703 0x249c  asComSvc - ok
21:40:40.0718 0x249c  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
21:40:40.0721 0x249c  AsIO - ok
21:40:40.0723 0x249c  AsyncMac - ok
21:40:40.0725 0x249c  atapi - ok
21:40:40.0728 0x249c  AudioEndpointBuilder - ok
21:40:40.0729 0x249c  Audiosrv - ok
21:40:40.0732 0x249c  [ 4621EA3385170B087A03F3C90E276B4A, 1513802CF844B1B7A70C820AEF732EDA432D44CD8726560D95F05EB5CA556CD7 ] avdevprot       C:\WINDOWS\system32\DRIVERS\avdevprot.sys
21:40:40.0736 0x249c  avdevprot - ok
21:40:40.0741 0x249c  [ 9C3F66BBFD2AFF843E54CC5E5A5D16BF, 4BC379482202BF32C6DEFA31B15F419DA7C20E1C2BCD238E2DCEEC36711E3A01 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:40:40.0746 0x249c  avgntflt - ok
21:40:40.0751 0x249c  [ DBF479B12BDAF969745D6A7132465D9E, 0358C419E631BCF548A2AC0EECABDE768435E224EFC888345EEB4DE37D119E62 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:40:40.0756 0x249c  avipbb - ok
21:40:40.0764 0x249c  [ 771E6338FD62E448D330148BDF428B29, 8AEC795862F25AB1D7300D6D0082F60A5AE96C80D4E32A8567EAAC5341702D14 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
21:40:40.0774 0x249c  Avira.ServiceHost - ok
21:40:40.0777 0x249c  [ 2CBA09A7983B1D39531B768BCED08C20, B40968DFE1A648CCB9260033E1EA57B5D496274A335B000354156B0DB740EDE0 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:40:40.0782 0x249c  avkmgr - ok
21:40:40.0785 0x249c  [ 6A300AD0E23A155B2C3A7FAB0D4AABD1, AD283CC530482C0C155727C3234BFA4773C8C80B4C9912448196F83407C3CFD4 ] avmaura         C:\WINDOWS\System32\drivers\avmaura.sys
21:40:40.0793 0x249c  avmaura - ok
21:40:40.0797 0x249c  [ 8D18C6406FF8DC39028177E1E5675182, 44985DEE74F235567FB849350256F342BCE26EF66439D761FA3F6EDA22882092 ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
21:40:40.0802 0x249c  avnetflt - ok
21:40:40.0804 0x249c  AxInstSV - ok
21:40:40.0806 0x249c  b06bdrv - ok
21:40:40.0808 0x249c  BasicDisplay - ok
21:40:40.0809 0x249c  BasicRender - ok
21:40:40.0812 0x249c  bcmfn2 - ok
21:40:40.0814 0x249c  BDESVC - ok
21:40:40.0816 0x249c  Beep - ok
21:40:40.0836 0x249c  [ F2926650190022DB0700549B09FB7BD3, 70BDD5DCD7660436A413E3D41125DAA93A991058377DEE7C0028C2CFCB024C44 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
21:40:40.0858 0x249c  BEService - ok
21:40:40.0861 0x249c  BFE - ok
21:40:40.0863 0x249c  BITS - ok
21:40:40.0866 0x249c  bowser - ok
21:40:40.0868 0x249c  BrokerInfrastructure - ok
21:40:40.0869 0x249c  Browser - ok
21:40:40.0871 0x249c  BthAvrcpTg - ok
21:40:40.0873 0x249c  BthHFEnum - ok
21:40:40.0875 0x249c  bthhfhid - ok
21:40:40.0877 0x249c  BthHFSrv - ok
21:40:40.0879 0x249c  BTHMODEM - ok
21:40:40.0881 0x249c  bthserv - ok
21:40:40.0885 0x249c  [ 0572F7D579759EE54B44A74B7E7F39B2, 829AC2296F879F738F004DF7224B2B9144A451A10505AF1F389904FBB80E7D0E ] busenum         C:\WINDOWS\System32\drivers\SteelBus64.sys
21:40:40.0890 0x249c  busenum - detected UnsignedFile.Multi.Generic ( 1 )
21:40:40.0935 0x249c  Detect skipped due to KSN trusted
21:40:40.0935 0x249c  busenum - ok
21:40:40.0937 0x249c  buttonconverter - ok
21:40:40.0939 0x249c  CAD - ok
21:40:40.0941 0x249c  CapImg - ok
21:40:40.0943 0x249c  cdfs - ok
21:40:40.0944 0x249c  CDPSvc - ok
21:40:40.0946 0x249c  CDPUserSvc - ok
21:40:40.0949 0x249c  cdrom - ok
21:40:40.0950 0x249c  CertPropSvc - ok
21:40:40.0952 0x249c  cht4iscsi - ok
21:40:40.0954 0x249c  cht4vbd - ok
21:40:40.0955 0x249c  circlass - ok
21:40:40.0957 0x249c  CldFlt - ok
21:40:40.0959 0x249c  CLFS - ok
21:40:41.0017 0x249c  [ C9FF79CD4268FB18314B09BDE296F0AD, C113201D7FCCE9E77549402900AC910262CE99B3072DE2E04A794C3D09454BFF ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
21:40:41.0076 0x249c  ClickToRunSvc - ok
21:40:41.0081 0x249c  ClipSVC - ok
21:40:41.0083 0x249c  clreg - ok
21:40:41.0088 0x249c  CmBatt - ok
21:40:41.0132 0x249c  [ 12145BABD827F3B68B27A4F73B7284CD, 29F539A3CE770D9B719FCDF055FCCD46353FC2A3752DCAE95F3C171CB40D1A44 ] cmudaxp         C:\WINDOWS\system32\drivers\cmudaxp.sys
21:40:41.0187 0x249c  cmudaxp - ok
21:40:41.0191 0x249c  CNG - ok
21:40:41.0193 0x249c  cnghwassist - ok
21:40:41.0204 0x249c  CompositeBus - ok
21:40:41.0206 0x249c  COMSysApp - ok
21:40:41.0208 0x249c  condrv - ok
21:40:41.0210 0x249c  CoreMessagingRegistrar - ok
21:40:41.0215 0x249c  cpuz143 - ok
21:40:41.0218 0x249c  CryptSvc - ok
21:40:41.0227 0x249c  CSC - ok
21:40:41.0229 0x249c  CscService - ok
21:40:41.0231 0x249c  dam - ok
21:40:41.0234 0x249c  DcomLaunch - ok
21:40:41.0236 0x249c  defragsvc - ok
21:40:41.0237 0x249c  DeviceAssociationService - ok
21:40:41.0239 0x249c  DeviceInstall - ok
21:40:41.0241 0x249c  DevicesFlowUserSvc - ok
21:40:41.0243 0x249c  DevQueryBroker - ok
21:40:41.0245 0x249c  Dfsc - ok
21:40:41.0249 0x249c  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:40:41.0254 0x249c  dg_ssudbus - ok
21:40:41.0256 0x249c  Dhcp - ok
21:40:41.0258 0x249c  diagnosticshub.standardcollector.service - ok
21:40:41.0260 0x249c  DiagTrack - ok
21:40:41.0273 0x249c  [ 0CF021625D0B9EECB5AE230B3A4CF00C, FA14D394A9CCABD7600B0E63C1411CF88A37D9256351E9403BFEB34D9FDA8DB6 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
21:40:41.0283 0x249c  DigitalWave.Update.Service - ok
21:40:41.0286 0x249c  Disk - ok
21:40:41.0288 0x249c  DmEnrollmentSvc - ok
21:40:41.0290 0x249c  dmvsc - ok
21:40:41.0292 0x249c  dmwappushservice - ok
21:40:41.0294 0x249c  Dnscache - ok
21:40:41.0297 0x249c  dot3svc - ok
21:40:41.0298 0x249c  DPS - ok
21:40:41.0300 0x249c  drmkaud - ok
21:40:41.0302 0x249c  DsmSvc - ok
21:40:41.0304 0x249c  DsSvc - ok
21:40:41.0305 0x249c  DusmSvc - ok
21:40:41.0307 0x249c  DXGKrnl - ok
21:40:41.0309 0x249c  e1iexpress - ok
21:40:41.0311 0x249c  EapHost - ok
21:40:41.0312 0x249c  EasyAntiCheat - ok
21:40:41.0314 0x249c  ebdrv - ok
21:40:41.0316 0x249c  EFS - ok
21:40:41.0318 0x249c  EhStorClass - ok
21:40:41.0319 0x249c  EhStorTcgDrv - ok
21:40:41.0321 0x249c  embeddedmode - ok
21:40:41.0322 0x249c  EntAppSvc - ok
21:40:41.0324 0x249c  ErrDev - ok
21:40:41.0327 0x249c  EventSystem - ok
21:40:41.0329 0x249c  exfat - ok
21:40:41.0331 0x249c  fastfat - ok
21:40:41.0332 0x249c  Fax - ok
21:40:41.0334 0x249c  fdc - ok
21:40:41.0336 0x249c  fdPHost - ok
21:40:41.0338 0x249c  FDResPub - ok
21:40:41.0340 0x249c  fhsvc - ok
21:40:41.0341 0x249c  FileCrypt - ok
21:40:41.0343 0x249c  FileInfo - ok
21:40:41.0345 0x249c  Filetrace - ok
21:40:41.0347 0x249c  flpydisk - ok
21:40:41.0348 0x249c  FltMgr - ok
21:40:41.0350 0x249c  FontCache - ok
21:40:41.0352 0x249c  FontCache3.0.0.0 - ok
21:40:41.0353 0x249c  FrameServer - ok
21:40:41.0355 0x249c  FsDepends - ok
21:40:41.0358 0x249c  Fs_Rec - ok
21:40:41.0360 0x249c  fvevol - ok
21:40:41.0361 0x249c  gencounter - ok
21:40:41.0363 0x249c  genericusbfn - ok
21:40:41.0365 0x249c  GPIOClx0101 - ok
21:40:41.0367 0x249c  gpsvc - ok
21:40:41.0368 0x249c  GpuEnergyDrv - ok
21:40:41.0372 0x249c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:41.0377 0x249c  gupdate - ok
21:40:41.0380 0x249c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:41.0384 0x249c  gupdatem - ok
21:40:41.0388 0x249c  [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi         C:\WINDOWS\System32\drivers\Hamdrv.sys
21:40:41.0396 0x249c  Hamachi - ok
21:40:41.0438 0x249c  [ 779D28A8A2DAAED18575E70AE8EB95C3, F0BA0EF8F2385C9405834299DA54D84DF407A3AB37B443920F8FCE254A1F79DF ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
21:40:41.0489 0x249c  Hamachi2Svc - ok
21:40:41.0494 0x249c  HdAudAddService - ok
21:40:41.0496 0x249c  HDAudBus - ok
21:40:41.0499 0x249c  HidBatt - ok
21:40:41.0501 0x249c  HidBth - ok
21:40:41.0502 0x249c  hidi2c - ok
21:40:41.0504 0x249c  hidinterrupt - ok
21:40:41.0506 0x249c  HidIr - ok
21:40:41.0508 0x249c  hidserv - ok
21:40:41.0510 0x249c  HidUsb - ok
21:40:41.0559 0x249c  [ B7081417E9037B5E8693E01E2FBC13D0, 5B2E4FF00507D6639B5A33281A9897F0DB84FE258B3F38C0B97BC577BB2B2DB6 ] HiPatchService  D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:40:41.0561 0x249c  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
21:40:41.0700 0x249c  Detect skipped due to KSN trusted
21:40:41.0700 0x249c  HiPatchService - ok
21:40:41.0703 0x249c  HomeGroupListener - ok
21:40:41.0705 0x249c  HomeGroupProvider - ok
21:40:41.0707 0x249c  HpSAMD - ok
21:40:41.0708 0x249c  HTTP - ok
21:40:41.0710 0x249c  HvHost - ok
21:40:41.0712 0x249c  hvservice - ok
21:40:41.0714 0x249c  hwpolicy - ok
21:40:41.0715 0x249c  hyperkbd - ok
21:40:41.0717 0x249c  i8042prt - ok
21:40:41.0719 0x249c  iagpio - ok
21:40:41.0721 0x249c  iai2c - ok
21:40:41.0723 0x249c  iaLPSS2i_GPIO2 - ok
21:40:41.0724 0x249c  iaLPSS2i_GPIO2_BXT_P - ok
21:40:41.0726 0x249c  iaLPSS2i_I2C - ok
21:40:41.0728 0x249c  iaLPSS2i_I2C_BXT_P - ok
21:40:41.0730 0x249c  iaLPSSi_GPIO - ok
21:40:41.0732 0x249c  iaLPSSi_I2C - ok
21:40:41.0746 0x249c  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
21:40:41.0758 0x249c  iaStorA - ok
21:40:41.0761 0x249c  iaStorAV - ok
21:40:41.0763 0x249c  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:40:41.0767 0x249c  IAStorDataMgrSvc - ok
21:40:41.0769 0x249c  iaStorV - ok
21:40:41.0771 0x249c  ibbus - ok
21:40:41.0773 0x249c  icssvc - ok
21:40:41.0774 0x249c  IKEEXT - ok
21:40:41.0777 0x249c  IndirectKmd - ok
21:40:41.0794 0x249c  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:40:41.0808 0x249c  Intel(R) Capability Licensing Service TCP IP Interface - ok
21:40:41.0814 0x249c  [ E42505363945956ECB5D38A4EB21CB39, C6A46A7621721EB1EA46E5F7D2E560D8022A97241F0792814015F803D96A2C92 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:40:41.0823 0x249c  Intel(R) PROSet Monitoring Service - ok
21:40:41.0825 0x249c  intelide - ok
21:40:41.0827 0x249c  intelpep - ok
21:40:41.0828 0x249c  intelppm - ok
21:40:41.0830 0x249c  iorate - ok
21:40:41.0832 0x249c  IpFilterDriver - ok
21:40:41.0833 0x249c  iphlpsvc - ok
21:40:41.0835 0x249c  IPMIDRV - ok
21:40:41.0837 0x249c  IPNAT - ok
21:40:41.0839 0x249c  IpxlatCfgSvc - ok
21:40:41.0840 0x249c  irda - ok
21:40:41.0842 0x249c  IRENUM - ok
21:40:41.0844 0x249c  irmon - ok
21:40:41.0847 0x249c  isapnp - ok
21:40:41.0848 0x249c  iScsiPrt - ok
21:40:41.0852 0x249c  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:40:41.0858 0x249c  jhi_service - ok
21:40:41.0860 0x249c  kbdclass - ok
21:40:41.0861 0x249c  kbdhid - ok
21:40:41.0863 0x249c  kdnic - ok
21:40:41.0865 0x249c  KeyIso - ok
21:40:41.0867 0x249c  KSecDD - ok
21:40:41.0869 0x249c  KSecPkg - ok
21:40:41.0870 0x249c  ksthunk - ok
21:40:41.0872 0x249c  KtmRm - ok
21:40:41.0874 0x249c  LanmanServer - ok
21:40:41.0876 0x249c  LanmanWorkstation - ok
21:40:41.0878 0x249c  lfsvc - ok
21:40:41.0880 0x249c  LicenseManager - ok
21:40:41.0881 0x249c  lltdio - ok
21:40:41.0882 0x249c  lltdsvc - ok
21:40:41.0884 0x249c  lmhosts - ok
21:40:41.0891 0x249c  [ 0554F3B69D39D175DD110D765C11347A, A57D5CE0CBA04806EB0C6D8943D85C5AB63119A99FA8F8000BDF54CCCD1C1BF9 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
21:40:41.0899 0x249c  LMIGuardianSvc - ok
21:40:41.0906 0x249c  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:40:41.0914 0x249c  LMS - ok
21:40:41.0917 0x249c  LSI_SAS - ok
21:40:41.0919 0x249c  LSI_SAS2i - ok
21:40:41.0920 0x249c  LSI_SAS3i - ok
21:40:41.0922 0x249c  LSI_SSS - ok
21:40:41.0924 0x249c  LSM - ok
21:40:41.0925 0x249c  luafv - ok
21:40:41.0927 0x249c  MapsBroker - ok
21:40:41.0930 0x249c  mausbhost - ok
21:40:41.0931 0x249c  mausbip - ok
21:40:41.0933 0x249c  megasas - ok
21:40:41.0935 0x249c  megasas2i - ok
21:40:41.0937 0x249c  megasr - ok
21:40:41.0940 0x249c  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
21:40:41.0946 0x249c  MEIx64 - ok
21:40:41.0948 0x249c  MessagingService - ok
21:40:41.0951 0x249c  mlx4_bus - ok
21:40:41.0952 0x249c  MMCSS - ok
21:40:41.0954 0x249c  Modem - ok
21:40:41.0956 0x249c  monitor - ok
21:40:41.0957 0x249c  mouclass - ok
21:40:41.0959 0x249c  mouhid - ok
21:40:41.0960 0x249c  mountmgr - ok
21:40:41.0965 0x249c  [ 0EACD4459D14FBB121A0F8202F170225, 6C63A3D69D6A44E6E03863D2256A5C6EF2DCA56B18DC90B8F3AE8C8DF5D303EF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:40:41.0971 0x249c  MozillaMaintenance - ok
21:40:41.0973 0x249c  mpsdrv - ok
21:40:41.0974 0x249c  MpsSvc - ok
21:40:41.0976 0x249c  MRxDAV - ok
21:40:41.0977 0x249c  mrxsmb - ok
21:40:41.0979 0x249c  mrxsmb10 - ok
21:40:41.0980 0x249c  mrxsmb20 - ok
21:40:41.0982 0x249c  MsBridge - ok
21:40:41.0984 0x249c  MSDTC - ok
21:40:41.0987 0x249c  Msfs - ok
21:40:41.0989 0x249c  msgpiowin32 - ok
21:40:41.0990 0x249c  mshidkmdf - ok
21:40:41.0992 0x249c  mshidumdf - ok
21:40:41.0994 0x249c  msisadrv - ok
21:40:41.0996 0x249c  MSiSCSI - ok
21:40:41.0997 0x249c  msiserver - ok
21:40:41.0999 0x249c  MSKSSRV - ok
21:40:42.0001 0x249c  MsLldp - ok
21:40:42.0002 0x249c  MSPCLOCK - ok
21:40:42.0004 0x249c  MSPQM - ok
21:40:42.0006 0x249c  MsRPC - ok
21:40:42.0008 0x249c  MsSecFlt - ok
21:40:42.0010 0x249c  mssmbios - ok
21:40:42.0012 0x249c  MSTEE - ok
21:40:42.0013 0x249c  MTConfig - ok
21:40:42.0015 0x249c  Mup - ok
21:40:42.0017 0x249c  mvumis - ok
21:40:42.0020 0x249c  [ 1898CEDA3247213C084F43637EF163B3, 4429F32DB1CC70567919D7D47B844A91CF1329A6CD116F582305F3B7B60CD60B ] NAL             C:\WINDOWS\system32\Drivers\iqvw64e.sys
21:40:42.0024 0x249c  NAL - ok
21:40:42.0027 0x249c  NativeWifiP - ok
21:40:42.0029 0x249c  NaturalAuthentication - ok
21:40:42.0030 0x249c  NcaSvc - ok
21:40:42.0032 0x249c  NcbService - ok
21:40:42.0034 0x249c  NcdAutoSetup - ok
21:40:42.0036 0x249c  ndfltr - ok
21:40:42.0038 0x249c  NDIS - ok
21:40:42.0040 0x249c  NdisCap - ok
21:40:42.0041 0x249c  NdisImPlatform - ok
21:40:42.0043 0x249c  NdisTapi - ok
21:40:42.0045 0x249c  Ndisuio - ok
21:40:42.0047 0x249c  NdisVirtualBus - ok
21:40:42.0048 0x249c  NdisWan - ok
21:40:42.0050 0x249c  ndiswanlegacy - ok
21:40:42.0052 0x249c  ndproxy - ok
21:40:42.0053 0x249c  Ndu - ok
21:40:42.0055 0x249c  NetAdapterCx - ok
21:40:42.0056 0x249c  NetBIOS - ok
21:40:42.0059 0x249c  NetBT - ok
21:40:42.0061 0x249c  Netlogon - ok
21:40:42.0063 0x249c  Netman - ok
21:40:42.0065 0x249c  netprofm - ok
21:40:42.0066 0x249c  NetSetupSvc - ok
21:40:42.0070 0x249c  NetTcpPortSharing - ok
21:40:42.0072 0x249c  netvsc - ok
21:40:42.0075 0x249c  NgcCtnrSvc - ok
21:40:42.0076 0x249c  NgcSvc - ok
21:40:42.0078 0x249c  NlaSvc - ok
21:40:42.0080 0x249c  Npfs - ok
21:40:42.0081 0x249c  npsvctrig - ok
21:40:42.0083 0x249c  nsi - ok
21:40:42.0085 0x249c  nsiproxy - ok
21:40:42.0087 0x249c  NTFS - ok
21:40:42.0089 0x249c  Null - ok
21:40:42.0098 0x249c  [ 7C87B6C03A27AF13C97B8DC69DE1E0A8, D938352DA52EA13C004A3116F3F25E1722F8A786621D00A3473B071028D30E1C ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
21:40:42.0108 0x249c  NvContainerLocalSystem - ok
21:40:42.0117 0x249c  [ 7C87B6C03A27AF13C97B8DC69DE1E0A8, D938352DA52EA13C004A3116F3F25E1722F8A786621D00A3473B071028D30E1C ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
21:40:42.0126 0x249c  NvContainerNetworkService - ok
21:40:42.0128 0x249c  nvdimmn - ok
21:40:42.0134 0x249c  [ 6E256C42FD27FADEA9BDD2E98CB53FE4, 8E2BDADFCC4B0C7208E937462DDF9CD9810E1B66375BD22F26C5D94376BDEC44 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
21:40:42.0140 0x249c  NVHDA - ok
21:40:42.0417 0x249c  [ BD000446F0B4FA1E87E7D10356C49564, 95F495549F35FFD64D3132D46923D1502C10AC77E7031EE1DE629E218EC584E0 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys
21:40:42.0593 0x249c  nvlddmkm - ok
21:40:42.0605 0x249c  nvraid - ok
21:40:42.0606 0x249c  nvstor - ok
21:40:42.0608 0x249c  [ 191DAD20FA73E099BAD05953892EAF18, FA99677CA732EC58CC9FC717DA64C2591F8371E2877CE6DFC684DC3A4D5B66AD ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:40:42.0612 0x249c  NvStreamKms - ok
21:40:42.0621 0x249c  [ F0E82FD4F609E50CBF198F04C9F66A46, AE555BAD65D75DD9D4F7D6C76098448D7055A8298D037D0FA3DE640A50E34A21 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
21:40:42.0629 0x249c  NvTelemetryContainer - ok
21:40:42.0632 0x249c  [ 8736A38B0326664CA7BA4E5DE51EBC9D, C218220C987197C6E60514A5425F459011A70350F7AAE1824851B879FF542906 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
21:40:42.0636 0x249c  nvvad_WaveExtensible - ok
21:40:42.0639 0x249c  [ BCEBAC08D60020C800E1A80B257DCE43, C2BCDF9C0233E7BD82951FBCD41E2861EAB17684F277208DD28AE0E93360D9C5 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
21:40:42.0643 0x249c  nvvhci - ok
21:40:42.0645 0x249c  OneSyncSvc - ok
21:40:42.0672 0x249c  [ 731906F749FDB1F8E3CAE9E3DD34919A, 4ADEC2468A0048765CD177D8EED5D92C24FAD086CA918C7AAE9707326FB54150 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
21:40:42.0701 0x249c  Origin Client Service - ok
21:40:42.0738 0x249c  [ 98E9A68A78ADC072E7A78723C8E94234, E7A4141168BF08A8C89091237ECDA8FE9F6E6C5BFEF7E9CE041CB43844608038 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
21:40:42.0777 0x249c  Origin Web Helper Service - ok
21:40:42.0783 0x249c  [ 6C7A7FDB373D42102A114CED1CB2EB30, 2ABEBB0687F77DFA5F65635042F4F15B7C31FCA8C037BA4A15385EC4579335D8 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:42.0791 0x249c  ose - ok
21:40:42.0793 0x249c  p2pimsvc - ok
21:40:42.0794 0x249c  p2psvc - ok
21:40:42.0798 0x249c  Parport - ok
21:40:42.0799 0x249c  partmgr - ok
21:40:42.0801 0x249c  PcaSvc - ok
21:40:42.0803 0x249c  pci - ok
21:40:42.0805 0x249c  pciide - ok
21:40:42.0806 0x249c  pcmcia - ok
21:40:42.0808 0x249c  pcw - ok
21:40:42.0810 0x249c  pdc - ok
21:40:42.0811 0x249c  PEAUTH - ok
21:40:42.0813 0x249c  PeerDistSvc - ok
21:40:42.0815 0x249c  percsas2i - ok
21:40:42.0816 0x249c  percsas3i - ok
21:40:42.0828 0x249c  PerfHost - ok
21:40:42.0832 0x249c  PhoneSvc - ok
21:40:42.0834 0x249c  PimIndexMaintenanceSvc - ok
21:40:42.0836 0x249c  pla - ok
21:40:42.0839 0x249c  PlugPlay - ok
21:40:42.0841 0x249c  pmem - ok
21:40:42.0844 0x249c  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
21:40:42.0852 0x249c  PnkBstrA - ok
21:40:42.0854 0x249c  PNRPAutoReg - ok
21:40:42.0856 0x249c  PNRPsvc - ok
21:40:42.0857 0x249c  PolicyAgent - ok
21:40:42.0860 0x249c  Power - ok
21:40:42.0862 0x249c  PptpMiniport - ok
21:40:42.0914 0x249c  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:40:42.0974 0x249c  PrintNotify - ok
21:40:42.0978 0x249c  Processor - ok
21:40:42.0980 0x249c  ProfSvc - ok
21:40:42.0981 0x249c  Psched - ok
21:40:42.0983 0x249c  QWAVE - ok
21:40:42.0984 0x249c  QWAVEdrv - ok
21:40:42.0986 0x249c  RasAcd - ok
21:40:42.0988 0x249c  RasAgileVpn - ok
21:40:42.0990 0x249c  RasAuto - ok
21:40:42.0991 0x249c  Rasl2tp - ok
21:40:42.0993 0x249c  RasMan - ok
21:40:42.0994 0x249c  RasPppoe - ok
21:40:42.0997 0x249c  RasSstp - ok
21:40:42.0998 0x249c  rdbss - ok
21:40:43.0001 0x249c  rdpbus - ok
21:40:43.0002 0x249c  RDPDR - ok
21:40:43.0007 0x249c  RdpVideoMiniport - ok
21:40:43.0008 0x249c  rdyboost - ok
21:40:43.0010 0x249c  ReFS - ok
21:40:43.0011 0x249c  ReFSv1 - ok
21:40:43.0014 0x249c  RemoteAccess - ok
21:40:43.0015 0x249c  RemoteRegistry - ok
21:40:43.0017 0x249c  RetailDemo - ok
21:40:43.0019 0x249c  RmSvc - ok
21:40:43.0020 0x249c  RpcEptMapper - ok
21:40:43.0022 0x249c  RpcLocator - ok
21:40:43.0024 0x249c  RpcSs - ok
21:40:43.0025 0x249c  rspndr - ok
21:40:43.0027 0x249c  s3cap - ok
21:40:43.0030 0x249c  [ 8F63E54CC039A645B1980CFB92FA93DC, B011E8E6E5D6FF76B6AC9914CBEAF1D41D8F0F87AC2ADCBE4F5CF1E8B61F5A90 ] SAlphamHid      C:\WINDOWS\System32\drivers\SAlpham64.sys
21:40:43.0033 0x249c  SAlphamHid - detected UnsignedFile.Multi.Generic ( 1 )
21:40:43.0179 0x249c  Detect skipped due to KSN trusted
21:40:43.0179 0x249c  SAlphamHid - ok
21:40:43.0182 0x249c  SamSs - ok
21:40:43.0184 0x249c  sbp2port - ok
21:40:43.0186 0x249c  SCardSvr - ok
21:40:43.0188 0x249c  ScDeviceEnum - ok
21:40:43.0190 0x249c  scfilter - ok
21:40:43.0191 0x249c  Schedule - ok
21:40:43.0193 0x249c  scmbus - ok
21:40:43.0195 0x249c  SCPolicySvc - ok
21:40:43.0197 0x249c  sdbus - ok
21:40:43.0199 0x249c  SDFRd - ok
21:40:43.0200 0x249c  SDRSVC - ok
21:40:43.0202 0x249c  sdstor - ok
21:40:43.0204 0x249c  seclogon - ok
21:40:43.0205 0x249c  SecurityHealthService - ok
21:40:43.0207 0x249c  SEMgrSvc - ok
21:40:43.0208 0x249c  SENS - ok
21:40:43.0210 0x249c  Sense - ok
21:40:43.0211 0x249c  SensorDataService - ok
21:40:43.0213 0x249c  SensorService - ok
21:40:43.0215 0x249c  SensrSvc - ok
21:40:43.0217 0x249c  SerCx - ok
21:40:43.0218 0x249c  SerCx2 - ok
21:40:43.0220 0x249c  Serenum - ok
21:40:43.0222 0x249c  Serial - ok
21:40:43.0224 0x249c  sermouse - ok
21:40:43.0228 0x249c  SessionEnv - ok
21:40:43.0232 0x249c  sfloppy - ok
21:40:43.0234 0x249c  SharedAccess - ok
21:40:43.0236 0x249c  ShellHWDetection - ok
21:40:43.0238 0x249c  shpamsvc - ok
21:40:43.0240 0x249c  SiSRaid2 - ok
21:40:43.0242 0x249c  SiSRaid4 - ok
21:40:43.0248 0x249c  [ 6749AD471D1D44CBD1F30257C861F77B, D5A554F35E380948F13BFE0673B49F8FD8AE5A438BF3645857522E2560A58685 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:40:43.0257 0x249c  SkypeUpdate - ok
21:40:43.0259 0x249c  smphost - ok
21:40:43.0261 0x249c  SmsRouter - ok
21:40:43.0265 0x249c  SNMPTRAP - ok
21:40:43.0266 0x249c  spaceport - ok
21:40:43.0268 0x249c  SpbCx - ok
21:40:43.0270 0x249c  spectrum - ok
21:40:43.0280 0x249c  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
21:40:43.0289 0x249c  speedfan - ok
21:40:43.0292 0x249c  Spooler - ok
21:40:43.0294 0x249c  sppsvc - ok
21:40:43.0297 0x249c  srv - ok
21:40:43.0299 0x249c  srv2 - ok
21:40:43.0300 0x249c  srvnet - ok
21:40:43.0303 0x249c  [ A34A9BFCD2A9695CF00A5365DAA5F2ED, 9D935EF7103DC77EBBD00EB0DDECF8C9B17308B8A960E8BB98B807104B417114 ] ssdevfactory    C:\WINDOWS\System32\drivers\ssdevfactory.sys
21:40:43.0307 0x249c  ssdevfactory - ok
21:40:43.0310 0x249c  SSDPSRV - ok
21:40:43.0311 0x249c  SstpSvc - ok
21:40:43.0316 0x249c  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:40:43.0322 0x249c  ssudmdm - ok
21:40:43.0324 0x249c  StateRepository - ok
21:40:43.0345 0x249c  [ 925116020437C74A2F535EBB05267968, 3180856E63A7E17807A6914A13C8BD4B01AE6A76E7E8D0A3FF45556536CC717E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:40:43.0367 0x249c  Steam Client Service - ok
21:40:43.0370 0x249c  stexstor - ok
21:40:43.0372 0x249c  stisvc - ok
21:40:43.0373 0x249c  storahci - ok
21:40:43.0375 0x249c  storflt - ok
21:40:43.0377 0x249c  stornvme - ok
21:40:43.0379 0x249c  storqosflt - ok
21:40:43.0380 0x249c  StorSvc - ok
21:40:43.0382 0x249c  storufs - ok
21:40:43.0383 0x249c  storvsc - ok
21:40:43.0385 0x249c  svsvc - ok
21:40:43.0388 0x249c  swenum - ok
21:40:43.0390 0x249c  swprv - ok
21:40:43.0392 0x249c  Synth3dVsc - ok
21:40:43.0394 0x249c  SysMain - ok
21:40:43.0395 0x249c  SystemEventsBroker - ok
21:40:43.0397 0x249c  TabletInputService - ok
21:40:43.0400 0x249c  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
21:40:43.0404 0x249c  tap0901 - ok
21:40:43.0407 0x249c  TapiSrv - ok
21:40:43.0409 0x249c  Tcpip - ok
21:40:43.0410 0x249c  Tcpip6 - ok
21:40:43.0412 0x249c  tcpipreg - ok
21:40:43.0415 0x249c  tdx - ok
21:40:43.0517 0x249c  [ E72B44F86082DFE649CD991E3CD2F8B6, C5A1E53E41E48D3465A7D96886A1E5D1C3145C7E1A40FB74E3A05EDC2DA04F84 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
21:40:43.0602 0x249c  TeamViewer - ok
21:40:43.0608 0x249c  terminpt - ok
21:40:43.0610 0x249c  TermService - ok
21:40:43.0612 0x249c  Themes - ok
21:40:43.0614 0x249c  TieringEngineService - ok
21:40:43.0616 0x249c  tiledatamodelsvc - ok
21:40:43.0617 0x249c  TimeBrokerSvc - ok
21:40:43.0619 0x249c  TokenBroker - ok
21:40:43.0621 0x249c  TPM - ok
21:40:43.0623 0x249c  TrkWks - ok
21:40:43.0624 0x249c  TrustedInstaller - ok
21:40:43.0627 0x249c  tsusbflt - ok
21:40:43.0628 0x249c  TsUsbGD - ok
21:40:43.0630 0x249c  tsusbhub - ok
21:40:43.0632 0x249c  tzautoupdate - ok
21:40:43.0634 0x249c  UASPStor - ok
21:40:43.0635 0x249c  UcmCx0101 - ok
21:40:43.0637 0x249c  UcmTcpciCx0101 - ok
21:40:43.0639 0x249c  UcmUcsi - ok
21:40:43.0641 0x249c  Ucx01000 - ok
21:40:43.0642 0x249c  UdeCx - ok
21:40:43.0644 0x249c  udfs - ok
21:40:43.0646 0x249c  UEFI - ok
21:40:43.0647 0x249c  UevAgentDriver - ok
21:40:43.0649 0x249c  UevAgentService - ok
21:40:43.0651 0x249c  Ufx01000 - ok
21:40:43.0653 0x249c  UfxChipidea - ok
21:40:43.0654 0x249c  ufxsynopsys - ok
21:40:43.0658 0x249c  UI0Detect - ok
21:40:43.0659 0x249c  umbus - ok
21:40:43.0661 0x249c  UmPass - ok
21:40:43.0663 0x249c  UmRdpService - ok
21:40:43.0665 0x249c  UnistoreSvc - ok
21:40:43.0667 0x249c  upnphost - ok
21:40:43.0669 0x249c  UrsChipidea - ok
21:40:43.0671 0x249c  UrsCx01000 - ok
21:40:43.0672 0x249c  UrsSynopsys - ok
21:40:43.0674 0x249c  usbccgp - ok
21:40:43.0676 0x249c  usbcir - ok
21:40:43.0678 0x249c  usbehci - ok
21:40:43.0679 0x249c  usbhub - ok
21:40:43.0681 0x249c  USBHUB3 - ok
21:40:43.0683 0x249c  usbohci - ok
21:40:43.0684 0x249c  usbprint - ok
21:40:43.0686 0x249c  usbser - ok
21:40:43.0688 0x249c  USBSTOR - ok
21:40:43.0689 0x249c  usbuhci - ok
21:40:43.0691 0x249c  USBXHCI - ok
21:40:43.0693 0x249c  UserDataSvc - ok
21:40:43.0695 0x249c  UserManager - ok
21:40:43.0697 0x249c  UsoSvc - ok
21:40:43.0699 0x249c  VaultSvc - ok
21:40:43.0700 0x249c  vdrvroot - ok
21:40:43.0702 0x249c  vds - ok
21:40:43.0704 0x249c  VerifierExt - ok
21:40:43.0706 0x249c  vhdmp - ok
21:40:43.0707 0x249c  vhf - ok
21:40:43.0709 0x249c  vmbus - ok
21:40:43.0710 0x249c  VMBusHID - ok
21:40:43.0712 0x249c  vmgid - ok
21:40:43.0714 0x249c  vmicguestinterface - ok
21:40:43.0715 0x249c  vmicheartbeat - ok
21:40:43.0717 0x249c  vmickvpexchange - ok
21:40:43.0719 0x249c  vmicrdv - ok
21:40:43.0721 0x249c  vmicshutdown - ok
21:40:43.0722 0x249c  vmictimesync - ok
21:40:43.0724 0x249c  vmicvmsession - ok
21:40:43.0726 0x249c  vmicvss - ok
21:40:43.0727 0x249c  volmgr - ok
21:40:43.0729 0x249c  volmgrx - ok
21:40:43.0731 0x249c  volsnap - ok
21:40:43.0733 0x249c  volume - ok
21:40:43.0735 0x249c  vpci - ok
21:40:43.0737 0x249c  vsmraid - ok
21:40:43.0739 0x249c  VSS - ok
21:40:43.0740 0x249c  VSTXRAID - ok
21:40:43.0742 0x249c  vwifibus - ok
21:40:43.0744 0x249c  vwififlt - ok
21:40:43.0745 0x249c  W32Time - ok
21:40:43.0747 0x249c  WacomPen - ok
21:40:43.0749 0x249c  WalletService - ok
21:40:43.0750 0x249c  wanarp - ok
21:40:43.0752 0x249c  wanarpv6 - ok
21:40:43.0754 0x249c  wbengine - ok
21:40:43.0756 0x249c  WbioSrvc - ok
21:40:43.0757 0x249c  wcifs - ok
21:40:43.0759 0x249c  Wcmsvc - ok
21:40:43.0761 0x249c  wcncsvc - ok
21:40:43.0762 0x249c  wcnfs - ok
21:40:43.0764 0x249c  WdBoot - ok
21:40:43.0766 0x249c  Wdf01000 - ok
21:40:43.0767 0x249c  WdFilter - ok
21:40:43.0769 0x249c  WdiServiceHost - ok
21:40:43.0771 0x249c  WdiSystemHost - ok
21:40:43.0773 0x249c  wdiwifi - ok
21:40:43.0776 0x249c  WdNisDrv - ok
21:40:43.0777 0x249c  WdNisSvc - ok
21:40:43.0779 0x249c  WebClient - ok
21:40:43.0781 0x249c  Wecsvc - ok
21:40:43.0783 0x249c  WEPHOSTSVC - ok
21:40:43.0785 0x249c  wercplsupport - ok
21:40:43.0787 0x249c  WerSvc - ok
21:40:43.0788 0x249c  WFDSConMgrSvc - ok
21:40:43.0790 0x249c  WFPLWFS - ok
21:40:43.0792 0x249c  WiaRpc - ok
21:40:43.0793 0x249c  WIMMount - ok
21:40:43.0795 0x249c  WinDefend - ok
21:40:43.0799 0x249c  WindowsTrustedRT - ok
21:40:43.0800 0x249c  WindowsTrustedRTProxy - ok
21:40:43.0802 0x249c  WinHttpAutoProxySvc - ok
21:40:43.0804 0x249c  WinMad - ok
21:40:43.0808 0x249c  Winmgmt - ok
21:40:43.0809 0x249c  WinNat - ok
21:40:43.0811 0x249c  WinRM - ok
21:40:43.0814 0x249c  WINUSB - ok
21:40:43.0816 0x249c  WinVerbs - ok
21:40:43.0818 0x249c  wisvc - ok
21:40:43.0820 0x249c  WlanSvc - ok
21:40:43.0822 0x249c  wlidsvc - ok
21:40:43.0824 0x249c  wlpasvc - ok
21:40:43.0825 0x249c  WmiAcpi - ok
21:40:43.0828 0x249c  wmiApSrv - ok
21:40:43.0830 0x249c  WMPNetworkSvc - ok
21:40:43.0836 0x249c  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
21:40:43.0844 0x249c  Wof - ok
21:40:43.0847 0x249c  workfolderssvc - ok
21:40:43.0849 0x249c  WPDBusEnum - ok
21:40:43.0851 0x249c  WpdUpFltr - ok
21:40:43.0853 0x249c  WpnService - ok
21:40:43.0855 0x249c  WpnUserService - ok
21:40:43.0857 0x249c  ws2ifsl - ok
21:40:43.0859 0x249c  wscsvc - ok
21:40:43.0861 0x249c  WSDPrintDevice - ok
21:40:43.0862 0x249c  WSDScan - ok
21:40:43.0864 0x249c  WSearch - ok
21:40:43.0867 0x249c  wuauserv - ok
21:40:43.0869 0x249c  WudfPf - ok
21:40:43.0870 0x249c  WUDFRd - ok
21:40:43.0872 0x249c  wudfsvc - ok
21:40:43.0874 0x249c  WUDFWpdFs - ok
21:40:43.0876 0x249c  WUDFWpdMtp - ok
21:40:43.0877 0x249c  WwanSvc - ok
21:40:43.0879 0x249c  xbgm - ok
21:40:43.0881 0x249c  XblAuthManager - ok
21:40:43.0883 0x249c  XblGameSave - ok
21:40:43.0885 0x249c  xboxgip - ok
21:40:43.0886 0x249c  XboxGipSvc - ok
21:40:43.0888 0x249c  XboxNetApiSvc - ok
21:40:43.0890 0x249c  xinputhid - ok
21:40:43.0891 0x249c  ================ Scan global ===============================
21:40:43.0899 0x249c  [ Global ] - ok
21:40:43.0899 0x249c  ================ Scan MBR ==================================
21:40:43.0901 0x249c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:40:43.0917 0x249c  \Device\Harddisk0\DR0 - ok
21:40:43.0918 0x249c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:40:43.0985 0x249c  \Device\Harddisk1\DR1 - ok
21:40:43.0985 0x249c  ================ Scan VBR ==================================
21:40:43.0986 0x249c  [ E634D92FC2F84454312CCD026742559D ] \Device\Harddisk0\DR0\Partition1
21:40:43.0987 0x249c  \Device\Harddisk0\DR0\Partition1 - ok
21:40:43.0988 0x249c  [ 18B6AFAB79E733B927586AC1F09CE5B2 ] \Device\Harddisk0\DR0\Partition2
21:40:43.0989 0x249c  \Device\Harddisk0\DR0\Partition2 - ok
21:40:43.0991 0x249c  [ 0B804F05C15EBD6C8B08DD4910560550 ] \Device\Harddisk0\DR0\Partition3
21:40:43.0991 0x249c  \Device\Harddisk0\DR0\Partition3 - ok
21:40:43.0992 0x249c  [ 6643E69DEB400AE21FD718E48499B5D7 ] \Device\Harddisk0\DR0\Partition4
21:40:43.0993 0x249c  \Device\Harddisk0\DR0\Partition4 - ok
21:40:43.0994 0x249c  [ 4629753AE58E41224B27DACD3C679459 ] \Device\Harddisk0\DR0\Partition5
21:40:43.0995 0x249c  \Device\Harddisk0\DR0\Partition5 - ok
21:40:43.0997 0x249c  [ 0507C5958F26B2BA43FCB8BB87CD2A16 ] \Device\Harddisk1\DR1\Partition1
21:40:43.0998 0x249c  \Device\Harddisk1\DR1\Partition1 - ok
21:40:43.0998 0x249c  ================ Scan generic autorun ======================
21:40:43.0999 0x249c  SecurityHealth - ok
21:40:44.0001 0x249c  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:40:44.0004 0x249c  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:40:44.0052 0x249c  Detect skipped due to KSN trusted
21:40:44.0052 0x249c  IAStorIcon - ok
21:40:44.0065 0x249c  [ 0740D338A42F7778760F2B0CB6DA5830, C6D275B4993502A155F85D8DE26B119866DEE106C98CF29CDAACBAF11484C94A ] C:\Windows\syswow64\HsMgr.exe
21:40:44.0072 0x249c  Cmaudio8788GX - detected UnsignedFile.Multi.Generic ( 1 )
21:40:44.0124 0x249c  Detect skipped due to KSN trusted
21:40:44.0124 0x249c  Cmaudio8788GX - ok
21:40:44.0131 0x249c  [ BEF1B23AD0BBF805F02FAA01EAE0AF4E, 65CCFEC1F61E475A1F6759ECCA8DE1844A26AB7F827BC1F63339A0DFF554B039 ] C:\Windows\system\HsMgr64.exe
21:40:44.0139 0x249c  Cmaudio8788GX64 - detected UnsignedFile.Multi.Generic ( 1 )
21:40:44.0435 0x249c  Detect skipped due to KSN trusted
21:40:44.0435 0x249c  Cmaudio8788GX64 - ok
21:40:44.0442 0x249c  [ E05782E0B697CADBBC17E78C67280B30, 87A142350F1BD9FF7ADDDBF80AC5C1EFDCE93F8E3142B95ACC8D85DDE77D42D8 ] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
21:40:44.0448 0x249c  Lightshot - ok
21:40:44.0450 0x249c  OneDriveSetup - ok
21:40:44.0450 0x249c  OneDriveSetup - ok
21:40:44.0488 0x249c  [ A385FF47BD1F3D43AD9B5212F5BD4466, 890C84A59021719AEEE9B78B7D67EF6BA9124B462198FEB337045D81D250087A ] C:\Program Files (x86)\Origin\Origin.exe
21:40:44.0527 0x249c  EADM - ok
21:40:44.0533 0x249c  [ 40F7401928355A1515199676A5D00CDC, 4F16DE77F0BD7D1F9F61AE5712B3FD7BD53D19DCCEF88925E10180EF040A8E0B ] C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe
21:40:44.0539 0x249c  AVMUSBFernanschluss - detected UnsignedFile.Multi.Generic ( 1 )
21:40:44.0590 0x249c  Detect skipped due to KSN trusted
21:40:44.0590 0x249c  AVMUSBFernanschluss - ok
21:40:44.0591 0x249c  Skype - ok
21:40:44.0593 0x249c  GoogleDriveSync - ok
21:40:44.0741 0x249c  [ 8D3D5BA1638778DE87503E5FEA68DC9F, D54C2B375A6F8A49BC53CAA3ED8A0EEBF53FD113BB47622F4AE6DA762D194FE7 ] C:\Program Files\CCleaner\CCleaner64.exe
21:40:44.0877 0x249c  CCleaner Monitoring - ok
21:40:45.0120 0x249c  [ C60118EE0B605CD3EF7AD29C02D9CB8E, 7F7F96F8EBC5C762702A8C086246EC245965AFC39042ACEFDF6DB29DF0978D99 ] C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
21:40:45.0370 0x249c  Spotify - ok
21:40:45.0392 0x249c  [ 03498C0BA3B6153C3A431B1A003B90C3, 6F45FBFFB8E6BF85263F7661520E18A104D22E17A5B9AE73B12111AEED7B711E ] C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
21:40:45.0404 0x249c  Spotify Web Helper - ok
21:40:45.0405 0x249c  Waiting for KSN requests completion. In queue: 60
21:40:46.0411 0x249c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\WindowsSecurityCenter.exe ( 15.0.31.21 ), 0x41000 ( enabled : updated )
21:40:46.0411 0x249c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x60100 ( disabled : updated )
21:40:46.0425 0x249c  Win FW state via NFP2: enabled ( trusted )
21:40:46.0531 0x249c  ============================================================
21:40:46.0531 0x249c  Scan finished
21:40:46.0531 0x249c  ============================================================
21:40:46.0535 0x2498  Detected object count: 0
21:40:46.0535 0x2498  Actual detected object count: 0
         

Alt 20.09.2017, 21:42   #5
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



additional:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Christophh (20-09-2017 21:38:49)
Gestartet von C:\Users\Christophh\Downloads
Windows 10 Pro N Version 1703 (X64) (2017-06-27 11:22:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2647985832-747989680-4269839675-500 - Administrator - Disabled)
Christophh (S-1-5-21-2647985832-747989680-4269839675-1001 - Administrator - Enabled) => C:\Users\Christophh
DefaultAccount (S-1-5-21-2647985832-747989680-4269839675-503 - Limited - Disabled)
Gast (S-1-5-21-2647985832-747989680-4269839675-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{7c01a3b4-3454-446e-8473-8a245f962c28}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.31.27 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlefield™ 1 CTE (HKLM-x32\...\{E970EAB6-8F6F-4E72-AB13-F6648397322C}) (Version: 1.0.49.53737 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
Fallout 4 Update 7 MULTi2 1.3.47 (HKLM-x32\...\Fallout 4 Update 7 MULTi2 1.3.47) (Version:  - )
Far Cry 4 Final DLC Edition (HKLM-x32\...\Far Cry 4 Final DLC Edition) (Version: 1.01 - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.163.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.642 - IBM Corp)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Demo (HKLM\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> Keine Datei
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {079C14B1-CB36-4B02-B028-CE0CEDA98B4A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {12499066-3D4B-4DED-83CB-F1FFC715E2D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {145BC74F-115A-4698-B56C-BFC772C08436} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {1B85927A-612F-4181-85EE-63FE2ED0865B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1CC83974-E9D3-4810-BA4C-7220F4900776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2174755F-05CE-49D0-AE15-747D140A045B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23E845F4-7EBF-4E56-AC3B-366E26A110AC} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {4251EA1E-A6D3-45D4-AFC1-95DE3060F863} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {49B78674-9BE2-4E99-8E88-AC2E440BC2B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {4E86110C-D824-4944-9638-7481FB7299E1} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {555A41E3-676C-4710-B88E-201FC8C82C05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {5616F5D0-8636-485C-B6CC-57BBDB454828} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5DB0FBE3-2D87-4192-AA89-2F4CF88D24F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {63A3C67B-2DA1-4C68-8C6A-B4C1EFF5C3CA} - System32\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6575BDDC-DB1C-46B8-B459-A0EF649F9694} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {67A30A74-9E49-4542-BF72-B99B5AC568F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {6EFCD18D-6694-43F7-B182-2EE79B5F01BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {75639B92-6F08-447D-9DB6-2C9EB681FEE9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {7CC31553-2D5E-438B-A5DA-27AF6A753689} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8690B4D6-D373-4296-AD8C-77CCA8827DF9} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {8787C227-430F-4D02-A178-C9E614996DFE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-20] (Avira Operations GmbH & Co. KG)
Task: {90486FE1-A505-47DA-A1B3-4A19B2E5BE65} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {93ECD6F2-41F2-473D-8DBE-3930D5A6083C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {96F6BD3B-3A9D-4A82-B65F-BCEBF51B29BC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {98895E9E-010F-44A4-9E71-8EA31ABF20E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {A69FDB4A-CE01-4556-9505-DB1511ECBE78} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {B40A4036-DD57-47F9-858C-63F09F3AB501} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B6B33C06-EB44-4CFA-84ED-342E4C5E7039} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {BBC48FF0-B417-4CFE-9DB7-E25CCB958C99} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {E3490B13-F99A-4811-B177-587C23626ADE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {ED950690-48CA-447A-AB14-0DE3300969AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F0FAB5DD-8534-4FD2-84F4-9F6707BF3BA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {F4319554-C5A5-4435-80A5-0A304DCF0B9A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {F4D99559-374E-46D7-BF35-2CFC0C780B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-06-27 13:16 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-10-29 21:11 - 2015-11-10 18:38 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2016-10-24 20:51 - 2017-02-23 20:34 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 22:56 - 2017-03-18 22:56 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:58 - 2017-03-20 06:41 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-28 19:16 - 2008-07-11 17:04 - 000200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2015-10-28 19:16 - 2008-07-11 17:03 - 000282112 _____ () C:\Windows\System\HsMgr64.exe
2017-04-11 19:12 - 2017-08-23 17:49 - 000021856 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2015-10-29 18:47 - 2017-05-23 13:57 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-06-27 13:16 - 2017-09-20 21:36 - 000038544 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-27 13:16 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-24 20:51 - 2017-02-23 20:33 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 15:48 - 2017-08-23 17:48 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-10-20 15:48 - 2017-08-23 17:48 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 15:20 - 2016-07-03 11:42 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-09-20 21:36 - 2017-09-20 21:36 - 000098816 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32api.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000110080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\pywintypes27.dll
2017-09-20 21:36 - 2017-09-20 21:36 - 000364544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\pythoncom27.dll
2017-09-20 21:36 - 2017-09-20 21:36 - 000320512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32com.shell.shell.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000914432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_hashlib.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 001176576 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._core_.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000806400 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._gdi_.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000816128 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._windows_.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 001067008 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._controls_.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000733184 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._misc_.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000682496 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\pysqlite2._sqlite.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_ctypes.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000686080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\unicodedata.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000119808 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32file.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000108544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32security.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000007168 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\hashobjs_ext.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000017920 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\thumbnails_ext.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\usb_ext.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000012800 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\common.time34.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000018432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32event.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000167936 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32gui.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000046080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_socket.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 001303552 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_ssl.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000128512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_elementtree.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000127488 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\pyexpat.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000038912 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32inet.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000036864 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_psutil_windows.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000524248 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\windows._lib_cacheinvalidation.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000011264 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32crypt.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000123392 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._wizard.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000077312 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._html2.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000027648 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_multiprocessing.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000020480 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\_yappi.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000035840 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32process.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000078848 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\wx._animate.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000024064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32pipe.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000010240 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\select.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000025600 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32pdh.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000017408 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32profile.pyd
2017-09-20 21:36 - 2017-09-20 21:36 - 000022528 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI132322\win32ts.pyd
2017-09-02 17:53 - 2017-08-04 23:19 - 000678176 _____ () D:\Steam\SDL2.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 004969248 _____ () D:\Steam\v8.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 002505504 _____ () D:\Steam\video.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001195296 _____ () D:\Steam\icuuc.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001563936 _____ () D:\Steam\icui18n.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000332800 _____ () D:\Steam\libavresample-2.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000442880 _____ () D:\Steam\libavutil-54.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000491008 _____ () D:\Steam\libavformat-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 002549760 _____ () D:\Steam\libavcodec-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000485888 _____ () D:\Steam\libswscale-3.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 000885024 _____ () D:\Steam\bin\chromehtml.DLL
2016-10-14 21:39 - 2016-07-05 00:17 - 000266560 _____ () D:\Steam\openvr_api.dll
2017-06-09 09:16 - 2017-05-17 03:54 - 000678176 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-02 17:53 - 2017-07-18 00:50 - 073115424 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2016-10-14 21:39 - 2015-09-25 01:52 - 000119208 _____ () D:\Steam\winh264.dll
2016-10-24 20:51 - 2017-02-23 16:30 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-24 20:51 - 2017-02-23 16:30 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2014-04-29 16:23 - 2014-04-29 16:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B35FBDA9-C65B-47A7-89EA-57B01B60EA65}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [{099D13E3-C461-4BC6-8AA9-D8FE2A5A3C87}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [UDP Query User{F3A72D23-B603-4F7B-94FB-759242EC9FE3}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [TCP Query User{7E91D023-B68C-446F-A88D-AF8F190CA3CF}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [{68DECFC6-06EC-4A89-9460-8AD119AB25DE}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{4B97FF0B-B5CC-4D2C-91C8-54E7C412E087}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{054FFD83-2C35-425A-8D3D-4D2E82399EAA}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{FAB710FB-1EE2-43CA-BE36-54DC74DEB183}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{EAF85DE4-1BA5-4707-A2E7-D559A31DFBD1}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{3B78D03A-6E75-4D58-9501-21A2B6179C24}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{4D87E320-DF34-41A4-8F18-D8116E522B26}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8E11CAB3-6576-4470-A984-06E21B7CCD74}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8ADDDCD5-DD4B-4D61-812C-374174D98790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{4084F086-02AC-47E7-9C96-3B15B1247049}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A1C76DAE-E2B2-41EE-801B-3E9D69D8B13A}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{3031581B-B895-41FE-BE61-D71E733A7EB4}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C727FE97-2BFC-4CC6-9DE8-4017614559DA}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{109DC5D2-65DD-41CE-84AF-48D9AAB0B717}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{9A3EAE5E-89B1-4AD2-8DFD-CB336B818FDD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{F91E551C-A116-48CC-B153-40A168C2E616}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{88534B71-581A-4D5F-B59D-6B2AF72CD5B4}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{577290BA-FE8E-4C77-824B-6DEC20F4E200}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6085BDC2-49FA-49F2-B94C-349731FF7144}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{DC19986E-04F8-4976-A8C9-A877E30A65A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EB2C4A04-B263-4F53-8C48-25BD52BA1022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF91B00A-D570-4A7D-A43A-656A7DCCF011}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C452347E-DFEE-4634-9D0E-C1B309A53B9B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E54F1CF7-D890-4660-A8FF-3B33B3B48422}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{950EC891-E6F9-408D-9B5D-D7EC6AB72F0C}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1604F9C6-4398-4F60-88EC-A2176B902862}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C72357B3-559F-4A68-BBB2-3FBCBDBF7A1A}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{2BEAFD9D-1698-49B7-95F2-2A97A6FC0CFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7582F3C4-C10A-4E89-90AB-C81232CBBCF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F6420D1C-B234-4DA2-954A-726B72908CC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FB4EACAA-BF4A-49E8-A136-700565C97C0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{CEB9BBAB-08A5-4389-B817-020D69F17D79}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{3F6BDE10-997F-4291-A3B5-4F19C9293999}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7FBA1017-EA2A-4C53-B1AF-CAEE09FECB0F}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{AC1A3B22-C1AE-40E1-BA66-72DD31308CD7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{46862880-DA2A-4AA5-917B-832CD216B58B}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{81A9155B-97BA-42AA-84ED-DCDE97025F32}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5CCC69C3-4230-46E2-A782-737A0F54BC49}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{D2140964-DED8-4194-BAE6-3EA3D82B8B6F}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{EA757548-9659-449E-8199-E51C3F89E26D}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{00C2E2E4-3633-49B0-9970-4524C088C2B1}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{9E454426-9F44-4B08-A3DB-02FE95983C52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3A48BD7-716E-4B88-AC0F-2E68EECF9CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1CB37054-8DFE-45C6-B743-0569AAC3CF0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6515389-2662-43D2-8E06-F2C5290E9289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0D4F991-F4B8-4F57-8100-4E837C976F1F}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{1C40E035-51C4-4CB8-80AD-D93FF9F5B8E2}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{43EDC139-DF01-4D40-8CDE-95A7B93F3938}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{439074AF-839D-4F06-964E-941A5FBF869B}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{C0E4A294-6429-44E1-9433-E1B2B666707D}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{77DFD709-BD5A-4749-882E-F9486930E8A5}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{37EB6D7F-DFCE-4039-9F1B-1CE7CB28305F}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{7B6ABA40-F303-4C47-8B04-6E79AB68BF95}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{43D3BF8B-4235-48FA-A8D1-CCEAB3DE7B26}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{2723C32B-DE08-477A-BC47-B9AE48A6B32C}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{B5D2E769-682B-4CA6-830D-7B3D6993DA0D}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [{153174ED-074B-4C06-86DF-3FE701EAE4B2}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [UDP Query User{0B868E1C-C3B3-4D2B-9B32-17D522FCE3FE}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [TCP Query User{ED90E7CB-DBBA-4801-BA56-79C8372373AB}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [{47DB389D-A6C1-40A5-A325-E412016A8B43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8920E0-8239-4023-A97E-CE5267CCD157}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{7D3173BA-064A-461E-A0CE-85179956DEA0}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{C093C513-6B31-4E3F-B857-CA50004719AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AF4945FB-B71B-4916-885F-A60C3898874D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EEEDCE2-1BCB-459D-A368-30C5CC49F0C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B363055-D6FD-486B-B3D7-6EA6C33899E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FCADDE1-0029-47CB-998E-04C33F148A61}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{BB23A4F2-1441-462D-B0BB-FB7A03B332CA}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{D4C7EA1B-1517-4351-A08E-564C66FE839B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBFBEA75-7A73-4E80-BB55-87284A15977E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B801FC59-120D-49DA-9EAE-BD56C4A18D81}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{C441A6F7-E05E-4C85-ADB1-79104BFDB08E}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{1182DFCA-2A8B-47B3-A4A6-262E767AE0C9}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{7503F75F-238A-4A7C-899C-FB96C6019A07}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{EEEA93BE-EBEF-4499-806F-E2E33963FFF9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{52211986-6A85-43E4-BE5A-1FC707E379E0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD01900F-317E-494C-83BA-D57748671EBB}] => (Allow) C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{434A2C7B-F770-4086-9BD0-4CAECC9527DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{847190F2-960B-451F-8F4D-456C9A44530C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75F57C39-04D7-41C6-9643-BDC52266E5FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA513ED1-547C-4D5A-B36C-B7C94B26CCEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{50C2DA0F-76A2-4917-9335-0F6223DBD2E4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [UDP Query User{64C3315C-C436-4FFA-9E36-F7EC7CEBD1A4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [TCP Query User{845F1EDC-DFDD-4A88-8640-1665F249666D}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [UDP Query User{71508D2D-3E58-4453-BB15-72BA86B6FCC3}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{CF9B3EB5-9D48-45C7-8343-EC606051C258}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{124E2EF1-88B1-43C5-871D-1F55AF3E0B38}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{5C5C2DFC-FFF6-4416-9B39-87041120CF09}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{642977D6-B138-4E9F-B7DB-EAD38DCA1682}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7A70B9E9-6BD6-422E-93E1-CF728AF6DE15}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{9EDC662F-5646-461B-B397-FC57EE2E20BF}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{CE89E561-D33C-4E57-9A60-0B730AB2F192}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{B7D96811-0573-4899-98EC-A0893B9E88F7}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [TCP Query User{D9F4D7D1-32EB-40C0-8863-F86532D0D71F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{052CCC83-FB80-4C6F-B8DA-4E68E91C5CB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1E12540D-455F-483A-A2CC-F21FAF82B23B}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B0CAA0EC-C64E-4B2F-B4A6-53D829A11C1D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{52059795-9EF3-4B25-B320-F03FB1C1C544}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E34EFAEF-361F-4813-BD7C-E018EFD198F5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8766D8A0-9D2C-4170-A10D-F713DF360CF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3118D20C-60CA-402F-BA96-45E77CF8079C}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{E3907755-C264-403D-A56A-45AEAC3CB4F4}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{764473A7-036F-4825-BB17-CF7B4414023C}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A4D0C427-7344-4B19-9D6F-89526017F839}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FA28E123-C83B-438B-B91A-21B1ACB30F98}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D645DE72-22F3-4D3A-A75D-A1A1FDF2ED80}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{119EC3DC-E7AA-4141-BE01-CFB25FA7A03C}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEF82CAC-01D6-47C8-A17C-9AD1F9E4F4B6}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC1368CB-8DD5-4543-BEF2-315DCB2A08D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5B717D7D-AA42-4908-BBE6-3674B2966586}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{C56B60BB-8721-488E-A9F8-2F6B2763092C}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8555A0F3-A453-40A2-B000-1A1426E60F11}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{ACE19388-438D-4F8B-B62E-90CB7288CCD7}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6EC638C8-873B-45CE-8A5F-DD2AD5A1E094}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{575E17B4-0C7F-4B19-A507-C7D732978D9A}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/20/2017 06:48:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/20/2017 06:40:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 55.0.3.6445, Zeitstempel: 0x599ed78a
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x168
Startzeit der fehlerhaften Anwendung: 0x01d3317e3c197368
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: be20cbde-1b32-487f-9ab2-2f02e702ef22
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:35:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 55.0.3.6445, Zeitstempel: 0x599edbef
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x3944
Startzeit der fehlerhaften Anwendung: 0x01d3317e523afba7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: a815ae63-7104-4138-b0ab-fc219dde8d0b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:33:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:33:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/17/2017 12:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NVDisplay.Container.exe, Version: 1.2.0.0, Zeitstempel: 0x59079e96
Name des fehlerhaften Moduls: NvXDCore.dll_unloaded, Version: 8.17.13.8205, Zeitstempel: 0x59079dd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c1951
ID des fehlerhaften Prozesses: 0x56c
Startzeit der fehlerhaften Anwendung: 0x01d32c8d2faed14d
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Pfad des fehlerhaften Moduls: NvXDCore.dll
Berichtskennung: 5dce9ebc-6bc4-455b-99c3-103d52523f16
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/17/2017 11:53:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/17/2017 10:22:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/16/2017 11:16:06 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (09/20/2017 09:36:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/20/2017 09:36:13 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256841257456

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/19/2017 11:13:51 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2017-08-23 16:10:28.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 8133.69 MB
Verfügbarer physikalischer RAM: 4557.82 MB
Summe virtueller Speicher: 18885.69 MB
Verfügbarer virtueller Speicher: 14814.17 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.8 GB) (Free:43.39 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:184.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 261C8E12)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C2F9017A)

Partition: GPT.

==================== Ende von Addition.txt ============================
         


Alt 20.09.2017, 21:46   #6
M-K-D-B
/// TB-Ausbilder
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Bitte noch die von mir gestellten Fragen beantworten.
__________________
--> Microsoft-Ansage "Pc deaktivieren" Virus

Alt 20.09.2017, 21:58   #7
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Nein, das erste mal.
Als ich mit Firefox auf "Streaming-Seiten" unterwegs war, wenn man das so sagen darf/kann.

Alt 21.09.2017, 14:49   #8
M-K-D-B
/// TB-Ausbilder
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Servus,



Zitat:
Zitat von banshing Beitrag anzeigen
Als ich mit Firefox auf "Streaming-Seiten" unterwegs war, wenn man das so sagen darf/kann.
Ich dachte mir schon, dass es beim Besuchen von Internetseiten aufgetreten ist. Hört sich nach einer schädlichen Seite an, die dort geöffnet wurde.

Die Logdateien sehen an sich gut aus. Wir machen trotzdem ein paar Kontrollen.






Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die zwei neuen Logdateien von FRST.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 21.09.2017, 19:09   #9
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 21 16:58:52 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Pro N (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Christophh\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
Deleted: C:\Program Files (x86)\Offers Olymp


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\chip 1-click download service
Deleted: [Key] - HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: OffersOlymp - 


*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1813 B] - [2017/6/2 19:40:39]
C:/AdwCleaner/AdwCleaner[S0].txt - [1793 B] - [2017/6/2 19:40:5]
C:/AdwCleaner/AdwCleaner[S1].txt - [1639 B] - [2017/9/21 16:57:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
         
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 21.09.17
Scan-Zeit: 19:02
Protokolldatei: a5a6f4c0-9eee-11e7-b7fe-f07959664f3c.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.188
Version des Aktualisierungspakets: 1.0.2857
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.608)
CPU: x64
Dateisystem: NTFS
Benutzer: Christoph\Christophh

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 393630
Erkannte Bedrohungen: 25
In die Quarantäne verschobene Bedrohungen: 25
Abgelaufene Zeit: 1 Min., 43 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.OffersOlymp, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bbiilhoacmmppcmcogfmaailncbelbgn, In Quarantäne, [1943], [344163],1.0.2857

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 10
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_locales\de, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_locales\en, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_metadata, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_locales, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\content, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\icons, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\USERS\CHRISTOPHH\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\bbiilhoacmmppcmcogfmaailncbelbgn, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\jetpack\@offersolymp\simple-storage, In Quarantäne, [1943], [344143],1.0.2857
PUP.Optional.OffersOlymp, C:\USERS\CHRISTOPHH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WNPF6FUE.DEFAULT\JETPACK\@OFFERSOLYMP, In Quarantäne, [1943], [344143],1.0.2857

Datei: 14
PUP.Optional.OffersOlymp, C:\USERS\CHRISTOPHH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WNPF6FUE.DEFAULT\EXTENSIONS\@OFFERSOLYMP.XPI, In Quarantäne, [1943], [344162],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\content\index.html, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\content\main.js, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\content\pxl2.png, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\icons\icon.png, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\icons\icon128.png, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_locales\de\messages.json, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_locales\en\messages.json, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\_metadata\verified_contents.json, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\background.js, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\chnl.js, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\manifest.json, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiilhoacmmppcmcogfmaailncbelbgn\1.0.8_0\secure.js, In Quarantäne, [1943], [344142],1.0.2857
PUP.Optional.OffersOlymp, C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\jetpack\@offersolymp\simple-storage\store.json, In Quarantäne, [1943], [344143],1.0.2857

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
durchgeführt von Christophh (Administrator) auf CHRISTOPH (21-09-2017 19:05:43)
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh &  (Verfügbare Profile: Christophh)
Platform: Windows 10 Pro N Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AVM Berlin) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avconfig.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\RunOnce: [Uninstall 17.3.6966.0824\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\amd64"
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\RunOnce: [Uninstall 17.3.6966.0824] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\17.3.6966.0824"
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-02-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ebeed22-0f5c-4834-a642-ac386011e952}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-10-28] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-28] (DVDVideoSoft Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF DefaultProfile: wnpf6fue.default
FF ProfilePath: C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default [2017-09-21]
FF NetworkProxy: Mozilla\Firefox\Profiles\wnpf6fue.default -> type", 0
FF Extension: (ProxTube) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\ich@maltegoetz.de.xpi [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Yahoo Partner) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-24] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-11-01] (AVM Berlin)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 19:05 - 2017-09-21 19:05 - 000006157 _____ C:\Users\Christophh\Desktop\mbam.txt
2017-09-21 19:02 - 2017-09-21 19:02 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-21 19:01 - 2017-09-21 19:01 - 068408664 _____ (Malwarebytes ) C:\Users\Christophh\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-21 19:01 - 2017-09-21 19:01 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-21 19:01 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-21 18:56 - 2017-09-21 18:56 - 008182736 _____ (Malwarebytes) C:\Users\Christophh\Downloads\adwcleaner_7.0.2.1.exe
2017-09-20 21:40 - 2017-09-20 21:41 - 000088370 _____ C:\TDSSKiller.3.1.0.15_20.09.2017_21.40.12_log.txt
2017-09-20 21:40 - 2017-09-20 21:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Christophh\Downloads\tdsskiller.exe
2017-09-20 21:38 - 2017-09-20 21:38 - 000000000 ____D C:\Users\Christophh\Downloads\FRST-OlderVersion
2017-09-20 21:35 - 2017-09-20 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-20 18:39 - 2017-09-20 18:39 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-09-20 18:39 - 2017-09-20 18:39 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-20 18:39 - 2017-09-20 18:39 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-19 22:12 - 2017-09-20 21:38 - 000062621 _____ C:\Users\Christophh\Downloads\Addition.txt
2017-09-19 22:11 - 2017-09-21 19:05 - 000030014 _____ C:\Users\Christophh\Downloads\FRST.txt
2017-09-19 22:11 - 2017-09-21 19:05 - 000000000 ____D C:\FRST
2017-09-19 22:10 - 2017-09-20 21:38 - 002399744 _____ (Farbar) C:\Users\Christophh\Downloads\FRST64.exe
2017-09-12 23:00 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 23:00 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 23:00 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 23:00 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 23:00 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 23:00 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 23:00 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 23:00 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 23:00 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 22:59 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 22:59 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 22:59 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 22:59 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 22:59 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 22:59 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 22:59 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 22:59 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 22:59 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 22:59 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 22:59 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 22:59 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 22:59 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 22:59 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 22:59 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 22:59 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 22:59 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 22:59 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 22:59 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 22:59 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 22:59 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 22:59 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 22:59 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 22:59 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 22:59 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 22:59 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 22:59 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 22:59 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 22:59 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 22:59 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 22:59 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 22:59 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 22:59 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-06 23:49 - 2017-09-06 23:49 - 000000041 _____ C:\Users\Christophh\Desktop\sky.txt
2017-09-05 00:11 - 2017-09-05 00:11 - 005004137 _____ C:\Users\Christophh\Desktop\867c5e9ab0891a8d.mp4
2017-08-27 19:38 - 2017-08-27 19:38 - 000461541 _____ C:\Users\Christophh\Downloads\8CTVBK
2017-08-27 19:36 - 2017-08-27 19:36 - 000188608 _____ C:\Users\Christophh\Downloads\Documents(1).zip
2017-08-27 19:36 - 2017-06-07 11:04 - 000037225 ____N C:\Users\Christophh\Desktop\Tutorium06-SS17.pdf
2017-08-27 19:36 - 2017-05-29 11:33 - 000037344 ____N C:\Users\Christophh\Desktop\Tutorium05-SS17.pdf
2017-08-27 19:36 - 2017-05-24 15:05 - 000037470 ____N C:\Users\Christophh\Desktop\Tutorium04-SS17.pdf
2017-08-27 19:36 - 2017-05-17 11:57 - 000037932 ____N C:\Users\Christophh\Desktop\Tutorium03-SS17.pdf
2017-08-27 19:36 - 2017-05-15 08:43 - 000032988 ____N C:\Users\Christophh\Desktop\Tutorium02-SS17.pdf
2017-08-27 19:36 - 2017-05-04 09:54 - 000048413 ____N C:\Users\Christophh\Desktop\Tutorium01-SS17.pdf
2017-08-27 19:35 - 2017-08-27 19:35 - 015613585 _____ C:\Users\Christophh\Downloads\Documents.zip
2017-08-26 21:39 - 2017-08-26 21:39 - 020317282 _____ C:\Users\Christophh\Downloads\Gmail.zip
2017-08-23 19:05 - 2017-08-23 19:05 - 000000000 ____D C:\Steamspiele
2017-08-23 16:11 - 2017-09-21 19:01 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Spotify
2017-08-23 16:11 - 2017-09-21 19:01 - 000000000 ____D C:\Users\Christophh\AppData\Local\Spotify
2017-08-23 16:11 - 2017-08-23 16:11 - 000001914 _____ C:\Users\Christophh\Desktop\Spotify.lnk
2017-08-23 16:11 - 2017-08-23 16:11 - 000001900 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-23 16:10 - 2017-08-23 16:10 - 058203272 _____ (Spotify Ltd) C:\Users\Christophh\Downloads\SpotifyFullSetup.exe
2017-08-23 16:10 - 2017-08-23 16:10 - 000000247 _____ C:\SILENT

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 19:04 - 2017-07-27 14:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647985832-747989680-4269839675-1001
2017-09-21 19:04 - 2017-06-27 13:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16B4380E-769C-4734-94C3-69A9011C9AF2}
2017-09-21 19:04 - 2016-07-29 20:50 - 000002437 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 19:04 - 2015-10-28 19:14 - 000000000 ___RD C:\Users\Christophh\OneDrive
2017-09-21 19:03 - 2017-06-27 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-21 19:01 - 2015-12-18 22:56 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Skype
2017-09-21 19:01 - 2015-10-16 15:11 - 000000000 ____D C:\ProgramData\Origin
2017-09-21 19:00 - 2017-06-27 13:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-21 19:00 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-21 19:00 - 2016-11-20 12:30 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Mozilla
2017-09-21 19:00 - 2015-11-08 15:35 - 000000000 ____D C:\Users\Christophh\AppData\Local\LogMeIn Hamachi
2017-09-21 18:59 - 2017-06-27 13:25 - 002548522 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-21 18:59 - 2017-03-20 06:40 - 001176414 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-21 18:59 - 2017-03-20 06:40 - 000270202 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-21 18:58 - 2017-08-01 19:46 - 000000000 ____D C:\Users\Christophh\AppData\Local\Downloaded Installations
2017-09-21 18:58 - 2017-06-02 21:38 - 000000000 ____D C:\AdwCleaner
2017-09-20 22:30 - 2017-06-27 13:16 - 000000000 ____D C:\Users\Christophh
2017-09-20 22:30 - 2017-06-27 13:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 18:55 - 2015-10-28 19:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-20 18:38 - 2015-10-16 13:14 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-09-19 22:10 - 2017-06-30 17:03 - 000000000 ____D C:\Users\Christophh\AppData\Local\Deployment
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-19 21:38 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-19 21:36 - 2017-03-18 23:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-19 21:36 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
2017-09-17 12:09 - 2015-10-16 15:20 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\TS3Client
2017-09-14 14:14 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-13 18:48 - 2015-10-16 13:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-09-13 14:38 - 2017-06-27 13:15 - 000381288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 14:38 - 2016-04-27 07:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 00:07 - 2017-03-20 06:39 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 23:02 - 2015-10-16 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 23:01 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 23:01 - 2015-10-16 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-02 19:30 - 2015-10-16 15:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 17:57 - 2016-01-24 17:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-27 19:58 - 2016-11-19 13:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 19:58 - 2015-10-16 14:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:44 - 2017-07-27 22:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-25 15:40 - 2016-01-15 21:16 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-25 15:40 - 2016-01-15 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-24 21:30 - 2016-08-12 16:59 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-24 21:30 - 2016-08-12 16:59 - 000000000 ____D C:\Users\Christophh\AppData\Local\UnrealEngine
2017-08-23 14:38 - 2015-10-28 19:16 - 000000000 ____D C:\Users\Christophh\AppData\Local\MSfree Inc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-31 20:07 - 2017-01-27 18:49 - 000007591 _____ () C:\Users\Christophh\AppData\Local\Resmon.ResmonCfg
2015-10-29 20:55 - 2015-10-29 20:55 - 000000003 _____ () C:\Users\Christophh\AppData\Local\updater.log
2015-10-29 20:55 - 2017-05-06 11:08 - 000000425 _____ () C:\Users\Christophh\AppData\Local\UserProducts.xml
2016-09-25 17:14 - 2016-09-25 17:14 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-20 18:48

==================== Ende von FRST.txt ============================
         

Alt 21.09.2017, 19:10   #10
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Christophh (21-09-2017 19:06:05)
Gestartet von C:\Users\Christophh\Downloads
Windows 10 Pro N Version 1703 (X64) (2017-06-27 11:22:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2647985832-747989680-4269839675-500 - Administrator - Disabled)
Christophh (S-1-5-21-2647985832-747989680-4269839675-1001 - Administrator - Enabled) => C:\Users\Christophh
DefaultAccount (S-1-5-21-2647985832-747989680-4269839675-503 - Limited - Disabled)
Gast (S-1-5-21-2647985832-747989680-4269839675-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{7c01a3b4-3454-446e-8473-8a245f962c28}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.31.27 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlefield™ 1 CTE (HKLM-x32\...\{E970EAB6-8F6F-4E72-AB13-F6648397322C}) (Version: 1.0.49.53737 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
Fallout 4 Update 7 MULTi2 1.3.47 (HKLM-x32\...\Fallout 4 Update 7 MULTi2 1.3.47) (Version:  - )
Far Cry 4 Final DLC Edition (HKLM-x32\...\Far Cry 4 Final DLC Edition) (Version: 1.01 - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.163.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.642 - IBM Corp)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Demo (HKLM\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {079C14B1-CB36-4B02-B028-CE0CEDA98B4A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {12499066-3D4B-4DED-83CB-F1FFC715E2D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {145BC74F-115A-4698-B56C-BFC772C08436} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {1B85927A-612F-4181-85EE-63FE2ED0865B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1CC83974-E9D3-4810-BA4C-7220F4900776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2174755F-05CE-49D0-AE15-747D140A045B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23E845F4-7EBF-4E56-AC3B-366E26A110AC} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {4251EA1E-A6D3-45D4-AFC1-95DE3060F863} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {49B78674-9BE2-4E99-8E88-AC2E440BC2B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {4E86110C-D824-4944-9638-7481FB7299E1} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {555A41E3-676C-4710-B88E-201FC8C82C05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {5616F5D0-8636-485C-B6CC-57BBDB454828} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {5DB0FBE3-2D87-4192-AA89-2F4CF88D24F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {63A3C67B-2DA1-4C68-8C6A-B4C1EFF5C3CA} - System32\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6575BDDC-DB1C-46B8-B459-A0EF649F9694} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {67A30A74-9E49-4542-BF72-B99B5AC568F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {6EFCD18D-6694-43F7-B182-2EE79B5F01BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {75639B92-6F08-447D-9DB6-2C9EB681FEE9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {7CC31553-2D5E-438B-A5DA-27AF6A753689} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8690B4D6-D373-4296-AD8C-77CCA8827DF9} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {8787C227-430F-4D02-A178-C9E614996DFE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-20] (Avira Operations GmbH & Co. KG)
Task: {90486FE1-A505-47DA-A1B3-4A19B2E5BE65} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {93ECD6F2-41F2-473D-8DBE-3930D5A6083C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {96F6BD3B-3A9D-4A82-B65F-BCEBF51B29BC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {98895E9E-010F-44A4-9E71-8EA31ABF20E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {A69FDB4A-CE01-4556-9505-DB1511ECBE78} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {B40A4036-DD57-47F9-858C-63F09F3AB501} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {B6B33C06-EB44-4CFA-84ED-342E4C5E7039} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {BBC48FF0-B417-4CFE-9DB7-E25CCB958C99} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {E3490B13-F99A-4811-B177-587C23626ADE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {ED950690-48CA-447A-AB14-0DE3300969AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F0FAB5DD-8534-4FD2-84F4-9F6707BF3BA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {F4319554-C5A5-4435-80A5-0A304DCF0B9A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {F4D99559-374E-46D7-BF35-2CFC0C780B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-06-27 13:16 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-10-24 20:51 - 2017-02-23 20:34 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-10-29 21:11 - 2015-11-10 18:38 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-03-18 22:56 - 2017-03-18 22:56 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:58 - 2017-03-20 06:41 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-11 19:12 - 2017-08-23 17:49 - 000021856 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-09-21 19:01 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-06-27 13:16 - 2017-09-21 19:00 - 000038544 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-27 13:16 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-10-24 20:51 - 2017-02-23 20:33 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 15:48 - 2017-08-23 17:48 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-10-20 15:48 - 2017-08-23 17:48 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 15:20 - 2016-07-03 11:42 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-09-21 19:01 - 2017-09-21 19:01 - 000098816 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32api.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000110080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\pywintypes27.dll
2017-09-21 19:01 - 2017-09-21 19:01 - 000364544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\pythoncom27.dll
2017-09-21 19:01 - 2017-09-21 19:01 - 000320512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32com.shell.shell.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000914432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_hashlib.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 001176576 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._core_.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000806400 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._gdi_.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000816128 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._windows_.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 001067008 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._controls_.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000733184 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._misc_.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000682496 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\pysqlite2._sqlite.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_ctypes.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000686080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\unicodedata.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000119808 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32file.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000108544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32security.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000007168 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\hashobjs_ext.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000017920 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\thumbnails_ext.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\usb_ext.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000012800 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\common.time34.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000018432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32event.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000167936 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32gui.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000046080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_socket.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 001303552 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_ssl.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000128512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_elementtree.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000127488 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\pyexpat.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000038912 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32inet.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000036864 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_psutil_windows.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000524248 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\windows._lib_cacheinvalidation.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000011264 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32crypt.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000123392 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._wizard.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000077312 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._html2.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000027648 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_multiprocessing.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000020480 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\_yappi.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000035840 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32process.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000078848 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\wx._animate.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000024064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32pipe.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000010240 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\select.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000025600 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32pdh.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000017408 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32profile.pyd
2017-09-21 19:01 - 2017-09-21 19:01 - 000022528 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126282\win32ts.pyd
2016-10-24 20:51 - 2017-02-23 16:30 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-24 20:51 - 2017-02-23 16:30 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2014-04-29 16:23 - 2014-04-29 16:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242919\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244776\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242953\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244800\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B35FBDA9-C65B-47A7-89EA-57B01B60EA65}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [{099D13E3-C461-4BC6-8AA9-D8FE2A5A3C87}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [UDP Query User{F3A72D23-B603-4F7B-94FB-759242EC9FE3}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [TCP Query User{7E91D023-B68C-446F-A88D-AF8F190CA3CF}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [{68DECFC6-06EC-4A89-9460-8AD119AB25DE}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{4B97FF0B-B5CC-4D2C-91C8-54E7C412E087}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{054FFD83-2C35-425A-8D3D-4D2E82399EAA}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{FAB710FB-1EE2-43CA-BE36-54DC74DEB183}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{EAF85DE4-1BA5-4707-A2E7-D559A31DFBD1}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{3B78D03A-6E75-4D58-9501-21A2B6179C24}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{4D87E320-DF34-41A4-8F18-D8116E522B26}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8E11CAB3-6576-4470-A984-06E21B7CCD74}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8ADDDCD5-DD4B-4D61-812C-374174D98790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{4084F086-02AC-47E7-9C96-3B15B1247049}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A1C76DAE-E2B2-41EE-801B-3E9D69D8B13A}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{3031581B-B895-41FE-BE61-D71E733A7EB4}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C727FE97-2BFC-4CC6-9DE8-4017614559DA}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{109DC5D2-65DD-41CE-84AF-48D9AAB0B717}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{9A3EAE5E-89B1-4AD2-8DFD-CB336B818FDD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{F91E551C-A116-48CC-B153-40A168C2E616}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{88534B71-581A-4D5F-B59D-6B2AF72CD5B4}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{577290BA-FE8E-4C77-824B-6DEC20F4E200}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6085BDC2-49FA-49F2-B94C-349731FF7144}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{DC19986E-04F8-4976-A8C9-A877E30A65A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EB2C4A04-B263-4F53-8C48-25BD52BA1022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF91B00A-D570-4A7D-A43A-656A7DCCF011}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C452347E-DFEE-4634-9D0E-C1B309A53B9B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E54F1CF7-D890-4660-A8FF-3B33B3B48422}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{950EC891-E6F9-408D-9B5D-D7EC6AB72F0C}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1604F9C6-4398-4F60-88EC-A2176B902862}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C72357B3-559F-4A68-BBB2-3FBCBDBF7A1A}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{2BEAFD9D-1698-49B7-95F2-2A97A6FC0CFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7582F3C4-C10A-4E89-90AB-C81232CBBCF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F6420D1C-B234-4DA2-954A-726B72908CC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FB4EACAA-BF4A-49E8-A136-700565C97C0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{CEB9BBAB-08A5-4389-B817-020D69F17D79}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{3F6BDE10-997F-4291-A3B5-4F19C9293999}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7FBA1017-EA2A-4C53-B1AF-CAEE09FECB0F}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{AC1A3B22-C1AE-40E1-BA66-72DD31308CD7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{46862880-DA2A-4AA5-917B-832CD216B58B}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{81A9155B-97BA-42AA-84ED-DCDE97025F32}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5CCC69C3-4230-46E2-A782-737A0F54BC49}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{D2140964-DED8-4194-BAE6-3EA3D82B8B6F}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{EA757548-9659-449E-8199-E51C3F89E26D}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{00C2E2E4-3633-49B0-9970-4524C088C2B1}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{9E454426-9F44-4B08-A3DB-02FE95983C52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3A48BD7-716E-4B88-AC0F-2E68EECF9CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1CB37054-8DFE-45C6-B743-0569AAC3CF0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6515389-2662-43D2-8E06-F2C5290E9289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0D4F991-F4B8-4F57-8100-4E837C976F1F}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{1C40E035-51C4-4CB8-80AD-D93FF9F5B8E2}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{43EDC139-DF01-4D40-8CDE-95A7B93F3938}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{439074AF-839D-4F06-964E-941A5FBF869B}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{C0E4A294-6429-44E1-9433-E1B2B666707D}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{77DFD709-BD5A-4749-882E-F9486930E8A5}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{37EB6D7F-DFCE-4039-9F1B-1CE7CB28305F}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{7B6ABA40-F303-4C47-8B04-6E79AB68BF95}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{43D3BF8B-4235-48FA-A8D1-CCEAB3DE7B26}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{2723C32B-DE08-477A-BC47-B9AE48A6B32C}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{B5D2E769-682B-4CA6-830D-7B3D6993DA0D}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [{153174ED-074B-4C06-86DF-3FE701EAE4B2}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [UDP Query User{0B868E1C-C3B3-4D2B-9B32-17D522FCE3FE}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [TCP Query User{ED90E7CB-DBBA-4801-BA56-79C8372373AB}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [{47DB389D-A6C1-40A5-A325-E412016A8B43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8920E0-8239-4023-A97E-CE5267CCD157}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{7D3173BA-064A-461E-A0CE-85179956DEA0}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{C093C513-6B31-4E3F-B857-CA50004719AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AF4945FB-B71B-4916-885F-A60C3898874D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EEEDCE2-1BCB-459D-A368-30C5CC49F0C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B363055-D6FD-486B-B3D7-6EA6C33899E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FCADDE1-0029-47CB-998E-04C33F148A61}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{BB23A4F2-1441-462D-B0BB-FB7A03B332CA}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{D4C7EA1B-1517-4351-A08E-564C66FE839B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBFBEA75-7A73-4E80-BB55-87284A15977E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B801FC59-120D-49DA-9EAE-BD56C4A18D81}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{C441A6F7-E05E-4C85-ADB1-79104BFDB08E}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{1182DFCA-2A8B-47B3-A4A6-262E767AE0C9}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{7503F75F-238A-4A7C-899C-FB96C6019A07}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{EEEA93BE-EBEF-4499-806F-E2E33963FFF9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{52211986-6A85-43E4-BE5A-1FC707E379E0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD01900F-317E-494C-83BA-D57748671EBB}] => (Allow) C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{434A2C7B-F770-4086-9BD0-4CAECC9527DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{847190F2-960B-451F-8F4D-456C9A44530C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75F57C39-04D7-41C6-9643-BDC52266E5FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA513ED1-547C-4D5A-B36C-B7C94B26CCEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{50C2DA0F-76A2-4917-9335-0F6223DBD2E4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [UDP Query User{64C3315C-C436-4FFA-9E36-F7EC7CEBD1A4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [TCP Query User{845F1EDC-DFDD-4A88-8640-1665F249666D}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [UDP Query User{71508D2D-3E58-4453-BB15-72BA86B6FCC3}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{CF9B3EB5-9D48-45C7-8343-EC606051C258}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{124E2EF1-88B1-43C5-871D-1F55AF3E0B38}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{5C5C2DFC-FFF6-4416-9B39-87041120CF09}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{642977D6-B138-4E9F-B7DB-EAD38DCA1682}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7A70B9E9-6BD6-422E-93E1-CF728AF6DE15}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{9EDC662F-5646-461B-B397-FC57EE2E20BF}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{CE89E561-D33C-4E57-9A60-0B730AB2F192}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{B7D96811-0573-4899-98EC-A0893B9E88F7}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [TCP Query User{D9F4D7D1-32EB-40C0-8863-F86532D0D71F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{052CCC83-FB80-4C6F-B8DA-4E68E91C5CB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1E12540D-455F-483A-A2CC-F21FAF82B23B}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B0CAA0EC-C64E-4B2F-B4A6-53D829A11C1D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{52059795-9EF3-4B25-B320-F03FB1C1C544}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E34EFAEF-361F-4813-BD7C-E018EFD198F5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8766D8A0-9D2C-4170-A10D-F713DF360CF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3118D20C-60CA-402F-BA96-45E77CF8079C}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{E3907755-C264-403D-A56A-45AEAC3CB4F4}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{764473A7-036F-4825-BB17-CF7B4414023C}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A4D0C427-7344-4B19-9D6F-89526017F839}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FA28E123-C83B-438B-B91A-21B1ACB30F98}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D645DE72-22F3-4D3A-A75D-A1A1FDF2ED80}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{119EC3DC-E7AA-4141-BE01-CFB25FA7A03C}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEF82CAC-01D6-47C8-A17C-9AD1F9E4F4B6}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC1368CB-8DD5-4543-BEF2-315DCB2A08D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5B717D7D-AA42-4908-BBE6-3674B2966586}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{C56B60BB-8721-488E-A9F8-2F6B2763092C}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8555A0F3-A453-40A2-B000-1A1426E60F11}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{ACE19388-438D-4F8B-B62E-90CB7288CCD7}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6EC638C8-873B-45CE-8A5F-DD2AD5A1E094}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{575E17B4-0C7F-4B19-A507-C7D732978D9A}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/21/2017 07:03:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/21/2017 07:03:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/20/2017 06:48:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/20/2017 06:40:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 55.0.3.6445, Zeitstempel: 0x599ed78a
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x168
Startzeit der fehlerhaften Anwendung: 0x01d3317e3c197368
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: be20cbde-1b32-487f-9ab2-2f02e702ef22
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:35:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 55.0.3.6445, Zeitstempel: 0x599edbef
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x3944
Startzeit der fehlerhaften Anwendung: 0x01d3317e523afba7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: a815ae63-7104-4138-b0ab-fc219dde8d0b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:33:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:33:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/17/2017 12:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NVDisplay.Container.exe, Version: 1.2.0.0, Zeitstempel: 0x59079e96
Name des fehlerhaften Moduls: NvXDCore.dll_unloaded, Version: 8.17.13.8205, Zeitstempel: 0x59079dd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000c1951
ID des fehlerhaften Prozesses: 0x56c
Startzeit der fehlerhaften Anwendung: 0x01d32c8d2faed14d
Pfad der fehlerhaften Anwendung: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Pfad des fehlerhaften Moduls: NvXDCore.dll
Berichtskennung: 5dce9ebc-6bc4-455b-99c3-103d52523f16
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/17/2017 11:53:10 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (09/21/2017 07:00:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/21/2017 07:00:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit dem folgenden dienstspezifischen Fehler beendet: 
Die Klasse wurde so konfiguriert, dass sie unter einer anderen Sicherheitskennung als der Aufrufer ausgeführt werden kann.

Error: (09/21/2017 07:00:18 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147500053.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 06:58:55 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2017-08-23 16:10:28.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 8133.69 MB
Verfügbarer physikalischer RAM: 4323.06 MB
Summe virtueller Speicher: 18885.69 MB
Verfügbarer virtueller Speicher: 14660.84 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.8 GB) (Free:43.07 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:184.83 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 261C8E12)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C2F9017A)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 21.09.2017, 21:51   #11
M-K-D-B
/// TB-Ausbilder
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Servus,





Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
    Task: {1B85927A-612F-4181-85EE-63FE2ED0865B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
    Task: {1CC83974-E9D3-4810-BA4C-7220F4900776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
    Task: {2174755F-05CE-49D0-AE15-747D140A045B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
    Task: {23E845F4-7EBF-4E56-AC3B-366E26A110AC} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
    Task: {5616F5D0-8636-485C-B6CC-57BBDB454828} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
    Task: {57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
    Task: {6EFCD18D-6694-43F7-B182-2EE79B5F01BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
    Task: {7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
    Task: {75639B92-6F08-447D-9DB6-2C9EB681FEE9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
    Task: {7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
    Task: {90486FE1-A505-47DA-A1B3-4A19B2E5BE65} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
    Task: {B40A4036-DD57-47F9-858C-63F09F3AB501} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
    Task: {E3490B13-F99A-4811-B177-587C23626ADE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
    Task: {ED950690-48CA-447A-AB14-0DE3300969AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
    Task: {F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
    RemoveProxy:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *Offers*Olymp*
    
    :folderfind
    *Offers*Olymp*
    
    :regfind
    OffersOlymp
    Offers Olymp
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.







Schritt 3
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von SystemLook,
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 21.09.2017, 22:05   #12
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Christophh (21-09-2017 21:59:23) Run:1
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh &  (Verfügbare Profile: Christophh)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
BHO-x32: Kein Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> Keine Datei
Task: {1B85927A-612F-4181-85EE-63FE2ED0865B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {1CC83974-E9D3-4810-BA4C-7220F4900776} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {2174755F-05CE-49D0-AE15-747D140A045B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {23E845F4-7EBF-4E56-AC3B-366E26A110AC} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {5616F5D0-8636-485C-B6CC-57BBDB454828} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {6EFCD18D-6694-43F7-B182-2EE79B5F01BC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {75639B92-6F08-447D-9DB6-2C9EB681FEE9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {90486FE1-A505-47DA-A1B3-4A19B2E5BE65} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Keine Datei <==== ACHTUNG
Task: {B40A4036-DD57-47F9-858C-63F09F3AB501} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {E3490B13-F99A-4811-B177-587C23626ADE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {ED950690-48CA-447A-AB14-0DE3300969AA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{451C804F-C205-4F03-B48E-537EC94937BF} => Schlüssel erfolgreich entfernt
HKLM\Software\Wow6432Node\Classes\CLSID\{451C804F-C205-4F03-B48E-537EC94937BF} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B85927A-612F-4181-85EE-63FE2ED0865B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B85927A-612F-4181-85EE-63FE2ED0865B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CC83974-E9D3-4810-BA4C-7220F4900776} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC83974-E9D3-4810-BA4C-7220F4900776} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2174755F-05CE-49D0-AE15-747D140A045B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2174755F-05CE-49D0-AE15-747D140A045B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23E845F4-7EBF-4E56-AC3B-366E26A110AC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E845F4-7EBF-4E56-AC3B-366E26A110AC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5616F5D0-8636-485C-B6CC-57BBDB454828} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5616F5D0-8636-485C-B6CC-57BBDB454828} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57DAE5F8-1816-492B-8F12-A9E09F8E5CB8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EFCD18D-6694-43F7-B182-2EE79B5F01BC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EFCD18D-6694-43F7-B182-2EE79B5F01BC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7539DC7C-75F8-4E3C-AE08-CEE7DC8A8D19} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75639B92-6F08-447D-9DB6-2C9EB681FEE9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75639B92-6F08-447D-9DB6-2C9EB681FEE9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CEC7DAB-1DF8-4CAC-B1AD-1F7974C926EA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90486FE1-A505-47DA-A1B3-4A19B2E5BE65} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90486FE1-A505-47DA-A1B3-4A19B2E5BE65} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B40A4036-DD57-47F9-858C-63F09F3AB501} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B40A4036-DD57-47F9-858C-63F09F3AB501} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3490B13-F99A-4811-B177-587C23626ADE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3490B13-F99A-4811-B177-587C23626ADE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED950690-48CA-447A-AB14-0DE3300969AA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED950690-48CA-447A-AB14-0DE3300969AA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F939F199-A9C4-4E54-AA34-5B1E01F1C2B1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190242967\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09212017190244821\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36249788 B
Java, Flash, Steam htmlcache => 513656793 B
Windows/system/drivers => 2785767 B
Edge => 92 B
Chrome => 183296 B
Firefox => 416459022 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 14443 B
LocalService => 3266 B
NetworkService => 0 B
Christophh => 338004384 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:59:36 ====
         
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 22:02 on 21/09/2017 by Christophh
Administrator - Elevation successful

========== filefind ==========

Searching for "*Offers*Olymp*"
No files found.

========== folderfind ==========

Searching for "*Offers*Olymp*"
C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\browser-extension-data\@offersolymp	d------	[12:38 26/08/2017]

========== regfind ==========

Searching for "OffersOlymp"
No data found.

Searching for "Offers Olymp"
No data found.

-= EOF =-
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
durchgeführt von Christophh (Administrator) auf CHRISTOPH (21-09-2017 22:03:49)
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh (Verfügbare Profile: Christophh)
Platform: Windows 10 Pro N Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\System32\PnkBstrA.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Steam\Steam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(AVM Berlin) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\Christophh\Downloads\SystemLook_x64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25607952 2017-08-04] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-02-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ebeed22-0f5c-4834-a642-ac386011e952}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-10-28] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-28] (DVDVideoSoft Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF DefaultProfile: wnpf6fue.default
FF ProfilePath: C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default [2017-09-21]
FF NetworkProxy: Mozilla\Firefox\Profiles\wnpf6fue.default -> type", 0
FF Extension: (ProxTube) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\ich@maltegoetz.de.xpi [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Yahoo Partner) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-24] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-11-01] (AVM Berlin)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 22:02 - 2017-09-21 22:03 - 000001122 _____ C:\Users\Christophh\Downloads\SystemLook.txt
2017-09-21 22:01 - 2017-09-21 22:01 - 000165376 _____ C:\Users\Christophh\Downloads\SystemLook_x64.exe
2017-09-21 21:59 - 2017-09-21 21:59 - 000012407 _____ C:\Users\Christophh\Downloads\Fixlog.txt
2017-09-21 19:05 - 2017-09-21 19:05 - 000006157 _____ C:\Users\Christophh\Desktop\mbam.txt
2017-09-21 19:02 - 2017-09-21 22:00 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 19:02 - 2017-09-21 22:00 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-21 19:02 - 2017-09-21 22:00 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 19:02 - 2017-09-21 22:00 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-21 19:01 - 2017-09-21 19:01 - 068408664 _____ (Malwarebytes ) C:\Users\Christophh\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-21 19:01 - 2017-09-21 19:01 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-21 19:01 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-21 18:56 - 2017-09-21 18:56 - 008182736 _____ (Malwarebytes) C:\Users\Christophh\Downloads\adwcleaner_7.0.2.1.exe
2017-09-20 21:40 - 2017-09-20 21:41 - 000088370 _____ C:\TDSSKiller.3.1.0.15_20.09.2017_21.40.12_log.txt
2017-09-20 21:40 - 2017-09-20 21:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Christophh\Downloads\tdsskiller.exe
2017-09-20 21:38 - 2017-09-20 21:38 - 000000000 ____D C:\Users\Christophh\Downloads\FRST-OlderVersion
2017-09-20 21:35 - 2017-09-20 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-20 18:39 - 2017-09-20 18:39 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-09-20 18:39 - 2017-09-20 18:39 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-20 18:39 - 2017-09-20 18:39 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-19 22:12 - 2017-09-21 19:06 - 000064776 _____ C:\Users\Christophh\Downloads\Addition.txt
2017-09-19 22:11 - 2017-09-21 22:04 - 000024521 _____ C:\Users\Christophh\Downloads\FRST.txt
2017-09-19 22:11 - 2017-09-21 22:03 - 000000000 ____D C:\FRST
2017-09-19 22:10 - 2017-09-20 21:38 - 002399744 _____ (Farbar) C:\Users\Christophh\Downloads\FRST64.exe
2017-09-12 23:00 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 23:00 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 23:00 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 23:00 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 23:00 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 23:00 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 23:00 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 23:00 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 23:00 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 22:59 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 22:59 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 22:59 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 22:59 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 22:59 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 22:59 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 22:59 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 22:59 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 22:59 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 22:59 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 22:59 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 22:59 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 22:59 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 22:59 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 22:59 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 22:59 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 22:59 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 22:59 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 22:59 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 22:59 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 22:59 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 22:59 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 22:59 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 22:59 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 22:59 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 22:59 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 22:59 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 22:59 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 22:59 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 22:59 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 22:59 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 22:59 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 22:59 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-06 23:49 - 2017-09-06 23:49 - 000000041 _____ C:\Users\Christophh\Desktop\sky.txt
2017-09-05 00:11 - 2017-09-05 00:11 - 005004137 _____ C:\Users\Christophh\Desktop\867c5e9ab0891a8d.mp4
2017-08-27 19:38 - 2017-08-27 19:38 - 000461541 _____ C:\Users\Christophh\Downloads\8CTVBK
2017-08-27 19:36 - 2017-08-27 19:36 - 000188608 _____ C:\Users\Christophh\Downloads\Documents(1).zip
2017-08-27 19:36 - 2017-06-07 11:04 - 000037225 ____N C:\Users\Christophh\Desktop\Tutorium06-SS17.pdf
2017-08-27 19:36 - 2017-05-29 11:33 - 000037344 ____N C:\Users\Christophh\Desktop\Tutorium05-SS17.pdf
2017-08-27 19:36 - 2017-05-24 15:05 - 000037470 ____N C:\Users\Christophh\Desktop\Tutorium04-SS17.pdf
2017-08-27 19:36 - 2017-05-17 11:57 - 000037932 ____N C:\Users\Christophh\Desktop\Tutorium03-SS17.pdf
2017-08-27 19:36 - 2017-05-15 08:43 - 000032988 ____N C:\Users\Christophh\Desktop\Tutorium02-SS17.pdf
2017-08-27 19:36 - 2017-05-04 09:54 - 000048413 ____N C:\Users\Christophh\Desktop\Tutorium01-SS17.pdf
2017-08-27 19:35 - 2017-08-27 19:35 - 015613585 _____ C:\Users\Christophh\Downloads\Documents.zip
2017-08-26 21:39 - 2017-08-26 21:39 - 020317282 _____ C:\Users\Christophh\Downloads\Gmail.zip
2017-08-23 19:05 - 2017-08-23 19:05 - 000000000 ____D C:\Steamspiele
2017-08-23 16:11 - 2017-09-21 22:00 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Spotify
2017-08-23 16:11 - 2017-09-21 22:00 - 000000000 ____D C:\Users\Christophh\AppData\Local\Spotify
2017-08-23 16:11 - 2017-08-23 16:11 - 000001914 _____ C:\Users\Christophh\Desktop\Spotify.lnk
2017-08-23 16:11 - 2017-08-23 16:11 - 000001900 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-23 16:10 - 2017-08-23 16:10 - 058203272 _____ (Spotify Ltd) C:\Users\Christophh\Downloads\SpotifyFullSetup.exe
2017-08-23 16:10 - 2017-08-23 16:10 - 000000247 _____ C:\SILENT

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 22:02 - 2017-06-27 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-21 22:02 - 2015-11-08 15:35 - 000000000 ____D C:\Users\Christophh\AppData\Local\LogMeIn Hamachi
2017-09-21 22:01 - 2015-12-18 22:56 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Skype
2017-09-21 22:00 - 2017-06-27 13:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-21 22:00 - 2016-11-20 12:30 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Mozilla
2017-09-21 22:00 - 2015-10-16 15:20 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\TS3Client
2017-09-21 22:00 - 2015-10-16 15:11 - 000000000 ____D C:\ProgramData\Origin
2017-09-21 21:59 - 2017-06-27 13:16 - 000000000 ____D C:\Users\Christophh
2017-09-21 21:59 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-21 21:59 - 2017-03-14 13:06 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Temp
2017-09-21 21:51 - 2017-06-27 13:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16B4380E-769C-4734-94C3-69A9011C9AF2}
2017-09-21 19:06 - 2017-06-27 13:25 - 002577712 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-21 19:06 - 2017-03-20 06:40 - 001192102 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-21 19:06 - 2017-03-20 06:40 - 000274720 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-21 19:06 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-21 19:06 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-21 19:04 - 2017-07-27 14:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647985832-747989680-4269839675-1001
2017-09-21 19:04 - 2016-07-29 20:50 - 000002437 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 19:04 - 2015-10-28 19:14 - 000000000 ___RD C:\Users\Christophh\OneDrive
2017-09-21 18:58 - 2017-08-01 19:46 - 000000000 ____D C:\Users\Christophh\AppData\Local\Downloaded Installations
2017-09-21 18:58 - 2017-06-02 21:38 - 000000000 ____D C:\AdwCleaner
2017-09-20 22:30 - 2017-06-27 13:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 18:55 - 2015-10-28 19:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-20 18:38 - 2015-10-16 13:14 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-09-19 22:10 - 2017-06-30 17:03 - 000000000 ____D C:\Users\Christophh\AppData\Local\Deployment
2017-09-19 21:36 - 2017-03-18 23:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-19 21:36 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 14:14 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-13 18:48 - 2015-10-16 13:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-09-13 14:38 - 2017-06-27 13:15 - 000381288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 14:38 - 2016-04-27 07:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 00:07 - 2017-03-20 06:39 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 23:02 - 2015-10-16 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 23:01 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 23:01 - 2015-10-16 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-02 19:30 - 2015-10-16 15:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 17:57 - 2016-01-24 17:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-27 19:58 - 2016-11-19 13:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 19:58 - 2015-10-16 14:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:44 - 2017-07-27 22:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-25 15:40 - 2016-01-15 21:16 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-08-25 15:40 - 2016-01-15 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-24 21:30 - 2016-08-12 16:59 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-24 21:30 - 2016-08-12 16:59 - 000000000 ____D C:\Users\Christophh\AppData\Local\UnrealEngine
2017-08-23 14:38 - 2015-10-28 19:16 - 000000000 ____D C:\Users\Christophh\AppData\Local\MSfree Inc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-31 20:07 - 2017-01-27 18:49 - 000007591 _____ () C:\Users\Christophh\AppData\Local\Resmon.ResmonCfg
2015-10-29 20:55 - 2015-10-29 20:55 - 000000003 _____ () C:\Users\Christophh\AppData\Local\updater.log
2015-10-29 20:55 - 2017-05-06 11:08 - 000000425 _____ () C:\Users\Christophh\AppData\Local\UserProducts.xml
2016-09-25 17:14 - 2016-09-25 17:14 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-20 18:48

==================== Ende von FRST.txt ============================
         

Alt 21.09.2017, 22:06   #13
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Christophh (21-09-2017 22:04:13)
Gestartet von C:\Users\Christophh\Downloads
Windows 10 Pro N Version 1703 (X64) (2017-06-27 11:22:59)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2647985832-747989680-4269839675-500 - Administrator - Disabled)
Christophh (S-1-5-21-2647985832-747989680-4269839675-1001 - Administrator - Enabled) => C:\Users\Christophh
DefaultAccount (S-1-5-21-2647985832-747989680-4269839675-503 - Limited - Disabled)
Gast (S-1-5-21-2647985832-747989680-4269839675-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.66 - NVIDIA Corporation) Hidden
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{7c01a3b4-3454-446e-8473-8a245f962c28}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.31.27 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.49.52296 - Electronic Arts)
Battlefield™ 1 CTE (HKLM-x32\...\{E970EAB6-8F6F-4E72-AB13-F6648397322C}) (Version: 1.0.49.53737 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
Fallout 4 Update 7 MULTi2 1.3.47 (HKLM-x32\...\Fallout 4 Update 7 MULTi2 1.3.47) (Version:  - )
Far Cry 4 Final DLC Edition (HKLM-x32\...\Far Cry 4 Final DLC Edition) (Version: 1.01 - Ubisoft)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\2db37667170956ee) (Version: 2.3.3.2 - AVM Berlin)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.163.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Drive (HKLM-x32\...\{A90339B3-2C3F-492E-B3A7-0BDFC691E526}) (Version: 2.34.6425.2548 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.9.6 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IBM SPSS Statistics Subscription (HKLM\...\{02D81DCC-13D1-465C-9292-E46956489CA1}) (Version: 1.0.0.642 - IBM Corp)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8326.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY 2 Demo (HKLM\...\Steam App 251040) (Version:  - OVERKILL - a Starbreeze Studio.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server) (HKLM\...\Steam App 622590) (Version:  - )
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.0 - Rockstar Games)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
SteelSeries Engine 3.6.5.1 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.5.1 - SteelSeries ApS)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-04] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-20] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {079C14B1-CB36-4B02-B028-CE0CEDA98B4A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {12499066-3D4B-4DED-83CB-F1FFC715E2D6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {145BC74F-115A-4698-B56C-BFC772C08436} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {4251EA1E-A6D3-45D4-AFC1-95DE3060F863} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {49B78674-9BE2-4E99-8E88-AC2E440BC2B0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {4E86110C-D824-4944-9638-7481FB7299E1} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe
Task: {555A41E3-676C-4710-B88E-201FC8C82C05} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {5DB0FBE3-2D87-4192-AA89-2F4CF88D24F7} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {63A3C67B-2DA1-4C68-8C6A-B4C1EFF5C3CA} - System32\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {6575BDDC-DB1C-46B8-B459-A0EF649F9694} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {67A30A74-9E49-4542-BF72-B99B5AC568F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {7CC31553-2D5E-438B-A5DA-27AF6A753689} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {8690B4D6-D373-4296-AD8C-77CCA8827DF9} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {8787C227-430F-4D02-A178-C9E614996DFE} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2017-09-20] (Avira Operations GmbH & Co. KG)
Task: {93ECD6F2-41F2-473D-8DBE-3930D5A6083C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {96F6BD3B-3A9D-4A82-B65F-BCEBF51B29BC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {98895E9E-010F-44A4-9E71-8EA31ABF20E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-09-19] (Microsoft Corporation)
Task: {A69FDB4A-CE01-4556-9505-DB1511ECBE78} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {B6B33C06-EB44-4CFA-84ED-342E4C5E7039} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {BBC48FF0-B417-4CFE-9DB7-E25CCB958C99} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-20] ()
Task: {F0FAB5DD-8534-4FD2-84F4-9F6707BF3BA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-07] (Google Inc.)
Task: {F4319554-C5A5-4435-80A5-0A304DCF0B9A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation)
Task: {F4D99559-374E-46D7-BF35-2CFC0C780B4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\update-S-1-5-21-2647985832-747989680-4269839675-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-06-27 13:16 - 2013-07-04 03:32 - 000936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-10-24 20:51 - 2017-02-23 20:34 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-10-29 21:11 - 2015-11-10 18:38 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-09-21 19:01 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:56 - 2017-03-18 22:56 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:58 - 2017-03-20 06:41 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-11 19:12 - 2017-08-23 17:49 - 000021856 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2015-10-10 19:14 - 2017-03-29 19:00 - 000174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2015-10-10 19:13 - 2017-03-29 19:00 - 000103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2015-10-10 19:13 - 2017-03-29 19:00 - 000107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2015-10-10 19:14 - 2017-03-29 19:00 - 000312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2015-10-10 19:14 - 2017-03-29 19:00 - 000485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2017-09-21 22:01 - 2017-09-21 22:01 - 000165376 _____ () C:\Users\Christophh\Downloads\SystemLook_x64.exe
2017-06-27 13:16 - 2017-09-21 22:00 - 000038544 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2017-06-27 13:16 - 2013-07-04 03:32 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-10-29 18:47 - 2017-05-23 13:57 - 000048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-10-24 20:51 - 2017-02-23 20:33 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-24 20:51 - 2017-02-23 20:34 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-09-02 17:53 - 2017-08-04 23:19 - 000678176 _____ () D:\Steam\SDL2.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 002505504 _____ () D:\Steam\video.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 004969248 _____ () D:\Steam\v8.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000332800 _____ () D:\Steam\libavresample-2.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 002549760 _____ () D:\Steam\libavcodec-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000442880 _____ () D:\Steam\libavutil-54.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000491008 _____ () D:\Steam\libavformat-56.dll
2016-10-14 21:39 - 2016-01-27 09:49 - 000485888 _____ () D:\Steam\libswscale-3.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001563936 _____ () D:\Steam\icui18n.dll
2016-10-14 21:39 - 2016-09-01 03:02 - 001195296 _____ () D:\Steam\icuuc.dll
2017-09-08 10:00 - 2017-09-07 06:51 - 000885024 _____ () D:\Steam\bin\chromehtml.DLL
2016-10-14 21:39 - 2016-07-05 00:17 - 000266560 _____ () D:\Steam\openvr_api.dll
2017-09-02 17:53 - 2017-07-18 00:50 - 073115424 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 09:16 - 2017-05-17 03:54 - 000678176 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll
2016-10-14 21:39 - 2015-09-25 01:52 - 000119208 _____ () D:\Steam\winh264.dll
2016-10-20 15:48 - 2017-08-23 17:48 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2016-10-20 15:48 - 2017-08-23 17:48 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-10-16 15:20 - 2016-07-03 11:42 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-09-21 22:00 - 2017-09-21 22:00 - 000098816 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32api.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000110080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\pywintypes27.dll
2017-09-21 22:00 - 2017-09-21 22:00 - 000364544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\pythoncom27.dll
2017-09-21 22:00 - 2017-09-21 22:00 - 000320512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32com.shell.shell.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000914432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_hashlib.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 001176576 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._core_.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000806400 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._gdi_.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000816128 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._windows_.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 001067008 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._controls_.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000733184 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._misc_.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000682496 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\pysqlite2._sqlite.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_ctypes.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000686080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\unicodedata.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000119808 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32file.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000108544 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32security.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000007168 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\hashobjs_ext.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000017920 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\thumbnails_ext.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000088064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\usb_ext.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000012800 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\common.time34.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000018432 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32event.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000167936 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32gui.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000046080 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_socket.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 001303552 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_ssl.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000128512 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_elementtree.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000127488 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\pyexpat.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000038912 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32inet.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000036864 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_psutil_windows.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000524248 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\windows._lib_cacheinvalidation.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000011264 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32crypt.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000123392 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._wizard.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000077312 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._html2.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000027648 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_multiprocessing.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000020480 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\_yappi.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000035840 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32process.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000078848 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\wx._animate.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000024064 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32pipe.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000010240 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\select.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000025600 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32pdh.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000017408 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32profile.pyd
2017-09-21 22:00 - 2017-09-21 22:00 - 000022528 ____R () C:\Users\Christophh\AppData\Local\Temp\_MEI126322\win32ts.pyd
2016-10-24 20:51 - 2017-02-23 16:30 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-24 20:51 - 2017-02-23 16:30 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-24 20:51 - 2017-02-23 16:30 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2014-04-29 16:23 - 2014-04-29 16:23 - 001241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{B35FBDA9-C65B-47A7-89EA-57B01B60EA65}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [{099D13E3-C461-4BC6-8AA9-D8FE2A5A3C87}] => (Block) D:\programme\spss\stats.exe
FirewallRules: [UDP Query User{F3A72D23-B603-4F7B-94FB-759242EC9FE3}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [TCP Query User{7E91D023-B68C-446F-A88D-AF8F190CA3CF}D:\programme\spss\stats.exe] => (Allow) D:\programme\spss\stats.exe
FirewallRules: [{68DECFC6-06EC-4A89-9460-8AD119AB25DE}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{4B97FF0B-B5CC-4D2C-91C8-54E7C412E087}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1.exe
FirewallRules: [{054FFD83-2C35-425A-8D3D-4D2E82399EAA}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{FAB710FB-1EE2-43CA-BE36-54DC74DEB183}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1\bf1Trial.exe
FirewallRules: [{EAF85DE4-1BA5-4707-A2E7-D559A31DFBD1}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{3B78D03A-6E75-4D58-9501-21A2B6179C24}] => (Allow) D:\Spiele\Battlefield 1 CTE\Battlefield 1 CTE\bf1_cte.exe
FirewallRules: [{4D87E320-DF34-41A4-8F18-D8116E522B26}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8E11CAB3-6576-4470-A984-06E21B7CCD74}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{8ADDDCD5-DD4B-4D61-812C-374174D98790}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{4084F086-02AC-47E7-9C96-3B15B1247049}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{A1C76DAE-E2B2-41EE-801B-3E9D69D8B13A}D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [{3031581B-B895-41FE-BE61-D71E733A7EB4}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{C727FE97-2BFC-4CC6-9DE8-4017614559DA}] => (Allow) D:\Steam\steamapps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{109DC5D2-65DD-41CE-84AF-48D9AAB0B717}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{9A3EAE5E-89B1-4AD2-8DFD-CB336B818FDD}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\DirtyBombLauncher.exe
FirewallRules: [{F91E551C-A116-48CC-B153-40A168C2E616}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{88534B71-581A-4D5F-B59D-6B2AF72CD5B4}] => (Allow) D:\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{577290BA-FE8E-4C77-824B-6DEC20F4E200}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{6085BDC2-49FA-49F2-B94C-349731FF7144}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{DC19986E-04F8-4976-A8C9-A877E30A65A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EB2C4A04-B263-4F53-8C48-25BD52BA1022}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{BF91B00A-D570-4A7D-A43A-656A7DCCF011}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C452347E-DFEE-4634-9D0E-C1B309A53B9B}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E54F1CF7-D890-4660-A8FF-3B33B3B48422}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{950EC891-E6F9-408D-9B5D-D7EC6AB72F0C}] => (Block) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1604F9C6-4398-4F60-88EC-A2176B902862}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C72357B3-559F-4A68-BBB2-3FBCBDBF7A1A}D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe] => (Allow) D:\spiele\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe
FirewallRules: [{2BEAFD9D-1698-49B7-95F2-2A97A6FC0CFC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7582F3C4-C10A-4E89-90AB-C81232CBBCF3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F6420D1C-B234-4DA2-954A-726B72908CC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FB4EACAA-BF4A-49E8-A136-700565C97C0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [UDP Query User{CEB9BBAB-08A5-4389-B817-020D69F17D79}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [TCP Query User{3F6BDE10-997F-4291-A3B5-4F19C9293999}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{7FBA1017-EA2A-4C53-B1AF-CAEE09FECB0F}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{AC1A3B22-C1AE-40E1-BA66-72DD31308CD7}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [UDP Query User{46862880-DA2A-4AA5-917B-832CD216B58B}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{81A9155B-97BA-42AA-84ED-DCDE97025F32}D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) D:\sicherung\.minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{5CCC69C3-4230-46E2-A782-737A0F54BC49}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{D2140964-DED8-4194-BAE6-3EA3D82B8B6F}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{EA757548-9659-449E-8199-E51C3F89E26D}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{00C2E2E4-3633-49B0-9970-4524C088C2B1}] => (Allow) D:\Steam\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{9E454426-9F44-4B08-A3DB-02FE95983C52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3A48BD7-716E-4B88-AC0F-2E68EECF9CED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1CB37054-8DFE-45C6-B743-0569AAC3CF0D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B6515389-2662-43D2-8E06-F2C5290E9289}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B0D4F991-F4B8-4F57-8100-4E837C976F1F}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{1C40E035-51C4-4CB8-80AD-D93FF9F5B8E2}] => (Block) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{43EDC139-DF01-4D40-8CDE-95A7B93F3938}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{439074AF-839D-4F06-964E-941A5FBF869B}D:\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [{C0E4A294-6429-44E1-9433-E1B2B666707D}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{77DFD709-BD5A-4749-882E-F9486930E8A5}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{37EB6D7F-DFCE-4039-9F1B-1CE7CB28305F}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{7B6ABA40-F303-4C47-8B04-6E79AB68BF95}] => (Block) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{43D3BF8B-4235-48FA-A8D1-CCEAB3DE7B26}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [TCP Query User{2723C32B-DE08-477A-BC47-B9AE48A6B32C}D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) D:\spiele\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{B5D2E769-682B-4CA6-830D-7B3D6993DA0D}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [{153174ED-074B-4C06-86DF-3FE701EAE4B2}] => (Block) D:\spiele\gtav\gta5.exe
FirewallRules: [UDP Query User{0B868E1C-C3B3-4D2B-9B32-17D522FCE3FE}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [TCP Query User{ED90E7CB-DBBA-4801-BA56-79C8372373AB}D:\spiele\gtav\gta5.exe] => (Allow) D:\spiele\gtav\gta5.exe
FirewallRules: [{47DB389D-A6C1-40A5-A325-E412016A8B43}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4D8920E0-8239-4023-A97E-CE5267CCD157}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{7D3173BA-064A-461E-A0CE-85179956DEA0}] => (Allow) D:\Steam\steamapps\common\Stranded Deep\Stranded_Deep_x64.exe
FirewallRules: [{C093C513-6B31-4E3F-B857-CA50004719AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AF4945FB-B71B-4916-885F-A60C3898874D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{1EEEDCE2-1BCB-459D-A368-30C5CC49F0C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5B363055-D6FD-486B-B3D7-6EA6C33899E8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0FCADDE1-0029-47CB-998E-04C33F148A61}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{BB23A4F2-1441-462D-B0BB-FB7A03B332CA}] => (Allow) D:\Steam\steamapps\common\The Guild 2 Renaissance\GuildII.exe
FirewallRules: [{D4C7EA1B-1517-4351-A08E-564C66FE839B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBFBEA75-7A73-4E80-BB55-87284A15977E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B801FC59-120D-49DA-9EAE-BD56C4A18D81}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [{C441A6F7-E05E-4C85-ADB1-79104BFDB08E}] => (Allow) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
FirewallRules: [UDP Query User{1182DFCA-2A8B-47B3-A4A6-262E767AE0C9}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{7503F75F-238A-4A7C-899C-FB96C6019A07}D:\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{EEEA93BE-EBEF-4499-806F-E2E33963FFF9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{52211986-6A85-43E4-BE5A-1FC707E379E0}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FD01900F-317E-494C-83BA-D57748671EBB}] => (Allow) C:\Users\Christophh\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{434A2C7B-F770-4086-9BD0-4CAECC9527DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{847190F2-960B-451F-8F4D-456C9A44530C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75F57C39-04D7-41C6-9643-BDC52266E5FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA513ED1-547C-4D5A-B36C-B7C94B26CCEA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{50C2DA0F-76A2-4917-9335-0F6223DBD2E4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [UDP Query User{64C3315C-C436-4FFA-9E36-F7EC7CEBD1A4}D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe] => (Allow) D:\spiele\far cry 4 final dlc edition\bin\farcry4.exe
FirewallRules: [TCP Query User{845F1EDC-DFDD-4A88-8640-1665F249666D}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [UDP Query User{71508D2D-3E58-4453-BB15-72BA86B6FCC3}D:\spiele\simcity\simcity\simcity.exe] => (Allow) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{CF9B3EB5-9D48-45C7-8343-EC606051C258}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{124E2EF1-88B1-43C5-871D-1F55AF3E0B38}] => (Block) D:\spiele\simcity\simcity\simcity.exe
FirewallRules: [{5C5C2DFC-FFF6-4416-9B39-87041120CF09}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{642977D6-B138-4E9F-B7DB-EAD38DCA1682}] => (Allow) D:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{7A70B9E9-6BD6-422E-93E1-CF728AF6DE15}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{9EDC662F-5646-461B-B397-FC57EE2E20BF}D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => (Allow) D:\steam\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{CE89E561-D33C-4E57-9A60-0B730AB2F192}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [{B7D96811-0573-4899-98EC-A0893B9E88F7}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2 Demo\payday2_win32_release.exe
FirewallRules: [TCP Query User{D9F4D7D1-32EB-40C0-8863-F86532D0D71F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{052CCC83-FB80-4C6F-B8DA-4E68E91C5CB4}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{1E12540D-455F-483A-A2CC-F21FAF82B23B}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B0CAA0EC-C64E-4B2F-B4A6-53D829A11C1D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{52059795-9EF3-4B25-B320-F03FB1C1C544}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E34EFAEF-361F-4813-BD7C-E018EFD198F5}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8766D8A0-9D2C-4170-A10D-F713DF360CF9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{3118D20C-60CA-402F-BA96-45E77CF8079C}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{E3907755-C264-403D-A56A-45AEAC3CB4F4}C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{764473A7-036F-4825-BB17-CF7B4414023C}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{A4D0C427-7344-4B19-9D6F-89526017F839}] => (Block) C:\steamspiele\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [TCP Query User{FA28E123-C83B-438B-B91A-21B1ACB30F98}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D645DE72-22F3-4D3A-A75D-A1A1FDF2ED80}C:\users\christophh\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{119EC3DC-E7AA-4141-BE01-CFB25FA7A03C}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FEF82CAC-01D6-47C8-A17C-9AD1F9E4F4B6}] => (Block) C:\users\christophh\appdata\roaming\spotify\spotify.exe
FirewallRules: [{FC1368CB-8DD5-4543-BEF2-315DCB2A08D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5B717D7D-AA42-4908-BBE6-3674B2966586}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{C56B60BB-8721-488E-A9F8-2F6B2763092C}D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{8555A0F3-A453-40A2-B000-1A1426E60F11}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{ACE19388-438D-4F8B-B62E-90CB7288CCD7}] => (Block) D:\steam\steamapps\common\pubg_test\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6EC638C8-873B-45CE-8A5F-DD2AD5A1E094}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{575E17B4-0C7F-4B19-A507-C7D732978D9A}] => (Allow) C:\Steamspiele\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/21/2017 10:00:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/21/2017 09:59:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Christoph)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/21/2017 07:10:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/21/2017 07:03:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/21/2017 07:03:33 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/20/2017 06:48:23 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/20/2017 06:40:46 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (09/19/2017 09:35:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 55.0.3.6445, Zeitstempel: 0x599ed78a
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x168
Startzeit der fehlerhaften Anwendung: 0x01d3317e3c197368
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: be20cbde-1b32-487f-9ab2-2f02e702ef22
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:35:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 55.0.3.6445, Zeitstempel: 0x599edbef
Name des fehlerhaften Moduls: xul.dll, Version: 55.0.3.6445, Zeitstempel: 0x599edbdd
Ausnahmecode: 0x80000003
Fehleroffset: 0x0076a5cf
ID des fehlerhaften Prozesses: 0x3944
Startzeit der fehlerhaften Anwendung: 0x01d3317e523afba7
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Berichtskennung: a815ae63-7104-4138-b0ab-fc219dde8d0b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/19/2017 09:33:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (09/21/2017 10:00:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/21/2017 09:59:45 PM) (Source: DCOM) (EventID: 10010) (User: Christoph)
Description: Der Server "Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX360dyffbd5crx5cph6sy881bkkccrbr0.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Telemetry Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/21/2017 09:59:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 11" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2017-08-23 16:10:28.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 8133.69 MB
Verfügbarer physikalischer RAM: 3468.93 MB
Summe virtueller Speicher: 18885.69 MB
Verfügbarer virtueller Speicher: 14390.69 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:110.8 GB) (Free:44.37 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:166.48 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 261C8E12)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: C2F9017A)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 21.09.2017, 22:12   #14
M-K-D-B
/// TB-Ausbilder
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Servus,



wir entfernen noch ein bisschen was und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.





Schritt 1
  • Kopiere den Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\browser-extension-data\@offersolymp
    CMD: dir "%ProgramFiles%"
    CMD: dir "%ProgramFiles(x86)%"
    CMD: dir "%ProgramData%"
    CMD: dir "%Appdata%"
    CMD: dir "%LocalAppdata%"
    CMD: dir "%CommonProgramFiles(x86)%"
    CMD: dir "%CommonProgramW6432%"
    CMD: dir "%UserProfile%"
    CMD: dir "C:\"
    ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
    RemoveProxy:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke den Entfernen Button.
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
  • Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 3
Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
  • Starte die Installationsdatei.
  • Akzeptiere die Nutzungsbedingungen.
  • Wähle Erkennung evtl. unerwünschter Anwendungen aktivieren aus und klicke auf Scannen.
  • Zuerst werden die notwendigen Signaturen heruntergeladen, anschließend startet ESET automatisch den Suchlauf.
  • Am Ende des Suchlaufs werden gegebenenfalls die gefundenen Elemente aufgelistet.
  • Wähle In Textdatei speichern... aus und speichere die Datei als eset.txt auf deinem Desktop ab.
  • Füge den Inhalt der eset.txt mit deiner nächsten Antwort hinzu.
  • Sollte ESET nichts finden, so kann auch keine Logdatei erstellt werden. Teile uns das dann unbedingt mit.
  • Schließe den ESET Online Scanner rechts oben [ X ] und klicke anschließend auf Schließen.





Schritt 4
  • Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.







Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von HitmanPro,
  • die Logdatei von ESET,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 22.09.2017, 17:15   #15
banshing
 
Microsoft-Ansage "Pc deaktivieren" Virus - Standard

Microsoft-Ansage "Pc deaktivieren" Virus



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Christophh (21-09-2017 23:02:29) Run:3
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh (Verfügbare Profile: Christophh)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************

CloseProcesses:
C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\browser-extension-data\@offersolymp
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
"C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\browser-extension-data\@offersolymp" => nicht gefunden.

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Program Files

21.09.2017  19:01    <DIR>          .
21.09.2017  19:01    <DIR>          ..
27.06.2017  13:16    <DIR>          ASUS
14.04.2017  17:12    <DIR>          AutoHotkey
14.03.2017  19:21    <DIR>          CCleaner
18.12.2015  19:46    <DIR>          CEWE
27.06.2017  13:17    <DIR>          Common Files
01.08.2017  19:46    <DIR>          CPUID
20.09.2016  19:54    <DIR>          EslWire
15.08.2016  21:27    <DIR>          Futuremark
27.06.2017  13:17    <DIR>          Intel
13.09.2017  00:07    <DIR>          Internet Explorer
21.09.2017  19:01    <DIR>          Malwarebytes
28.10.2015  19:11    <DIR>          Microsoft Office 15
28.06.2017  20:04    <DIR>          Microsoft Silverlight
27.06.2017  14:10    <DIR>          MSBuild
27.06.2017  13:17    <DIR>          NVIDIA Corporation
06.12.2016  21:15    <DIR>          OnlineFotoservice
27.06.2017  14:10    <DIR>          Reference Assemblies
27.12.2016  23:35    <DIR>          Rockstar Games
28.10.2015  19:26    <DIR>          Sony
03.02.2016  21:25    <DIR>          SteelSeries
23.02.2016  21:42    <DIR>          TAP-Windows
29.03.2017  19:00    <DIR>          TeamSpeak 3 Client
28.10.2015  19:16    <DIR>          UNi Xonar Audio
13.04.2017  11:32    <DIR>          UNP
28.10.2015  19:39    <DIR>          VideoLAN
11.07.2017  22:04    <DIR>          Windows Defender
20.03.2017  06:41    <DIR>          Windows Defender Advanced Threat Protection
13.09.2017  00:07    <DIR>          Windows Mail
27.06.2017  14:08    <DIR>          Windows Media Player
27.06.2017  14:08    <DIR>          Windows Multimedia Platform
27.06.2017  13:22    <DIR>          Windows NT
13.09.2017  00:07    <DIR>          Windows Photo Viewer
27.06.2017  14:08    <DIR>          Windows Portable Devices
18.03.2017  23:02    <DIR>          Windows Security
18.03.2017  23:02    <DIR>          WindowsPowerShell
28.10.2015  19:40    <DIR>          WinRAR
               0 Datei(en),              0 Bytes
              38 Verzeichnis(se), 47.759.687.680 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Program Files (x86)

21.09.2017  18:58    <DIR>          .
21.09.2017  18:58    <DIR>          ..
24.01.2016  17:57    <DIR>          Adobe
27.06.2017  13:16    <DIR>          ASUS
16.10.2015  13:14    <DIR>          Avira
11.11.2015  20:03    <DIR>          Battlelog Web Plugins
19.09.2017  21:36    <DIR>          Common Files
02.06.2017  18:30    <DIR>          DVDVideoSoft
02.01.2016  00:55    <DIR>          FinalWire
29.10.2015  18:47    <DIR>          FreeCodecPack
31.10.2015  13:23    <DIR>          GeoGebra 5.0
15.01.2016  21:16    <DIR>          Google
01.08.2017  19:47    <DIR>          GPU-Z
16.10.2015  13:05    <DIR>          Intel
13.09.2017  00:07    <DIR>          Internet Explorer
13.04.2017  13:42    <DIR>          Java
12.07.2017  15:02    <DIR>          LogMeIn Hamachi
30.10.2015  20:30    <DIR>          Microsoft ASP.NET
20.09.2017  18:55    <DIR>          Microsoft Office
28.06.2017  20:04    <DIR>          Microsoft Silverlight
08.01.2017  13:56    <DIR>          Microsoft XNA
27.06.2017  13:17    <DIR>          Microsoft.NET
14.07.2017  18:02    <DIR>          Minecraft
27.08.2017  19:58    <DIR>          Mozilla Firefox
27.08.2017  19:58    <DIR>          Mozilla Maintenance Service
27.06.2017  14:10    <DIR>          MSBuild
27.06.2017  13:17    <DIR>          NVIDIA Corporation
28.10.2015  19:16    <DIR>          OpenAL
02.09.2017  19:30    <DIR>          Origin
14.04.2017  20:41    <DIR>          Origin Games
13.04.2017  11:25    <DIR>          Razer
27.06.2017  14:10    <DIR>          Reference Assemblies
27.12.2016  23:35    <DIR>          Rockstar Games
29.10.2015  20:55    <DIR>          Skillbrains
10.08.2016  09:46    <DIR>          Skype
28.10.2015  19:26    <DIR>          Sony
02.01.2016  20:06    <DIR>          SpeedFan
20.03.2017  20:54    <DIR>          TeamViewer
06.08.2016  11:00    <DIR>          Ubisoft
14.03.2017  19:32    <DIR>          VulkanRT
11.07.2017  22:04    <DIR>          Windows Defender
13.09.2017  00:07    <DIR>          Windows Mail
08.11.2015  15:13    <DIR>          Windows Media Components
27.06.2017  14:08    <DIR>          Windows Media Player
27.06.2017  14:08    <DIR>          Windows Multimedia Platform
18.03.2017  23:02    <DIR>          Windows NT
13.09.2017  00:07    <DIR>          Windows Photo Viewer
27.06.2017  14:08    <DIR>          Windows Portable Devices
18.03.2017  23:02    <DIR>          WindowsPowerShell
16.02.2017  18:12    <DIR>          Wondershare
02.06.2017  21:40    <DIR>          Yahoo!
               0 Datei(en),              0 Bytes
              51 Verzeichnis(se), 47.759.634.432 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\ProgramData

24.01.2016  18:02    <DIR>          Adobe
16.10.2015  13:14    <DIR>          Avira
12.09.2016  22:17    <DIR>          Battle.net
12.09.2016  22:53    <DIR>          Blizzard Entertainment
16.07.2016  13:45    <DIR>          Comms
02.06.2017  18:30    <DIR>          DigitalWave.ApplicationUpdater_files
16.10.2015  16:48    <DIR>          Electronic Arts
15.02.2017  23:52    <DIR>          Freemake
01.11.2015  18:58    <DIR>          Hewlett-Packard
17.02.2017  12:59    <DIR>          Hi-Rez Studios
06.12.2016  17:33    <DIR>          hps
10.06.2017  00:14    <DIR>          IBM
16.10.2015  13:05    <DIR>          Intel
08.11.2015  15:35    <DIR>          LogMeIn
21.09.2017  19:01    <DIR>          Malwarebytes
03.04.2017  11:39    <DIR>          ManiaPlanet
27.06.2017  13:24    <DIR>          Microsoft OneDrive
25.09.2016  17:14                16 mntemp
21.09.2017  23:01    <DIR>          NVIDIA
27.06.2017  13:17    <DIR>          NVIDIA Corporation
13.04.2017  13:42    <DIR>          Oracle
06.08.2016  11:16    <DIR>          Orbit
21.09.2017  23:02    <DIR>          Origin
20.09.2017  18:39    <DIR>          Package Cache
23.09.2016  22:46    <DIR>          Razer
19.09.2017  21:36    <DIR>          regid.1991-06.com.microsoft
10.08.2016  09:46    <DIR>          Skype
18.03.2017  23:02    <DIR>          SoftwareDistribution
28.10.2015  19:26    <DIR>          Sony
06.08.2016  11:17    <DIR>          Steam
03.02.2016  21:22    <DIR>          SteelSeries
06.12.2016  21:14    <DIR>          tmp
27.06.2017  13:23    <DIR>          USOPrivate
27.06.2017  13:23    <DIR>          USOShared
16.02.2017  18:12    <DIR>          Wondershare
16.02.2017  18:11    <DIR>          Wondershare Video Converter Ultimate
               1 Datei(en),             16 Bytes
              35 Verzeichnis(se), 47.759.572.992 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Users\Christophh\AppData\Roaming

23.08.2017  16:11    <DIR>          .
23.08.2017  16:11    <DIR>          ..
14.07.2017  18:03    <DIR>          .minecraft
24.01.2016  18:02    <DIR>          Adobe
28.10.2015  19:16    <DIR>          ASUS
05.08.2016  15:00    <DIR>          Atari
16.10.2015  13:14    <DIR>          Avira
12.09.2016  22:17    <DIR>          Battle.net
02.06.2017  18:31    <DIR>          DVDVideoSoft
31.10.2015  13:23    <DIR>          GeoGebra 5.0
10.06.2017  00:14    <DIR>          IBM_SPSS_Installer
16.10.2015  13:06    <DIR>          Intel Corporation
16.03.2016  21:18    <DIR>          java
29.11.2015  17:00    <DIR>          ly.logic.LogiclyDesktop
16.10.2015  13:11    <DIR>          Macromedia
16.10.2015  14:50    <DIR>          Mozilla
01.11.2016  19:39    <DIR>          NVIDIA
30.06.2017  17:03    <DIR>          Origin
28.07.2016  13:11    <DIR>          pokemon-go-map
28.10.2015  19:30    <DIR>          Publish Providers
20.12.2015  21:21    <DIR>          Shooter
21.09.2017  23:02    <DIR>          Skype
29.10.2015  19:40    <DIR>          Sony
11.11.2015  21:47    <DIR>          Sony Creative Software Inc
21.09.2017  23:02    <DIR>          Spotify
02.03.2017  22:42    <DIR>          StardewValley
03.02.2016  21:22    <DIR>          SteelSeries
13.12.2016  23:36    <DIR>          steelseries-engine-3-client
16.10.2015  14:44    <DIR>          Sun
16.02.2017  18:05    <DIR>          TAC
23.03.2016  22:02    <DIR>          TeamViewer
21.09.2017  23:01    <DIR>          TS3Client
24.06.2017  21:21    <DIR>          vlc
16.10.2015  15:13    <DIR>          WinRAR
16.02.2017  18:11    <DIR>          Wondershare Video Converter Ultimate
13.04.2017  13:42    <DIR>          Yahoo
16.02.2017  18:12    <DIR>          {950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
               0 Datei(en),              0 Bytes
              37 Verzeichnis(se), 47.759.536.128 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Users\Christophh\AppData\Local

21.09.2017  23:01    <DIR>          .
21.09.2017  23:01    <DIR>          ..
29.07.2016  20:50    <DIR>          ActiveSync
13.11.2016  18:45    <DIR>          Adobe
01.11.2015  18:51    <DIR>          Apps
11.06.2017  19:42    <DIR>          Battle.net
29.11.2015  19:25    <DIR>          Blizzard Entertainment
28.10.2015  19:23    <DIR>          CEF
14.12.2016  21:11    <DIR>          Chromium
30.07.2016  12:38    <DIR>          Comms
25.09.2016  13:09    <DIR>          ConnectedDevicesPlatform
21.05.2017  18:24    <DIR>          CrashDumps
12.08.2016  21:05    <DIR>          CrashReportClient
21.06.2017  01:40    <DIR>          DayZ
03.07.2017  19:23    <DIR>          DBG
12.08.2016  16:59    <DIR>          DeadByDaylight
19.09.2017  22:10    <DIR>          Deployment
06.08.2016  01:28    <DIR>          Diagnostics
21.09.2017  18:58    <DIR>          Downloaded Installations
04.10.2016  16:29    <DIR>          ElevatedDiagnostics
10.11.2015  18:37    <DIR>          ESN
06.08.2016  20:08    <DIR>          Fallout4
15.08.2016  21:27    <DIR>          Futuremark
08.06.2017  21:19    <DIR>          Google
30.10.2015  20:35    <DIR>          GWX
17.02.2017  00:02    <DIR>          HirezLauncherUI
10.06.2017  00:14    <DIR>          IBM
10.06.2017  00:15    <DIR>          javasharedresources
31.07.2017  18:50    <DIR>          JxBrowser
08.11.2015  15:35    <DIR>          LogMeIn
21.09.2017  23:01    <DIR>          LogMeIn Hamachi
28.10.2015  19:34    <DIR>          Macromedia
26.08.2017  22:13    <DIR>          Microsoft
30.07.2016  22:46    <DIR>          MicrosoftEdge
16.10.2015  15:16    <DIR>          Mozilla
23.08.2017  14:38    <DIR>          MSfree Inc
24.10.2016  20:51    <DIR>          NVIDIA
03.08.2017  11:39    <DIR>          NVIDIA Corporation
25.10.2016  15:17    <DIR>          Origin
09.08.2017  20:24    <DIR>          Packages
27.04.2017  16:33    <DIR>          PAYDAY 2
30.07.2016  23:02    <DIR>          PeerDistRepub
23.07.2016  14:18    <DIR>          pip
23.07.2016  15:16    <DIR>          Programs
29.07.2016  20:48    <DIR>          Publishers
29.10.2015  21:01    <DIR>          PunkBuster
16.10.2015  13:31    <DIR>          Razer_Inc
27.01.2017  18:49             7.591 Resmon.ResmonCfg
18.12.2015  17:10    <DIR>          Rockstar Games
28.10.2015  19:29    <DIR>          Sony
21.09.2017  23:02    <DIR>          Spotify
14.12.2016  21:11    <DIR>          Steam
03.02.2016  21:01    <DIR>          SteelSeries_ApS
21.09.2017  23:02    <DIR>          Temp
29.07.2016  20:48    <DIR>          TileDataLayer
25.07.2017  21:49    <DIR>          TslGame
15.09.2016  22:04    <DIR>          Ubisoft Game Launcher
13.04.2017  13:03    <DIR>          UNP
24.08.2017  21:30    <DIR>          UnrealEngine
29.10.2015  20:55                 3 updater.log
06.05.2017  11:08               425 UserProducts.xml
07.09.2016  22:22    <DIR>          VirtualStore
16.02.2017  18:10    <DIR>          Wondershare
               3 Datei(en),          8.019 Bytes
              60 Verzeichnis(se), 47.759.515.648 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Program Files (x86)\Common Files

19.09.2017  21:36    <DIR>          .
19.09.2017  21:36    <DIR>          ..
24.01.2016  17:57    <DIR>          Adobe
21.09.2017  23:00    <DIR>          BattlEye
19.09.2017  21:36    <DIR>          DESIGNER
02.06.2017  18:30    <DIR>          DVDVideoSoft
16.10.2015  13:08    <DIR>          Intel Corporation
13.04.2017  13:42    <DIR>          Java
19.09.2017  21:36    <DIR>          Microsoft Shared
16.10.2015  13:05    <DIR>          PostureAgent
18.03.2017  23:02    <DIR>          Services
09.04.2016  14:28    <DIR>          Skype
08.09.2017  18:25    <DIR>          Steam
20.03.2017  06:39    <DIR>          System
               0 Datei(en),              0 Bytes
              14 Verzeichnis(se), 47.759.450.112 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramW6432%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Program Files\Common Files

27.06.2017  13:17    <DIR>          .
27.06.2017  13:17    <DIR>          ..
06.06.2017  06:10    <DIR>          IBM
27.06.2017  13:17    <DIR>          microsoft shared
18.03.2017  23:02    <DIR>          Services
20.03.2017  06:39    <DIR>          System
               0 Datei(en),              0 Bytes
               6 Verzeichnis(se), 47.759.409.152 Bytes frei

========= Ende von CMD: =========


========= dir "%UserProfile%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\Users\Christophh

21.09.2017  23:01    <DIR>          .
21.09.2017  23:01    <DIR>          ..
07.09.2016  22:47    <DIR>          .litwrl
07.09.2016  22:32    <DIR>          .oracle_jre_usage
20.10.2016  15:48    <DIR>          .Origin
20.10.2016  15:48    <DIR>          .QtWebEngineProcess
10.06.2017  00:15    <DIR>          .spss
14.11.2015  17:13    <DIR>          .Vektoris3D25
10.06.2017  00:15    <DIR>          Application Data
12.07.2017  15:02               169 BullseyeCoverageError.txt
13.09.2017  14:38    <DIR>          Contacts
21.09.2017  19:05    <DIR>          Desktop
13.09.2017  14:38    <DIR>          Documents
21.09.2017  23:02    <DIR>          Downloads
13.09.2017  14:38    <DIR>          Favorites
11.02.2016  22:50    <DIR>          Google Drive
16.10.2015  13:04    <DIR>          Intel
21.09.2017  19:04    <DIR>          Links
13.09.2017  14:38    <DIR>          Music
21.09.2017  19:04    <DIR>          OneDrive
13.09.2017  14:38    <DIR>          Pictures
13.09.2017  14:38    <DIR>          Saved Games
13.09.2017  14:38    <DIR>          Searches
18.12.2015  22:57    <DIR>          Tracing
13.09.2017  14:38    <DIR>          Videos
               1 Datei(en),            169 Bytes
              24 Verzeichnis(se), 47.759.335.424 Bytes frei

========= Ende von CMD: =========


========= dir "C:\" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 9A73-822E

 Verzeichnis von C:\

21.09.2017  18:58    <DIR>          AdwCleaner
16.10.2015  14:57    <DIR>          ESD
13.08.2016  12:27    <DIR>          Fraps
21.09.2017  23:02    <DIR>          FRST
05.08.2016  14:59    <DIR>          GOG Games
08.11.2015  15:13    <DIR>          IExp0.tmp
08.11.2015  15:13    <DIR>          IExp1.tmp
27.04.2016  07:34    <DIR>          Logs
18.03.2017  23:02    <DIR>          PerfLogs
21.09.2017  19:01    <DIR>          Program Files
21.09.2017  18:58    <DIR>          Program Files (x86)
23.07.2016  15:25    <DIR>          Python27
29.11.2015  19:25    <DIR>          SC2Data
23.08.2017  16:10               247 SILENT
23.08.2017  19:05    <DIR>          Steamspiele
20.09.2017  21:41            88.370 TDSSKiller.3.1.0.15_20.09.2017_21.40.12_log.txt
27.06.2017  13:17    <DIR>          Users
21.09.2017  22:04    <DIR>          Windows
               2 Datei(en),         88.617 Bytes
              16 Verzeichnis(se), 47.759.265.792 Bytes frei

========= Ende von CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== Ende von ExportKey ===

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7504311 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 15517 B
Edge => 0 B
Chrome => 0 B
Firefox => 17778924 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Christophh => 42493499 B

RecycleBin => 0 B
EmptyTemp: => 72.2 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:02:34 ====
         
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : CHRISTOPH
   Windows . . . . . . . : 10.0.0.15063.X64/8
   User name . . . . . . : Christoph\Christophh
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-09-21 23:04:50
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 4

   Objects scanned . . . : 2.019.828
   Files scanned . . . . : 64.229
   Remnants scanned  . . : 513.940 files / 1.441.659 keys

Malware _____________________________________________________________________

   C:\Users\Christophh\Downloads\GPU Z - CHIP-Installer.exe
      Size . . . . . . . : 1.525.768 bytes
      Age  . . . . . . . : 51.1 days (2017-08-01 19:45:57)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 7ECE49ADA9C7627BF01DC598AECA9D5081D1904E2EA940D9F03475CA132328E0
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
      Fuzzy  . . . . . . : 103.0


Suspicious files ____________________________________________________________

   C:\Users\Christophh\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
      Size . . . . . . . : 138.648 bytes
      Age  . . . . . . . : 693.1 days (2015-10-29 21:02:09)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DE86A451D282866613EE18CF668C2E962ABCB09FA51F7FF0C98405418A19EA81
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Christophh\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.399.744 bytes
      Age  . . . . . . . : 2.0 days (2017-09-19 22:10:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 00BF08360F912565C549D21B6808F8CAC66391A267C20CE22C79513C3DB0A85F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Christophh\Downloads\FRST64.exe
      Size . . . . . . . : 2.399.744 bytes
      Age  . . . . . . . : 1.1 days (2017-09-20 21:38:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 834870443B6B9651BC21C5BD345E60919504C9F0107EF0B50CA6DC454FE9A5B8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Christophh\Downloads\FRST64.exe
          1.0s C:\Users\Christophh\Downloads\FRST-OlderVersion\
         
andere kommen morgen, dauert sonst zu lange sorry

Code:
ATTFilter
C:\Users\Christophh\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter.exe	Variante von Win32/FusionCore.I eventuell unerwünschte Anwendung	
C:\Users\Christophh\Downloads\GPU Z - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung	
D:\Alle Bilder\HANDY aktuell\Musik\Samy Deluxe - Studioalben - 2011 - SchwarzWeiss (Limited Deluxe Edition)\www.brothers-of-usenet.org\Brothers Bar Community Toolbar für Firefox.xpi	Win32/Toolbar.Conduit.A eventuell unerwünschte Anwendung	
D:\Spiele\SimCity\SimCity\1911.dll	Variante von Win32/Packed.VMProtect.ABD Trojaner
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
durchgeführt von Christophh (Administrator) auf CHRISTOPH (22-09-2017 17:14:48)
Gestartet von C:\Users\Christophh\Downloads
Geladene Profile: Christophh (Verfügbare Profile: Christophh)
Platform: Windows 10 Pro N Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\System32\PnkBstrA.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Hi-Rez Studios) D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVM Berlin) C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\fritzbox-usb-fernanschluss.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(ESET spol. s r.o.) C:\Users\Christophh\Downloads\esetonlinescanner_deu.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098944 2017-08-23] (Electronic Arts)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [AVMUSBFernanschluss] => C:\Users\Christophh\AppData\Local\Apps\2.0\ZW5GXKJT.E0T\29LLDZG7.YGO\frit..tion_1acae14e4778b8d2_0002.0003_60ff6cdc6aeff8f9\AVMAutoStart.exe [139264 2015-11-01] (AVM Berlin)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25622168 2017-08-31] (Google)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify] => C:\Users\Christophh\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-14] (Spotify Ltd)
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\...\Run: [Spotify Web Helper] => C:\Users\Christophh\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-14] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-02-03]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ebeed22-0f5c-4834-a642-ac386011e952}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2647985832-747989680-4269839675-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2647985832-747989680-4269839675-1001 -> {7309F519-9799-43A0-B156-48B8354BBBA4} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-10-28] (DVDVideoSoft Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-13] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-10-28] (DVDVideoSoft Ltd.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-20] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  Keine Datei

FireFox:
========
FF DefaultProfile: wnpf6fue.default
FF ProfilePath: C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default [2017-09-22]
FF NetworkProxy: Mozilla\Firefox\Profiles\wnpf6fue.default -> type", 0
FF Extension: (ProxTube) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\ich@maltegoetz.de.xpi [2017-06-29]
FF Extension: (Adblock Plus) - C:\Users\Christophh\AppData\Roaming\Mozilla\Firefox\Profiles\wnpf6fue.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-20] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-07]
CHR Extension: (Google Docs) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-07]
CHR Extension: (Google Drive) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Steam Inventory Helper) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-23]
CHR Extension: (Google Search) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Sheets) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Yahoo Partner) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibbfklbaljofpaanmpaeadejijfdddco [2017-04-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Christophh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-23]
CHR HKU\S-1-5-21-2647985832-747989680-4269839675-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibbfklbaljofpaanmpaeadejijfdddco] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-09-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1525240 2017-09-20] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [402768 2017-08-30] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-05-24] (Digital Wave Ltd.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [400656 2017-02-16] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
U2 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-24] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-10] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-10] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-16] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [176224 2017-09-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [167464 2017-09-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-03] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2015-11-01] (AVM Berlin)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-21] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-22] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-22 17:13 - 2017-09-22 17:13 - 000001206 _____ C:\Users\Christophh\Desktop\eset.txt
2017-09-21 23:05 - 2017-09-21 23:05 - 006760064 _____ (ESET spol. s r.o.) C:\Users\Christophh\Downloads\esetonlinescanner_deu.exe
2017-09-21 23:05 - 2017-09-21 23:05 - 000000000 ____D C:\Users\Christophh\AppData\Local\ESET
2017-09-21 23:04 - 2017-09-21 23:06 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-21 23:03 - 2017-09-21 23:03 - 011584088 _____ (SurfRight B.V.) C:\Users\Christophh\Downloads\HitmanPro_x64.exe
2017-09-21 22:02 - 2017-09-21 22:03 - 000001122 _____ C:\Users\Christophh\Downloads\SystemLook.txt
2017-09-21 22:01 - 2017-09-21 22:01 - 000165376 _____ C:\Users\Christophh\Downloads\SystemLook_x64.exe
2017-09-21 21:59 - 2017-09-21 23:02 - 000020032 _____ C:\Users\Christophh\Downloads\Fixlog.txt
2017-09-21 19:05 - 2017-09-21 19:05 - 000006157 _____ C:\Users\Christophh\Desktop\mbam.txt
2017-09-21 19:02 - 2017-09-22 15:46 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-21 19:02 - 2017-09-22 15:40 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 19:02 - 2017-09-22 15:40 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-21 19:02 - 2017-09-22 15:40 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-21 19:02 - 2017-09-21 19:02 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-21 19:01 - 2017-09-21 19:01 - 068408664 _____ (Malwarebytes ) C:\Users\Christophh\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-21 19:01 - 2017-09-21 19:01 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-21 19:01 - 2017-09-21 19:01 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-21 19:01 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-21 18:56 - 2017-09-21 18:56 - 008182736 _____ (Malwarebytes) C:\Users\Christophh\Downloads\adwcleaner_7.0.2.1.exe
2017-09-20 21:40 - 2017-09-20 21:41 - 000088370 _____ C:\TDSSKiller.3.1.0.15_20.09.2017_21.40.12_log.txt
2017-09-20 21:40 - 2017-09-20 21:40 - 004922400 _____ (AO Kaspersky Lab) C:\Users\Christophh\Downloads\tdsskiller.exe
2017-09-20 21:38 - 2017-09-20 21:38 - 000000000 ____D C:\Users\Christophh\Downloads\FRST-OlderVersion
2017-09-20 21:35 - 2017-09-20 21:35 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-09-20 18:39 - 2017-09-20 18:39 - 000003374 _____ C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray
2017-09-20 18:39 - 2017-09-20 18:39 - 000003208 _____ C:\WINDOWS\System32\Tasks\Avira SystrayStartTrigger
2017-09-20 18:39 - 2017-09-20 18:39 - 000001193 _____ C:\Users\Public\Desktop\Avira.lnk
2017-09-19 22:12 - 2017-09-21 22:04 - 000062718 _____ C:\Users\Christophh\Downloads\Addition.txt
2017-09-19 22:11 - 2017-09-22 17:14 - 000025006 _____ C:\Users\Christophh\Downloads\FRST.txt
2017-09-19 22:11 - 2017-09-22 17:14 - 000000000 ____D C:\FRST
2017-09-19 22:10 - 2017-09-20 21:38 - 002399744 _____ (Farbar) C:\Users\Christophh\Downloads\FRST64.exe
2017-09-12 23:00 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 23:00 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 23:00 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-12 23:00 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-12 23:00 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 23:00 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 23:00 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 23:00 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 23:00 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 23:00 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-12 22:59 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 22:59 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 22:59 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-12 22:59 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 22:59 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 22:59 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 22:59 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 22:59 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-12 22:59 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 22:59 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 22:59 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-12 22:59 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-12 22:59 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 22:59 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-12 22:59 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-12 22:59 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 22:59 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 22:59 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 22:59 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-12 22:59 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-12 22:59 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-12 22:59 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 22:59 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 22:59 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-12 22:59 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 22:59 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-12 22:59 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 22:59 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 22:59 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-12 22:59 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 22:59 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-12 22:59 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 22:59 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 22:59 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 22:59 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 22:59 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 22:59 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-12 22:59 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-12 22:59 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 22:59 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-12 22:59 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 22:59 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 22:59 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-12 22:59 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 22:59 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 22:59 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 22:59 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-12 22:59 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 22:59 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 22:59 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 22:59 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 22:59 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 22:59 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 22:59 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-12 22:59 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 22:59 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 22:59 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 22:59 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-12 22:59 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 22:59 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 22:59 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 22:59 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 22:59 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 22:59 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 22:59 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-12 22:59 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 22:59 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 22:59 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 22:59 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 22:59 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 22:59 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-12 22:59 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 22:59 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-12 22:59 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 22:59 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 22:59 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-12 22:59 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 22:59 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 22:59 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 22:59 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-06 23:49 - 2017-09-06 23:49 - 000000041 _____ C:\Users\Christophh\Desktop\sky.txt
2017-09-05 00:11 - 2017-09-05 00:11 - 005004137 _____ C:\Users\Christophh\Desktop\867c5e9ab0891a8d.mp4
2017-08-27 19:38 - 2017-08-27 19:38 - 000461541 _____ C:\Users\Christophh\Downloads\8CTVBK
2017-08-27 19:36 - 2017-08-27 19:36 - 000188608 _____ C:\Users\Christophh\Downloads\Documents(1).zip
2017-08-27 19:36 - 2017-06-07 11:04 - 000037225 ____N C:\Users\Christophh\Desktop\Tutorium06-SS17.pdf
2017-08-27 19:36 - 2017-05-29 11:33 - 000037344 ____N C:\Users\Christophh\Desktop\Tutorium05-SS17.pdf
2017-08-27 19:36 - 2017-05-24 15:05 - 000037470 ____N C:\Users\Christophh\Desktop\Tutorium04-SS17.pdf
2017-08-27 19:36 - 2017-05-17 11:57 - 000037932 ____N C:\Users\Christophh\Desktop\Tutorium03-SS17.pdf
2017-08-27 19:36 - 2017-05-15 08:43 - 000032988 ____N C:\Users\Christophh\Desktop\Tutorium02-SS17.pdf
2017-08-27 19:36 - 2017-05-04 09:54 - 000048413 ____N C:\Users\Christophh\Desktop\Tutorium01-SS17.pdf
2017-08-27 19:35 - 2017-08-27 19:35 - 015613585 _____ C:\Users\Christophh\Downloads\Documents.zip
2017-08-26 21:39 - 2017-08-26 21:39 - 020317282 _____ C:\Users\Christophh\Downloads\Gmail.zip
2017-08-23 19:05 - 2017-08-23 19:05 - 000000000 ____D C:\Steamspiele
2017-08-23 16:11 - 2017-09-22 15:40 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Spotify
2017-08-23 16:11 - 2017-09-22 15:40 - 000000000 ____D C:\Users\Christophh\AppData\Local\Spotify
2017-08-23 16:11 - 2017-08-23 16:11 - 000001914 _____ C:\Users\Christophh\Desktop\Spotify.lnk
2017-08-23 16:11 - 2017-08-23 16:11 - 000001900 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-08-23 16:10 - 2017-08-23 16:10 - 058203272 _____ (Spotify Ltd) C:\Users\Christophh\Downloads\SpotifyFullSetup.exe
2017-08-23 16:10 - 2017-08-23 16:10 - 000000247 _____ C:\SILENT

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-22 17:10 - 2015-12-18 22:56 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\Skype
2017-09-22 16:31 - 2015-10-16 15:11 - 000000000 ____D C:\ProgramData\Origin
2017-09-22 16:20 - 2017-06-27 13:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-22 15:50 - 2016-01-15 21:16 - 000002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-09-22 15:50 - 2016-01-15 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-09-22 15:48 - 2017-06-27 13:20 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16B4380E-769C-4734-94C3-69A9011C9AF2}
2017-09-22 15:48 - 2017-06-27 13:16 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-22 15:46 - 2017-06-27 13:25 - 002665282 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-22 15:46 - 2017-03-20 06:40 - 001239166 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-22 15:46 - 2017-03-20 06:40 - 000288274 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-22 15:45 - 2017-03-18 23:02 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-22 15:45 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-22 15:42 - 2015-11-08 15:35 - 000000000 ____D C:\Users\Christophh\AppData\Local\LogMeIn Hamachi
2017-09-22 15:40 - 2017-06-27 13:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-22 15:40 - 2016-11-20 12:30 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Mozilla
2017-09-21 23:02 - 2017-03-18 13:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-21 23:01 - 2017-06-27 13:16 - 000000000 ____D C:\Users\Christophh
2017-09-21 23:01 - 2015-10-16 15:20 - 000000000 ____D C:\Users\Christophh\AppData\Roaming\TS3Client
2017-09-21 21:59 - 2017-03-14 13:06 - 000000000 ____D C:\Users\Christophh\AppData\LocalLow\Temp
2017-09-21 19:04 - 2017-07-27 14:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2647985832-747989680-4269839675-1001
2017-09-21 19:04 - 2016-07-29 20:50 - 000002437 _____ C:\Users\Christophh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 19:04 - 2015-10-28 19:14 - 000000000 ___RD C:\Users\Christophh\OneDrive
2017-09-21 18:58 - 2017-08-01 19:46 - 000000000 ____D C:\Users\Christophh\AppData\Local\Downloaded Installations
2017-09-21 18:58 - 2017-06-02 21:38 - 000000000 ____D C:\AdwCleaner
2017-09-20 18:55 - 2015-10-28 19:11 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-20 18:39 - 2015-10-16 13:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-09-20 18:38 - 2015-10-16 13:14 - 000176224 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-09-19 22:10 - 2017-06-30 17:03 - 000000000 ____D C:\Users\Christophh\AppData\Local\Deployment
2017-09-19 21:36 - 2017-03-18 23:02 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-19 21:36 - 2017-03-18 23:00 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 14:14 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\rescache
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 22:41 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-13 18:48 - 2015-10-16 13:14 - 000167464 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-09-13 14:38 - 2017-06-27 13:15 - 000381288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 14:38 - 2016-04-27 07:40 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 00:07 - 2017-03-20 06:39 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 00:07 - 2017-03-18 23:02 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-12 23:02 - 2015-10-16 13:25 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 23:01 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-12 23:01 - 2015-10-16 13:25 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-02 19:30 - 2015-10-16 15:11 - 000000000 ____D C:\Program Files (x86)\Origin
2017-09-02 17:57 - 2016-01-24 17:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-02 17:54 - 2015-11-07 21:07 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-02 17:15 - 2017-03-18 23:04 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:04 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-27 19:58 - 2016-11-19 13:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-27 19:58 - 2015-10-16 14:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-25 15:44 - 2017-07-27 22:57 - 000000000 ____D C:\WINDOWS\Minidump
2017-08-24 21:30 - 2016-08-12 16:59 - 000807464 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-24 21:30 - 2016-08-12 16:59 - 000000000 ____D C:\Users\Christophh\AppData\Local\UnrealEngine
2017-08-23 14:38 - 2015-10-28 19:16 - 000000000 ____D C:\Users\Christophh\AppData\Local\MSfree Inc

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-10-31 20:07 - 2017-01-27 18:49 - 000007591 _____ () C:\Users\Christophh\AppData\Local\Resmon.ResmonCfg
2015-10-29 20:55 - 2015-10-29 20:55 - 000000003 _____ () C:\Users\Christophh\AppData\Local\updater.log
2015-10-29 20:55 - 2017-05-06 11:08 - 000000425 _____ () C:\Users\Christophh\AppData\Local\UserProducts.xml
2016-09-25 17:14 - 2016-09-25 17:14 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-20 18:48

==================== Ende von FRST.txt ============================
         

Antwort

Themen zu Microsoft-Ansage "Pc deaktivieren" Virus
anrufen, avdevprot.sys, avira, daten, datensicherung, deaktivieren, direkt, gefunde, infiziert, karte, kreditkarte, microsoft, nicht, schonmal, sicherung, sofort, total, virus



Ähnliche Themen: Microsoft-Ansage "Pc deaktivieren" Virus


  1. Microsoft-Ansage "Pc deaktivieren" Virus
    Alles rund um Windows - 19.09.2017 (3)
  2. Nicht auffindbarer hartnäckiger Virus/ Trojaner "Gerrupy""snare" "MIO" und weitere
    Log-Analyse und Auswertung - 02.06.2017 (20)
  3. "TR/Crypt.XPACK.Gen" in "C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\SharedLibrary.dll"
    Log-Analyse und Auswertung - 06.06.2016 (6)
  4. Google Chrome Addin "Download Protect" lässt sich nicht löschen oder deaktivieren
    Plagegeister aller Art und deren Bekämpfung - 14.03.2016 (19)
  5. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  6. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 04.07.2015 (14)
  7. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  8. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  9. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  10. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  11. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  12. Das Attribut "Schreibgeschützt" im Explorer lässt sich nicht deaktivieren
    Plagegeister aller Art und deren Bekämpfung - 20.11.2011 (22)
  13. Microsoft Recovery Virus - Virus entfernt, aber Daten bleiben "unsichtbar"
    Log-Analyse und Auswertung - 28.04.2011 (5)
  14. "muxyi.exe" und Fehler bei Rechte zu "C:\ProgramData\Microsoft\Windows"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (5)
  15. Frage zum Neuaufsetzen ( "Client für Microsoft Netzwerke" / "Druckerfreigabe")
    Alles rund um Windows - 28.04.2010 (1)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)

Zum Thema Microsoft-Ansage "Pc deaktivieren" Virus - Hallo, als ich gerade meinen PC angemacht habe kam eine Ansage: Ihr PC ist mit einem Virus infiziert, rufen sie sofort bei Microsoft an. Der Virus gibt Kreditkartendaten weiter. Wenn - Microsoft-Ansage "Pc deaktivieren" Virus...
Archiv
Du betrachtest: Microsoft-Ansage "Pc deaktivieren" Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.