Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 10 64bit : Verdacht auf Maleware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.09.2017, 18:49   #1
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



Hiho,

Ich wollte mir heute SUPER(c) runterladen. Ein Videoconverter Tool. Habe bei der Installation alle Haken entfernt von Fremdprogrammen, leider scheint das nicht funktioniert zu habe. Als die erste dubiose Installation kam, habe ich direkt alles abgebrochen, aber es wurde munter weiterinstalliert, bis ich 8-10 ungewollte Programme darauf hatte. Unter anderem DragonBoost, welches nach langem hin und her irgendwie deinstallieren konnte. Habe einige male Malewarebytes Antimaleware laufen lassen und hunderte Bedrohungen gefunden. Leider habe ich die Logs nicht gespeichert.

Weite Scans lassen nach kurzer Zeit immer wieder vereinzelt eine Bedrohung finden.

Windows Defender funktioniert garnicht mehr. Ich kann es öffnen, aber es sagt immer "Der Bedrohungsdienst wurde beendet, starten sie neu" Aber der Neustart Button macht nichts. Ebenso eine Schnellprüfung oder Vollständige Prüfung bleibt ohne erfolg, da nichts passiert, egal wie lange die Zeit läuft gescante Dateien bleibt bei 0.

Im Browser öffnet sich auch hin und wieder ein neuer Tab mit Werbung. Bin gerade etwas am Verzweifeln.

Ich hoffe da ist nicht noch mehr, da ich den PC nicht alleine nutze und da evtl schon länger was rumgeistert.

frst
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
durchgeführt von Hoshi (Administrator) auf HOSHI-PC (21-09-2017 18:39:09)
Gestartet von C:\Users\Hoshi\Desktop
Geladene Profile: Hoshi &  (Verfügbare Profile: Hoshi & Mcx1-HOSHI-PC & OVRLibraryService)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Oculus VR) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(1VDQ) C:\Program Files (x86)\SDownloader\6PZUP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify Web Helper] => C:\Users\Hoshi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify] => C:\Users\Hoshi\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [4UEZZE426ZCBI5S] => C:\Program Files (x86)\SDownloader\6PZUP.exe [1226752 2017-09-21] (1VDQ)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Hoshi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Hoshi\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [4UEZZE426ZCBI5S] => C:\Program Files (x86)\SDownloader\6PZUP.exe [1226752 2017-09-21] (1VDQ)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe <==== ACHTUNG
HKU\S-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{44eab3ff-54e7-4179-9334-818557caa181}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{48087fcf-0f34-473d-98e4-623094e6d179}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{50f0966d-4c38-4772-9bc1-2e04e25500e9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{53270d60-5f82-4144-bb10-31c955cd1d24}: [DhcpNameServer] 192.168.42.129
ManualProxies: 

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2016-01-18] (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: v835n1d8.default-1416499139358
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 [2017-09-21]
FF user.js: detected! => C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\user.js [2017-09-21]
FF Homepage: Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 -> www.google.de
FF Extension: (anonymoX) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\client@anonymox.net.xpi [2017-08-29]
FF Extension: (MEGA) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\firefox@mega.co.nz.xpi [2017-09-21]
FF Extension: (FlashDisable) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2017-04-10]
FF Extension: (Quick Searcher) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\mefhakmgclhhfbdadeojlkbllmecialg@chrome-store-foxified-1132576233 [2017-09-21]
FF Extension: (NoScript) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-12]
FF Extension: (DVDVideoSoft YouTube MP3 and Video Download) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2016-01-18] [ist nicht signiert]
FF Extension: (Video DownloadHelper) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Bitdefender QuickScan) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-04-21] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-09-21]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default [2017-09-14]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
S3 GalaxyClientService; D:\Games\GalaxyClient\GalaxyClientService.exe [532544 2017-09-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-09-07] (GOG.com)
S4 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2098528 2017-09-12] (Electronic Arts)
S2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [2977640 2017-09-12] (Electronic Arts)
S3 OVRLibraryService; D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe [207656 2016-12-13] (Oculus VR, LLC)
R2 OVRService; D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [470480 2016-12-13] (Oculus VR)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-07-26] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2017-09-12] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [324224 2016-05-23] (Skype Technologies)
R2 TeamViewer; D:\Programme\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [330208 2017-07-19] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [75560 2017-05-06] (Broadcom Corporation.)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2017-05-25] (Disc Soft Ltd)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-09-29] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-09-29] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-09-21] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-11-09] () [Datei ist nicht signiert]
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-15] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 aspnet_state; kein ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 18:39 - 2017-09-21 18:39 - 000025269 _____ C:\Users\Hoshi\Desktop\FRST.txt
2017-09-21 18:39 - 2017-09-21 18:39 - 000000000 ____D C:\FRST
2017-09-21 18:37 - 2017-09-21 18:37 - 002399744 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2017-09-21 18:17 - 2017-09-21 18:17 - 000002052 _____ C:\WINDOWS\System32\Tasks\0z8qp1lfDt
2017-09-21 17:49 - 2017-09-21 18:32 - 000465324 _____ C:\WINDOWS\ntbtlog.txt
2017-09-21 17:49 - 2017-09-21 18:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\wgfhygzl2oo
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1btjxe3pfv
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ky1ycpizc1m
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hj44pi4iij1
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\fslpzvplkzw
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\3K1EP8FZTW
2017-09-21 17:46 - 2017-09-21 17:46 - 000000000 ____D C:\Program Files\794JJ2L8W9
2017-09-21 17:45 - 2017-09-21 18:17 - 000000002 _____ C:\END
2017-09-21 17:45 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\xjrqshsfear
2017-09-21 17:45 - 2017-09-21 17:45 - 000024658 _____ C:\WINDOWS\System32\Tasks\{79097F47-7A7D-0904-0B11-0F04040D1179}
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1k4v1fzjcg
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\WSH55IY5CO
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\SUGMCJMJDX
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\L4GUFS7VFF
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\{E4156CA0-47AD-493C-980B-63E02EA7C93A}
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\{CF160C81-F78D-4A0C-BE47-AF22C8C533BE}
2017-09-21 17:44 - 2017-09-21 17:44 - 000024576 _____ C:\Users\Hoshi\AppData\Local\drtaaf.dll
2017-09-21 17:43 - 2017-09-21 18:17 - 000000306 __RSH C:\Users\Hoshi\ntuser.pol
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\rvv0f2joxp0
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hjvjanr5j10
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\h4hpycpiigw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cvmm2xhahv1
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\aa3cy0c3vrw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\NTLYPTR4F0
2017-09-21 17:42 - 2017-09-21 17:47 - 000003476 _____ C:\WINDOWS\System32\Tasks\f371379892038d205abbfa586a4788d0
2017-09-21 17:42 - 2017-09-21 17:47 - 000003286 _____ C:\WINDOWS\System32\Tasks\088195c19b33f61100dd567039f0a39e
2017-09-21 17:42 - 2017-09-21 17:43 - 000000306 _____ C:\WINDOWS\Tasks\jJKowXmxzIFxIuj.job
2017-09-21 17:42 - 2017-09-21 17:42 - 000003214 _____ C:\WINDOWS\System32\Tasks\LSjUFtTofwjkxN
2017-09-21 17:42 - 2017-09-21 17:42 - 000002864 _____ C:\WINDOWS\System32\Tasks\jJKowXmxzIFxIuj2
2017-09-21 17:42 - 2017-09-21 17:42 - 000002626 _____ C:\WINDOWS\System32\Tasks\jJKowXmxzIFxIuj
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\Users\Hoshi\AppData\Local\AdvinstAnalytics
2017-09-21 17:41 - 2017-09-21 17:44 - 000004608 _____ C:\WINDOWS\system32\mispaced.dll
2017-09-21 17:41 - 2017-09-21 17:41 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\jyqtpby3wrp
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cf0aqfn3f2w
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\1yqjmonlcdx
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\2J4S1XCBYH
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\0REZPKA8BK
2017-09-21 17:40 - 2017-09-21 17:44 - 000006656 _____ C:\WINDOWS\system32\mispacedx.dll
2017-09-21 17:40 - 2017-09-21 17:40 - 000004608 _____ C:\WINDOWS\SysWOW64\mispaced.dll
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\zh5avmoljgd
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ujkguhy3rb5
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ivuhqdpovve
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TVCTLBBTT8
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\R1VICQWYQE
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2017-09-21 17:39 - 2017-09-21 17:39 - 000140800 _____ C:\Users\Hoshi\AppData\Local\installer.dat
2017-09-21 17:39 - 2017-09-21 17:39 - 000016826 _____ C:\WINDOWS\System32\Tasks\Spin Driver Vuld
2017-09-21 17:39 - 2017-09-21 17:39 - 000011568 _____ C:\Users\Hoshi\AppData\Local\InstallationConfiguration.xml
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ErrorReporting
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cl2bnzogg1u
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\53uzogknheg
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TBUC85W4RM
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\CARPFHFJOG
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\SDownloader
2017-09-21 17:35 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Local\PCBooster
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\Documents\Aiseesoft Studio
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Aiseesoft Studio
2017-09-20 22:10 - 2017-09-20 22:10 - 000537088 _____ C:\WINDOWS\ea25b50d8d77b75b0e1b47872ebc5b38.exe
2017-09-20 22:10 - 2017-09-20 22:10 - 000051624 _____ C:\WINDOWS\uninstaller.dat
2017-09-20 16:59 - 2017-09-20 17:01 - 004204032 _____ (crosire) C:\Users\Hoshi\Desktop\ReShade.exe
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ C:\Users\Hoshi\AppData\Local\recently-used.xbel
2017-09-19 16:48 - 2017-09-19 16:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-09-18 17:33 - 2017-09-18 17:33 - 000000098 _____ C:\WINDOWS\SysWOW64\QuickTime.qtp
2017-09-18 17:33 - 2017-09-18 17:33 - 000000000 ____D C:\WINDOWS\SysWOW64\QuickTime
2017-09-18 17:33 - 1999-07-13 20:02 - 000086016 _____ (MindVision Software) C:\WINDOWS\unvise32qt.exe
2017-09-18 17:32 - 2017-09-18 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time
2017-09-18 16:49 - 2017-09-19 19:20 - 000000000 ____D C:\Users\Hoshi\Documents\Project CARS
2017-09-18 16:49 - 2017-09-18 16:49 - 000000000 ____D C:\Users\Hoshi\Documents\wmd_symbol_cache
2017-09-17 20:26 - 2017-09-17 20:49 - 000000065 _____ C:\Users\Hoshi\Desktop\SL Foto Termine!.txt
2017-09-17 10:27 - 2017-09-17 10:29 - 021643807 _____ C:\Users\Hoshi\Desktop\Sound Fix v1.4.3.rar
2017-09-17 10:27 - 2017-09-17 10:28 - 021697338 _____ C:\Users\Hoshi\Desktop\Jaguar XJ220 v1.3.rar
2017-09-17 08:52 - 2017-09-17 09:35 - 000000000 ____D C:\Users\Hoshi\Documents\Assetto Corsa
2017-09-16 14:13 - 2017-09-16 14:13 - 000000000 ____D C:\Users\Hoshi\Desktop\Posen
2017-09-15 20:18 - 2017-09-15 20:21 - 000000000 ____D C:\Users\Hoshi\Documents\MindShow
2017-09-15 20:13 - 2017-09-15 20:13 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Mindshow
2017-09-15 19:43 - 2017-09-15 19:43 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Against Gravity
2017-09-15 15:52 - 2017-09-15 15:52 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Stress Level Zero
2017-09-13 20:38 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 20:38 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 20:38 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 20:38 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 20:38 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 20:38 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 20:38 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 20:38 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-13 20:38 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 20:38 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 20:38 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 20:38 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 20:38 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 20:38 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 20:38 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 20:38 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-09-13 20:38 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 20:38 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 20:34 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 20:34 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:34 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 20:34 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 20:34 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 20:34 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 20:34 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 20:34 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 20:34 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 20:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 20:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 20:33 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 20:33 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 20:33 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 20:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 20:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 20:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 20:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 20:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 20:33 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 20:33 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 20:33 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 20:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 20:33 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 20:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 20:33 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 20:33 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 20:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 20:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 20:33 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 20:33 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 20:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 20:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 20:32 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 20:32 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 20:32 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 20:32 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 20:32 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 20:32 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 20:32 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 20:32 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 20:32 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 20:32 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 20:32 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 20:32 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 20:32 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 20:32 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 20:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 20:32 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 20:32 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 20:32 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 20:32 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 20:32 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 20:32 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 20:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-09-13 20:32 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 20:32 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 20:32 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 20:32 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 20:31 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 20:31 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 20:31 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 20:31 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 20:31 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 20:31 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-13 20:31 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-13 20:31 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 20:31 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 20:31 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 20:31 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 20:31 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 20:31 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 20:31 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 20:31 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 20:30 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 19:33 - 2017-09-13 19:33 - 000000000 ____D C:\temp
2017-09-12 18:08 - 2017-09-12 18:08 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Google
2017-09-12 16:44 - 2017-09-12 18:32 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-09-12 16:44 - 2017-09-12 16:44 - 000000000 ____D C:\Program Files\Virtual Desktop
2017-09-10 10:52 - 2017-09-10 11:30 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\Users\Hoshi\Documents\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\ProgramData\com.nolimitscoaster.nolimits2
2017-09-09 17:16 - 2017-09-09 17:16 - 000000000 ____D C:\Users\Hoshi\AppData\Local\E1
2017-09-09 13:53 - 2017-09-09 13:53 - 000000000 ____D C:\Users\Hoshi\M210Projects
2017-09-09 13:28 - 2017-09-09 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood [GOG.com]
2017-09-09 11:09 - 2017-09-09 11:34 - 000000000 ____D C:\Users\Hoshi\Desktop\Aufnahme Vorlagen
2017-09-09 09:04 - 2017-09-09 09:05 - 000000024 _____ C:\Users\Hoshi\Desktop\SL Hud verstecken.txt
2017-09-08 19:08 - 2017-09-08 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima series
2017-09-08 18:14 - 2017-09-08 18:14 - 000000000 ____D C:\Users\Hoshi\AppData\Local\DarkSoulsMapViewer
2017-09-08 17:54 - 2017-09-08 17:54 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Citor3 Entertainment Studio Oy
2017-09-08 17:40 - 2017-09-08 17:40 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\STUDIO MORI
2017-09-08 12:24 - 2017-09-08 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clive Barkers Undying [GOG.com]
2017-09-08 09:09 - 2017-09-08 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Suffering [GOG.com]
2017-09-07 11:18 - 2017-09-07 11:18 - 000003908 _____ C:\WINDOWS\SysWOW64\ST5UNST.003
2017-09-07 11:18 - 2017-09-07 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Shock - Enhanced Edition [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlaws [GOG.com]
2017-09-07 10:10 - 2017-09-07 10:11 - 000096730 _____ C:\WINDOWS\TRON 2.0 Killer App Mod Uninstall Log.txt
2017-09-06 15:55 - 2017-09-06 15:55 - 000001151 _____ C:\Users\Hoshi\Desktop\DTLite.exe - Verknüpfung.lnk
2017-09-06 15:03 - 2017-09-06 15:57 - 000000000 ____D C:\Users\Hoshi\Documents\OpenRA
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\Documents\DAZ 3D
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\ProgramData\DAZ 3D
2017-09-06 06:25 - 2017-09-06 06:25 - 000000979 _____ C:\Users\Hoshi\Desktop\DAZ Studio 4.9 (64-bit).lnk
2017-09-06 06:25 - 2017-09-06 06:25 - 000000000 ____D C:\Program Files\DAZ 3D
2017-09-05 20:22 - 2017-09-06 11:48 - 000000000 ____D C:\Users\Public\Documents\My DAZ 3D Library
2017-09-05 20:20 - 2017-09-05 20:20 - 000000000 ____D C:\Users\Public\Documents\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:25 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-09-05 20:19 - 2017-09-05 20:19 - 000000949 _____ C:\Users\Hoshi\Desktop\DAZ Install Manager.lnk
2017-09-05 18:57 - 2017-09-05 18:57 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-09-05 18:55 - 2017-09-05 18:55 - 000000279 _____ C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (2).lnk
2017-09-05 17:50 - 2017-09-05 17:50 - 000001106 _____ C:\Users\Hoshi\Desktop\dosbox.exe - Verknüpfung.lnk
2017-09-01 19:29 - 2017-09-05 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MadOnion.com
2017-08-31 17:51 - 2017-08-31 17:51 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Lighthouse Games Studio
2017-08-29 15:23 - 2017-08-29 15:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Bungie
2017-08-28 17:33 - 2017-08-28 17:33 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Cinemur
2017-08-26 15:31 - 2017-08-26 15:31 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Acid Wizard Studio
2017-08-25 14:34 - 2017-08-22 00:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-25 14:34 - 2017-08-22 00:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-25 14:33 - 2017-08-22 03:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001289840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001007280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-24 16:01 - 2017-08-24 16:01 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Gaikai
2017-08-24 16:00 - 2017-08-24 16:15 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Sony Interactive Entertainment Network America LLC
2017-08-24 16:00 - 2017-08-24 16:00 - 000000000 ____D C:\Program Files\DIFX

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-21 18:36 - 2014-06-26 18:59 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-21 18:34 - 2017-04-14 09:04 - 000000000 ____D C:\Users\Hoshi
2017-09-21 18:33 - 2017-04-14 09:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-21 18:33 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-21 18:33 - 2017-03-18 13:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-21 18:31 - 2017-04-14 09:17 - 006346694 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-21 18:31 - 2017-03-20 06:41 - 003188454 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-21 18:31 - 2017-03-20 06:41 - 000859220 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-21 18:24 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-21 18:17 - 2015-01-30 20:17 - 000000306 __RSH C:\ProgramData\ntuser.pol
2017-09-21 18:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-09-21 18:09 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Spin Driver Vuld
2017-09-21 17:47 - 2015-11-17 21:12 - 000000000 ____D C:\Users\Hoshi\AppData\Local\CrashDumps
2017-09-21 17:40 - 2017-04-14 09:13 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-21 17:40 - 2017-04-14 09:13 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-21 17:40 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-21 17:34 - 2014-03-19 20:22 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\vlc
2017-09-21 06:06 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-21 06:05 - 2017-04-14 09:13 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{91BA399B-E431-49C7-9B9A-A968D8719897}
2017-09-20 19:28 - 2017-04-14 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 17:21 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-20 16:33 - 2014-12-06 17:48 - 000000000 ____D C:\Users\Hoshi\AppData\Local\gtk-2.0
2017-09-20 16:33 - 2014-12-06 17:39 - 000000000 ____D C:\Users\Hoshi\.gimp-2.8
2017-09-20 06:04 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-19 21:08 - 2014-03-30 14:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\TS3Client
2017-09-18 19:11 - 2014-03-15 15:32 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Skype
2017-09-18 18:19 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Programme
2017-09-18 17:35 - 2015-12-13 09:21 - 000000000 ____D C:\Users\Hoshi\AppData\Local\ElevatedDiagnostics
2017-09-18 17:33 - 2014-05-11 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-09-16 14:13 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Games
2017-09-15 19:01 - 2014-03-15 16:33 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\UseNeXT
2017-09-15 18:27 - 2017-05-21 16:47 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Battle.net
2017-09-14 17:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 06:10 - 2016-02-13 19:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-14 06:09 - 2017-04-14 09:03 - 005290080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 20:58 - 2017-03-20 06:41 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 20:57 - 2017-04-29 07:35 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Mixxx
2017-09-13 20:44 - 2014-03-15 17:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 20:43 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 20:43 - 2014-03-15 17:02 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 20:00 - 2014-03-19 18:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\uTorrent
2017-09-13 19:33 - 2016-10-01 09:25 - 000000000 ____D C:\Games
2017-09-13 18:10 - 2016-06-05 13:48 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Origin
2017-09-13 18:09 - 2014-03-15 15:20 - 000000000 ____D C:\ProgramData\Origin
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 18:32 - 2014-05-17 19:23 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-09-12 18:31 - 2014-03-15 16:03 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-09-12 18:16 - 2015-07-03 19:19 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Google
2017-09-12 18:02 - 2014-03-15 16:03 - 000000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-09-12 18:02 - 2014-03-15 14:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-12 16:23 - 2014-03-15 14:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-12 16:23 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-11 20:25 - 2017-02-18 07:18 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Cronus
2017-09-10 19:43 - 2015-05-20 17:19 - 000000000 ____D C:\Users\Hoshi\Documents\The Witcher 3
2017-09-09 19:09 - 2014-03-16 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-09-09 19:09 - 2014-03-15 16:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 11:18 - 2016-04-16 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Gold [GOG.com]
2017-09-07 11:18 - 2014-06-16 17:24 - 000000390 _____ C:\WINDOWS\SysWOW64\ilent
2017-09-07 11:17 - 2017-07-18 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F.E.A.R. Platinum Collection [GOG.com]
2017-09-07 11:17 - 2016-12-16 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redneck Rampage [GOG.com]
2017-09-05 18:57 - 2017-05-23 16:41 - 000002237 _____ C:\Users\Hoshi\Desktop\Discord.lnk
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\discord
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Discord
2017-09-05 18:46 - 2017-07-16 08:25 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Thunder Lotus Games
2017-09-02 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-30 19:57 - 2015-11-02 18:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 05:56 - 2015-07-03 19:19 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 18:17 - 2017-07-19 20:18 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Firestorm
2017-08-26 15:28 - 2017-05-25 16:10 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2017-08-26 10:12 - 2016-03-19 10:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-25 15:05 - 2014-03-22 15:08 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Blizzard Entertainment
2017-08-25 14:35 - 2017-04-14 09:13 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-25 14:35 - 2016-07-07 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-25 14:34 - 2016-03-19 18:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-23 20:41 - 2017-05-16 19:23 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2017-08-23 20:02 - 2014-06-29 18:51 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Funcom
2017-08-23 17:46 - 2014-07-06 19:01 - 000000000 ____D C:\Users\Hoshi\AppData\Local\id software
2017-08-22 03:01 - 2017-04-06 18:29 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-22 03:01 - 2017-04-06 18:26 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-22 03:01 - 2017-04-06 18:26 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-22 01:10 - 2017-04-14 09:04 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-22 01:10 - 2017-04-14 09:04 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-18 20:03 - 2016-07-18 20:03 - 000006144 _____ () C:\Program Files (x86)\com.htc.vive.setup.bilogclient
2015-12-26 23:05 - 2015-12-27 14:56 - 000000297 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Login.ini
2015-12-26 23:06 - 2015-12-27 16:12 - 000001427 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Options.ini
2016-08-14 16:25 - 2016-08-14 16:32 - 000000224 _____ () C:\Users\Hoshi\AppData\Roaming\highScores.txt
2015-09-21 14:52 - 2015-09-21 14:52 - 000000099 _____ () C:\Users\Hoshi\AppData\Roaming\LauncherSettings_live.cfg
2015-09-21 14:44 - 2015-09-21 14:44 - 000010525 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_live.bin
2015-09-21 14:43 - 2015-09-21 14:43 - 000000040 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-11-15 21:03 - 2015-12-02 22:37 - 000003317 _____ () C:\Users\Hoshi\AppData\Roaming\VoiceMeeterDefault.xml
2015-01-30 20:11 - 2016-12-03 10:20 - 000010752 _____ () C:\Users\Hoshi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-09-21 17:44 - 2017-09-21 17:44 - 000024576 _____ () C:\Users\Hoshi\AppData\Local\drtaaf.dll
2017-09-21 17:39 - 2017-09-21 17:39 - 000011568 _____ () C:\Users\Hoshi\AppData\Local\InstallationConfiguration.xml
2017-09-21 17:39 - 2017-09-21 17:39 - 000140800 _____ () C:\Users\Hoshi\AppData\Local\installer.dat
2016-10-19 11:53 - 2016-10-19 11:53 - 000000291 _____ () C:\Users\Hoshi\AppData\Local\ledConfiguration.config
2016-10-19 11:53 - 2016-12-25 12:58 - 000000737 _____ () C:\Users\Hoshi\AppData\Local\NvidiaLEDVisualizer.config
2016-03-15 17:36 - 2016-03-26 20:52 - 000000600 _____ () C:\Users\Hoshi\AppData\Local\PUTTY.RND
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ () C:\Users\Hoshi\AppData\Local\recently-used.xbel
2016-07-31 13:54 - 2017-04-02 16:11 - 000007659 _____ () C:\Users\Hoshi\AppData\Local\Resmon.ResmonCfg
2014-12-23 13:43 - 2014-12-23 13:43 - 000004999 _____ () C:\ProgramData\auqrgqib.ttw
2017-04-14 09:04 - 2017-04-14 09:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-04 09:56 - 2017-05-04 18:25 - 000000257 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-04-08 22:13 - 2017-04-08 22:13 - 000000016 _____ () C:\ProgramData\mntemp

Einige Dateien in TEMP:
====================
2017-09-21 17:38 - 2017-09-21 17:38 - 002633728 _____ (EFGSoft Corporation) C:\Users\Hoshi\AppData\Local\Temp\msclean.exe
2017-07-29 11:05 - 2017-07-19 00:38 - 000758472 _____ (NVIDIA Corporation) C:\Users\Hoshi\AppData\Local\Temp\nvSCPAPI.dll
2017-05-22 18:10 - 2017-08-10 00:21 - 000873136 _____ (NVIDIA Corporation) C:\Users\Hoshi\AppData\Local\Temp\nvSCPAPI64.dll
2017-08-16 17:31 - 2017-08-10 00:21 - 000368576 _____ (NVIDIA Corporation) C:\Users\Hoshi\AppData\Local\Temp\nvStInst.exe
2017-09-21 17:36 - 2017-09-21 17:37 - 006112768 _____ () C:\Users\Hoshi\AppData\Local\Temp\s2s.exe
2017-09-21 17:39 - 2017-09-21 17:41 - 010466209 _____ (                                                            ) C:\Users\Hoshi\AppData\Local\Temp\sg3.6.0.0.exe
2017-08-10 16:55 - 2017-08-10 16:56 - 000337920 _____ () C:\Users\Hoshi\AppData\Local\Temp\SkypeSetup.exe
2017-09-21 17:38 - 2017-09-21 17:38 - 001199825 _____ () C:\Users\Hoshi\AppData\Local\Temp\unins000.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-15 14:00

==================== Ende von FRST.txt ============================
         

Alt 21.09.2017, 18:51   #2
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition_1
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017
durchgeführt von Hoshi (21-09-2017 18:39:31)
Gestartet von C:\Users\Hoshi\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-14 07:15:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1299527896-1211748070-1707534253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1299527896-1211748070-1707534253-503 - Limited - Disabled)
Gast (S-1-5-21-1299527896-1211748070-1707534253-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1299527896-1211748070-1707534253-1002 - Limited - Enabled)
Hoshi (S-1-5-21-1299527896-1211748070-1707534253-1000 - Administrator - Enabled) => C:\Users\Hoshi
Mcx1-HOSHI-PC (S-1-5-21-1299527896-1211748070-1707534253-1005 - Limited - Enabled) => C:\Users\Mcx1-HOSHI-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Chair in a Room: Greenwater (HKLM\...\Steam App 427760) (Version:  - Wolf &amp; Wood Interactive Ltd)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)
Aeon (HKLM\...\Steam App 543390) (Version:  - Illusion Ranger)
Agents of Mayhem (HKLM\...\Steam App 304530) (Version:  - Deep Silver Volition)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Aliens vs. Predator (HKLM-x32\...\Steam App 10680) (Version:  - Rebellion)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{AFADB5DC-3ABC-421F-9DAD-BDABE511258B}) (Version: 4.0.51117.1 - Microsoft Corporation)
Arizona Sunshine (HKLM\...\Steam App 342180) (Version:  - Vertigo Games)
Art of Fight (HKLM\...\Steam App 531270) (Version:  - Raptor-Lab)
Assetto Corsa (HKLM\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Axiom Verge (HKLM\...\Steam App 332200) (Version:  - Thomas Happ Games LLC)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Battlezone (HKLM\...\Steam App 312650) (Version:  - Rebellion)
Beyond Good and Evil (HKLM-x32\...\Uplay Install 232) (Version:  - Ubisoft)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
Bullets And More VR - BAM VR (HKLM\...\Steam App 525640) (Version:  - Koenigz)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Infinite Warfare (HKLM\...\Steam App 292730) (Version:  - Infinity Ward)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\1207659191_is1) (Version: 2.1.0.9 - GOG.com)
Cloudlands : VR Minigolf (HKLM\...\Steam App 425720) (Version:  - Futuretown)
Cmoar VR Cinema (HKLM\...\Steam App 527160) (Version:  - Cmoar Studio)
Comedy Night (HKLM\...\Steam App 665360) (Version:  - Lighthouse Games Studio)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Conarium (HKLM\...\Steam App 313780) (Version:  - Zoetrope Interactive)
Connect (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.5.1.84 - MAGIX Software GmbH)
CoolSoft VirtualMIDISynth 1.14.1 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.14.1.0 - CoolSoft)
Cronus PRO 1.20 (HKLM-x32\...\Cronus PRO) (Version: 1.20 - CronusMAX Team)
CtrlAltStudio-Viewer-Alpha (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Alpha) (Version: 1.2.6.43412 - CtrlAltStudio)
Cyberduck (HKLM-x32\...\{27F61226-4F73-4617-BEDF-DBCB5C6D35D3}) (Version: 5.0.3.20504 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{be4c3b9a-7362-4e8b-a310-225db8ff97d6}) (Version: 5.0.3.20504 - iterate GmbH)
Dangerous Golf (HKLM\...\Steam App 405500) (Version:  - Three Fields Entertainment)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version:  - Double Fine Productions)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.71) (Version: 1.1.0.71 - DAZ 3D)
Dead Effect 2 VR (HKLM\...\Steam App 646200) (Version:  - BadFly Interactive, a.s.)
DeliPlayer (HKLM-x32\...\DeliPlayer2) (Version:  - )
Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
Discord (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Discord (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Discord) (Version: 0.0.298 - Discord Inc.)
DivX Pro 6.8.0 VFW (HKLM-x32\...\divx650vfw_is1) (Version: 6.8.0.14 - )
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Duck Season (HKLM\...\Steam App 503580) (Version:  - Stress Level Zero)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Elgato Game Capture HD (64-bit) (HKLM\...\{C59BB2DE-E483-4704-976C-652E38DB62A0}) (Version: 3.00.111.1111 - Elgato Systems GmbH)
Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version:  - Frontier Developments)
Epic Games Launcher (HKLM-x32\...\{FC1F25AF-C8BB-404E-B15F-1B12CAB98E7F}) (Version: 1.1.96.0 - Epic Games, Inc.)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
EVERSPACE™ (HKLM\...\Steam App 396750) (Version:  - ROCKFISH Games)
F.E.A.R. Platinum Collection (HKLM-x32\...\1423058413_is1) (Version: 2.0.0.6 - GOG.com)
Fast Action Hero (HKLM\...\Steam App 534000) (Version:  - Sirius Sam)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Firebird 2.5.2.26540 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Firestorm-Release (HKLM-x32\...\Firestorm-Release) (Version: 5.0.1.52150 - The Phoenix Firestorm Project, Inc.)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.1.119 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.21.610 - Digital Wave Ltd)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Full Throttle Remastered (HKLM\...\Steam App 228360) (Version:  - Double Fine Productions)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
G4E (HKLM-x32\...\{D42540BE-EB5A-9420-8101-6D87DCDACD9E}) (Version: 1.7 - UNKNOWN) Hidden
G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version:  - )
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Ghost Town Mine Ride & Shootin' Gallery (HKLM\...\Steam App 459010) (Version:  - Spectral Illusions)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth VR (HKLM\...\Steam App 348250) (Version:  - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GORN (HKLM\...\Steam App 578620) (Version:  - Free Lives)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HCS VoicePacks Deutsch AURORA version 2.0 (HKLM-x32\...\{D53FEFBB-C717-403A-8246-D8F2BFC507DA}_is1) (Version: 2.0 - HCS VoicePacks Ltd)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Hellblade: Senua's Sacrifice (HKLM\...\Steam App 414340) (Version:  - Ninja Theory)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Island 359 (HKLM\...\Steam App 476700) (Version:  - CloudGate Studio, Inc.)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Job Simulator (HKLM\...\Steam App 448280) (Version:  - Owlchemy Labs)
John Wick Chronicles (HKLM\...\Steam App 382360) (Version:  - Starbreeze Studios)
Karnage Chronicles (HKLM\...\Steam App 611160) (Version:  - Nordic Trolls)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.66 (HKLM-x32\...\lavfilters_is1) (Version: 0.66 - Hendrik Leppkes)
Layers of Fear (HKLM-x32\...\Steam App 391720) (Version:  - Bloober Team SA)
Lethal VR (HKLM\...\Steam App 532270) (Version:  - Three Fields Entertainment)
Lethe - Episode One (HKLM\...\Steam App 407780) (Version:  - KoukouStudios)
Lockdown: Stand Alone (HKLM\...\Steam App 513270) (Version:  - Viversion)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MAGIX Common Components 1 (HKLM-x32\...\{7A8B2204-574B-42A2-A3DC-52AE142D197F}) (Version: 1.2.0.0 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 1 (HKLM-x32\...\{3859AC53-3C30-4885-AA6B-5DAC442AC871}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fonts Package 2 (HKLM-x32\...\{BCE30F6A-D172-4A2A-94FC-65B6749FDBC7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{81F7511B-CB79-40CB-B173-35292038A84D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\MX.{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\MX.{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\MX.{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\MX.{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\MX.{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\MX.{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\MX.{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (HKLM\...\{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\MX.{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\MX.{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{310EA489-7C68-407E-A246-D600398647F8}) (Version: 15.0.0.107 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{7751963F-7D88-4626-BEFE-9A848F7400B4}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{AA6874A6-C7EB-42D5-B434-A86B75E00F32}) (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{D02B20D4-DA3E-4542-ADFD-D2B0BC8A1E84}) (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\MX.{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\MX.{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\MX.{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel's Guardians of the Galaxy: The Telltale Series (HKLM\...\Steam App 579950) (Version:  - Telltale Games)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.8 - Electronic Arts)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62607.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62607.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mindshow (HKLM\...\Steam App 382000) (Version:  - Mindshow, Inc.)
Mirror's Edge™ Catalyst (HKLM-x32\...\{12228a0d-f6ad-4691-82af-d2c643424468}) (Version: 1.0.3.47248 - Electronic Arts)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Monster Maze VR (HKLM\...\Steam App 543600) (Version:  - 4 Fun Studio)
Mozilla Firefox 55.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH)
Music Maker Update (HKLM\...\{6B088B33-748B-4AFD-B6D1-841F298B5D52}) (Version: 25.0.2.44 - MAGIX Software GmbH) Hidden
My Game Long Name (HKLM\...\UDK-6a43523d-137c-4ffe-8432-fea0f9ad936e) (Version:  - Epic Games, Inc.)
Nature Treks VR (HKLM\...\Steam App 587580) (Version:  - John Carline)
Nero Burning ROM 2014 (HKLM-x32\...\{AB51F94A-8AA0-4F96-81B1-0446BA681083}) (Version: 15.0.02700 - Nero AG)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version:  - Infinitap Games)
NewBlue ActionCam Package (HKLM-x32\...\NewBlue ActionCam Package) (Version: 1.0 - NewBlue)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
NewBlue Titler Pro Express For Magix (HKLM\...\NewBlue Titler Pro Express For Magix) (Version: 1.0 - NewBlue)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
nGlide 1.03 (HKLM-x32\...\nGlide) (Version: 1.03 - Zeus Software)
NightCry (HKLM\...\Steam App 427660) (Version:  - Nude Maker)
Nock: Hidden Arrow (HKLM\...\Steam App 525210) (Version:  - CodeBison Games)
NoLimits 2 Roller Coaster Simulation (HKLM\...\Steam App 301320) (Version:  - Ole Lange)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Grafiktreiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA LED Visualizer 1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.LEDVisualizer) (Version: 1.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Observer (HKLM\...\Steam App 514900) (Version:  - Bloober Team SA)
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
One Unit Whole Blood (HKLM-x32\...\1207658856_is1) (Version: 2.1.0.24 - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Outlast 2 (HKLM\...\Steam App 414700) (Version:  - Red Barrels)
Outlaws (HKLM-x32\...\1425302464_is1) (Version: 2.1.0.11 - GOG.com)
Overload (HKLM\...\Steam App 448850) (Version:  - Revival Productions, LLC)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paranormal Activity: The Lost Soul (HKLM\...\Steam App 467660) (Version:  - VRWERX)
Pavlov VR (HKLM\...\Steam App 555160) (Version:  - davevillz)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Pierhead Arcade (HKLM\...\Steam App 435490) (Version:  - Mechabit Ltd)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pool Nation VR  (HKLM\...\Steam App 269170) (Version:  - Cherry Pop Games)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Prey (HKLM\...\Steam App 480490) (Version:  - Arkane Studios)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.467.1 - proDAD GmbH)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project CARS (HKLM\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PS4 Remote Play (HKLM-x32\...\{079C8DC3-767F-46CF-B871-14D21FCC2890}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Quantum Break (HKLM\...\Steam App 474960) (Version:  - Remedy Entertainment)
Quell 4D (HKLM\...\Steam App 534230) (Version:  - Rubycone)
Quest 5.6.1 (HKLM-x32\...\Quest_is1) (Version: 5.6.1 - Alex Warren)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Raw Data (HKLM\...\Steam App 436320) (Version:  - Survios)
Realms of the Haunting (HKLM-x32\...\Realms of the Haunting_is1) (Version:  - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity)
Redneck Rampage Collection (HKLM-x32\...\1207658674_is1) (Version: 2.1.0.12 - GOG.com)
Redout (HKLM\...\Steam App 517710) (Version:  - 34BigThings srl)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-388E-4359-A6DB-DA1000048401}) (Version: 1.0.0004.132 - CAPCOM U.S.A, INC) Hidden
Return to Castle Wolfenstein (HKLM-x32\...\1441704976_is1) (Version: 2.0.0.2 - GOG.com)
Revive Dashboard (HKLM-x32\...\Revive) (Version:  - )
Rez Infinite (HKLM\...\Steam App 636450) (Version:  - Monstars Inc.)
Rick and Morty: Virtual Rick-ality (HKLM\...\Steam App 469610) (Version:  - Owlchemy Labs)
Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version:  - Crystal Dynamics)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version:  - Antimatter Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{6A7F37C9-1E37-3A9A-93D4-09BBEB4BD343}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
Secret World Legends (HKLM\...\Steam App 215280) (Version:  - Funcom)
Serious Sam VR: The First Encounter (HKLM\...\Steam App 552450) (Version:  - Croteam VR)
Shadow Warrior 2 (HKLM\...\Steam App 324800) (Version:  - Flying Wild Hog)
SHOUTcast DNAS (remove only) (HKLM-x32\...\SCDNAS) (Version:  - )
Sin (HKLM-x32\...\Sin) (Version:  - )
Sin Gold (HKLM-x32\...\GOGPACKSINGOLD_is1) (Version: 2.0.0.9 - GOG.com)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM-x32\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Soldier of Fortune - Community Edition 6.1 (HKLM-x32\...\Soldier of Fortune - Community Edition 6.1) (Version:  - )
Sonic Mania (HKLM\...\Steam App 584400) (Version:  - Christian Whitehead)
Soundscape VR (HKLM\...\Steam App 636930) (Version:  - Groove Science)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version:  - )
Space Hulk: Deathwing (HKLM\...\Steam App 298900) (Version:  - Streum On Studio)
Spirits of Xanadu (HKLM-x32\...\Steam App 312230) (Version:  - Good Morning, Commander)
Spotify (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spotify (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ II Closed Alpha (HKLM-x32\...\{d32f9b53-3a06-4720-bc64-c56f0fe8256a}) (Version: 1.0.0.0 - Electronic Arts)
STASIS (HKLM\...\Steam App 380150) (Version:  - THE BROTHERHOOD)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteamDolls VR Demo (HKLM\...\Steam App 528690) (Version:  - The Shady Gentlemen)
STRAFE® (HKLM\...\Steam App 442780) (Version:  - Pixel Titans)
Strife: Veteran Edition (HKLM-x32\...\Steam App 317040) (Version:  - Rogue Entertainment)
SUPERHOT VR (HKLM\...\Steam App 617830) (Version:  - SUPERHOT Team)
SVRVIVE: The Deus Helix (HKLM\...\Steam App 509540) (Version:  - SVRVIVE Studios)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Tales from the Borderlands (HKLM\...\Steam App 330830) (Version:  - Telltale Games)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Terminator Future Shock + SkyNET version 1.0 (HKLM-x32\...\{AC9D63E6-A090-49E3-95CA-9CAA6706AEAF}_is1) (Version: 1.0 - Bethesda Softworks)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Brookhaven Experiment (HKLM\...\Steam App 440630) (Version:  - Phosphor Games)
The Chronicles of Riddick - Assault on Dark Athena (HKLM-x32\...\GOGPACKRIDDICK_is1) (Version: 2.0.0.10 - GOG.com)
The Gallery - Episode 1: Call of the Starseed (HKLM\...\Steam App 270130) (Version:  - Cloudhead Games ltd.)
The Klub 17 (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Klub-7) (Version: 7.5.0 - Team WRK17)
The Klub 17 (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Klub-7) (Version: 7.5.0 - Team WRK17)
The Lab (HKLM\...\Steam App 450390) (Version:  - Valve)
The Solus Project (HKLM\...\Steam App 313630) (Version:  - Hourences)
The Suffering (HKLM-x32\...\1268478205_is1) (Version: 1.0.1 - GOG.com)
The Unwelcomed (HKLM\...\Steam App 504560) (Version:  - The Unwelcomed Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
theBlu (HKLM\...\Steam App 451520) (Version:  - Wevr, Inc.)
TheWaveVR (HKLM\...\Steam App 453000) (Version:  - TheWaveVR)
Thief 3 Sneaky Upgrade SDB (HKLM\...\{61271900-d6b0-4da5-801b-7127a8713df1}.sdb) (Version:  - )
Thief 3 Sneaky Upgrade version 1.1.5.2 (HKLM-x32\...\{6787B847-DE1D-4B75-AF7F-9F0B0FF9E59E}_is1) (Version: 1.1.5.2 - )
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.9 - Electronic Arts, Inc.)
Tormentum - Dark Sorrow (HKLM\...\Steam App 335000) (Version:  - OhNoo Studio)
TrackMania² Canyon (HKLM\...\Steam App 228760) (Version:  - Nadeo)
Trapcode Suite 64-bit (HKLM\...\{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
TypeScript Power Tool (HKLM-x32\...\{7FBEE165-A653-4B2A-A93A-4643794E22A8}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{D7C8A95B-B1EE-43B1-837D-C73D1321FEBA}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ulead MediaStudio Pro 8.0 (HKLM-x32\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Ultima Underworld 2 (HKLM-x32\...\1207662473_is1) (Version: 2.1.0.20 - GOG.com)
Ultimate Booster Experience (HKLM\...\Steam App 499620) (Version:  - GexagonVR)
Uninvited: MacVenture Series (HKLM\...\Steam App 343810) (Version:  - Zojoi)
Unknown Pharaoh (HKLM\...\Steam App 576100) (Version:  - 4 Fun Studio)
Unreal Gold (HKLM-x32\...\1207658679_is1) (Version: 2.1.0.6 - GOG.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Vanishing Realms (HKLM\...\Steam App 322770) (Version:  - Indimo Labs LLC)
Vasco da Gama 9 HD Essential (HKLM-x32\...\{132A1B32-8C6A-416C-B7FB-7D4CD54C18DE}) (Version: 9.00.0000 - MotionStudios)
Vertigo (HKLM\...\Steam App 465430) (Version:  - Zach Tsiakalis-Brown)
Virtual Desktop (HKLM\...\Steam App 382110) (Version:  - Guy Godin)
Virtual Desktop Service (HKLM\...\{2F1A2C04-7695-47E1-B69E-B2B5B2038C39}) (Version: 1.5.1 - Guy Godin)
Visual Basic 5.0 (C:\WINDOWS\system32\) #3 (HKLM-x32\...\ST5UNST #3) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #4 (HKLM-x32\...\ST5UNST #4) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #5 (HKLM-x32\...\ST5UNST #5) (Version:  - )
Visual Basic 5.0 (C:\Windows\system32\) (HKLM-x32\...\ST5UNST #2) (Version:  - )
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
Vita 2 (HKLM\...\{39B956AD-00E8-4561-B6CC-7E91BDEDB0AF}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Concert Grand LE (HKLM\...\{0501DF32-8054-41E0-A1D1-B6BEAB54CACF}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Drum Engine (HKLM\...\{E5494279-4C0C-4220-9B41-A6BC89D6A92E}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Electric Piano (HKLM\...\{D14FE00B-0E75-462A-936A-C9483A20D0D0}) (Version: 1.0.2.0 - MAGIX Software GmbH) Hidden
Vita Power Guitar (HKLM\...\{69F05894-87A2-4E92-A6E3-EE8937D09CC0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceAttack version 1.5.12 (HKLM-x32\...\{D6EDF6DB-029E-4A34-A3A0-D960CB0FCB2A}_is1) (Version: 1.5.12 - VoiceAttack.com)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
vorpX (HKLM-x32\...\{C136D0CC-9077-4979-801E-6B5A956EED6A}_is1) (Version: 17.1.3.0 - Animation Labs)
VRporize - VR FPS (HKLM\...\Steam App 498970) (Version:  - Mercury Aerospace Industries)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Waltz of the Wizard (HKLM\...\Steam App 436820) (Version:  - Aldin Dynamics)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wheel of Time (HKLM-x32\...\Wheel of Time) (Version:  - )
White Night (HKLM-x32\...\Steam App 301560) (Version:  - OSome Studio)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windlands (HKLM\...\Steam App 428370) (Version:  - Psytec Games Ltd)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xara 3D Maker 7 (HKLM-x32\...\{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.415 - Xara Group Ltd) Hidden
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
         
__________________


Alt 21.09.2017, 18:52   #3
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition_2
Code:
ATTFilter
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> Keine Datei
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {08060686-DA7A-4F81-903F-5EF5846EBC46} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {10FB4821-8293-4FB8-93AC-ED877096D358} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {15CEA677-3D1C-403A-8EE5-9C536AE36655} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {25D5A32A-8909-4F96-8028-6E97C19E9277} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {3356136B-5DA8-4E2C-94F1-D934C3FFD02A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33D241F7-FCC1-4696-BA50-24F80B532744} - System32\Tasks\{EA0A359E-2C55-46AC-83DB-0F986B25B53B} => C:\Windows\system32\pcalua.exe -a E:\WMEncoder64.exe -d E:\
Task: {39B3A4D0-967A-4B83-8FAE-BFC9CCF78C7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {3C768F76-478B-4129-836E-66BBD535DF4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CA1C205-5779-4D65-9B79-03CA693A49ED} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [2017-05-10] (MAGIX Software GmbH)
Task: {3DEA7F3E-A5EB-45F0-9421-D9F66008ED63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {3F26B3E2-B93D-49BD-BC7E-5F720B51C994} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {415F7118-E84D-43AD-B678-2809A265ACDD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {520A4ED2-9B29-4873-B2CA-FEA9273674C4} - \{4DD1B416-1A2D-4675-A6D6-8083878E9DE3} -> Keine Datei <==== ACHTUNG
Task: {52FD4488-82FE-4FC3-A835-7330FDE39B8B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58E0F5EB-6F42-4B37-A50A-952C0182547B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A2D88F9-D511-4485-A81D-E9539F5865C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D12D0DE-7C2D-43EB-88A7-25C081D80C44} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6509C4C3-BDFD-4861-ABD9-95C391A5DA45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {674D3F7E-07C8-42A4-AD10-F21331870E05} - \Red Giant Link -> Keine Datei <==== ACHTUNG
Task: {67D99D18-6635-4D3E-869B-A89F58F4E0BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {6A9B91BB-C2E4-43F0-A903-2F8119DDC143} - System32\Tasks\Spin Driver Vuld => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Spin Driver Vuld\Spin Driver Vuld.dll",Nejpqk <==== ACHTUNG
Task: {6ACACBFB-34D5-4E50-99F6-7C2E8F65870B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {6DFFA0FA-204A-4DB6-A32D-36551F60CD88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {71CC4BE9-738E-4546-A312-5370DAC238D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {72C2654C-0345-4427-92A1-203E5906A350} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {73233123-6EEE-441F-ACD7-AC9AC6C2D30B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\Users\\Hoshi\\AppData\\Roaming\\ErrorReporting\\ermgr.exe
Task: {7EE287C4-2286-41C0-8590-B925FB2DD061} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {802BD126-ED9C-4502-8D98-7D2D98679DE2} - System32\Tasks\jJKowXmxzIFxIuj2 => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {8426F389-7EEE-48D3-86F8-A0B7F68C0351} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8A11B9D7-5D1C-41EA-B4D4-112D27F98D33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {9502FC37-4BF3-4187-97DB-BB885F817B28} - System32\Tasks\{540C4F0A-AFE9-41B0-8BED-770ADCAFCFDD} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/de/abandoninstall?page=tsMain
Task: {97496AF1-1EE8-4D66-924B-88673C3D7419} - System32\Tasks\jJKowXmxzIFxIuj => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {99A9C2AC-D3E0-4337-B0E6-3AFB38E4A179} - System32\Tasks\f371379892038d205abbfa586a4788d0 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1" <==== ACHTUNG
Task: {9F4B56CC-50E0-44AF-946B-932FF1BB8876} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {ADEAE2A2-DBBC-4FEA-AE2B-1ACCCCA9F22C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B2170479-C9ED-4E5A-BC64-4F7CA71C8180} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B265853E-1EB9-4490-8346-026981D861F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B689586B-9669-4E4E-84F2-2174ACB35C72} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {B7290E7F-96E2-49E1-94BC-17D8FC712ACF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF0E8690-E916-421C-925C-8EF2FB370D68} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {CCEA5BF9-67E9-44F9-8750-250CB46A4824} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {CFFD267D-0E96-4AE1-B8E2-62A0C9DF92B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {D61F55A8-B0BB-4781-80FD-8F7B16E7EA4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E025C148-A5D4-4254-AAA8-1B4360B2374B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)
Task: {E6B257D7-040D-4610-AFE5-4256956C9B14} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAE39C83-0CAA-4312-907A-1243969BAB66} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {ED55E21A-57DB-4591-8F95-58F0658945D4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F1879657-BA06-438A-82B8-D2379034C86A} - System32\Tasks\LSjUFtTofwjkxN => rundll32 "C:\Program Files (x86)\ICBaloCIDxXU2\MUWtfQsPOcBXV.dll",#1
Task: {F2A52317-F2C1-4630-87BC-E12B2FFC7496} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5132FA3-CAD1-4315-BF63-D7542912C7C7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F75A3443-BF9D-4B1D-BAB0-DA6B05C232BC} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HOSHI-PC => C:\WINDOWS\ehome\McxTask.exe
Task: {F81964E0-FEBD-4F08-A908-0ED367B4B50C} - System32\Tasks\0z8qp1lfDt => C:\Program Files (x86)\mML019nslc\updengine.exe <==== ACHTUNG
Task: {FC7911CA-4CA6-4249-A2B5-D3C065E61A89} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC8098E2-47F8-48D3-A990-2172097B9ABA} - System32\Tasks\{1B9BAEFE-CA33-481C-8FAF-AF1A3509FC73} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\Battlefield - Bad Company 2\Cleanup.exe" -c uninstall_game -autologging

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\jJKowXmxzIFxIuj.job => C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\Hoshi\Desktop\Games\InLucysEyes.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\InLucysEyes\InLucysEyes.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\Desktop\Games\TenebrisLake.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\TenebrisLake.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-07-19 21:54 - 2017-07-19 21:54 - 000330208 _____ () C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
2014-12-26 23:05 - 2011-07-28 18:06 - 000297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-07-12 16:13 - 2017-07-07 08:15 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-07-12 16:13 - 2017-07-07 08:15 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-26 23:05 - 2011-07-27 12:53 - 000360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2017-09-21 17:41 - 2017-09-21 17:44 - 000004608 _____ () C:\WINDOWS\system32\mispaced.dll
2014-03-15 14:20 - 2013-09-03 17:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:98353363 [132]
AlternateDataStreams: C:\Users\Hoshi\AppData\Local\Temp:$DATA [16]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\skype.com -> hxxps://apps.skype.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-09-07 10:11 - 000000027 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\desktop-hintergrund.bmp
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\desktop-hintergrund.bmp
HKU\S-1-5-21-1299527896-1211748070-1707534253-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-80-3238277391-1891473654-1195688043-4149050645-2494734967-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: LogitechQuickCamRibbon => "D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe" /hide
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "HTC Store User Content Helper"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{BA585EE1-A7F9-49C7-88D7-522B7C9DC59D}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{E0DC3C0F-8A5A-4950-B29C-A9CC62B6E5CA}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{702407FC-570B-48B7-B575-F088B82F5FD7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DEEF9EE1-3254-466A-98B9-C6EF05212ACD}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [UDP Query User{19C290C3-9D18-4F16-B042-EFF275DA013C}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [TCP Query User{A632B5B6-D96A-4EA2-A892-8626A8AF81A8}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [UDP Query User{1E455C75-FB8D-483B-91A4-B8C11BE4C869}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [TCP Query User{813295F7-78FC-4553-AC43-715C5B7879F5}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [{3C3D2E69-5741-4D9C-8BA6-F881ECC18C21}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AA3B8C49-6083-48B9-AE89-19BC7C9097E3}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AC96AE27-8529-497D-8B66-FCC05C1371F3}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{A7801E9D-E656-4A15-A6D0-32B372633B3A}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{F90A37A4-FB13-402B-B550-8F4E250A6235}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{003666E4-1942-464C-8684-9E3839ACA7ED}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{5D395514-FDFF-41A2-9CD5-AEF110564C5E}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{DD6D3136-65A5-46F7-B3F2-9309062D411C}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{6B0A2104-10B4-44D9-83FF-602956979021}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{2EA87923-BA90-4961-B89D-8193B1BA93B7}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{4C28E660-F41C-4E65-BE80-7BCCA081576B}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{97BEA2F2-001B-4D94-A00B-9C1B06EBD466}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{E97CCF0D-855F-4E08-91CD-B3B76D5ECE85}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{ADA15F69-55DB-43BD-8F88-F6183D6DCE81}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{E0CEF3DC-4FAE-458D-9748-B22736715E69}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [{9813278E-1BE2-419A-BF40-0A0AFC5DE0FC}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [UDP Query User{1FDBA183-7457-486A-8B59-C110F9C0AA2B}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{DFF78058-8AF5-447D-9241-DAAD9F1A1678}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{4223108D-1598-41A0-9C7D-C98C2C7E8CF0}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{D6FE4E3D-1689-4D1C-8769-66E136EB5BFD}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{07F2908B-71B8-4032-8FCA-9B9F60CD886D}] => (Allow) OVRServer_x64.exe
FirewallRules: [{68A4192E-0BCE-4E38-B01C-7D04950BB40B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{0F30DC54-5C6A-4862-9E20-9CA261B83F8B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{4806CE95-7DBE-4F03-9E01-0E8C5E15CE1B}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{9B495424-3E3E-48C7-9734-B427D7AA5148}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{56D51920-A5CD-4085-B0AE-E21ED31050B7}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{778CDE73-7D13-4DAC-A715-F9998C193F4C}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{16FBA39D-A8FB-4368-AE02-748CFDC4C0BB}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{8F1A9D38-4640-4CAE-B1B3-6B1659F740EE}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{DE830C2D-2792-4793-B8C3-03EE4268374A}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{69B2D7B0-0B35-4D67-870F-B80D5DA11976}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{C02F1FD2-BE14-4B1D-820D-88F3FB6CADED}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{349FF32B-00CD-4466-BD48-49EC3ECF16E1}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{67B64759-2152-491A-B7FD-5F2D77A134C5}] => (Allow) OculusClient.exe
FirewallRules: [{B354CDB8-59FB-4AD5-B91B-1FE9E59160DA}] => (Allow) OculusClient.exe
FirewallRules: [{1E2E29D8-EDB5-4745-9273-0E2B44C2BA12}] => (Allow) OculusVR.exe
FirewallRules: [{B3B70576-2AA5-479D-BB33-ED66BF047058}] => (Allow) OculusVR.exe
FirewallRules: [{BD2E0371-BC51-40C5-8AC5-994147DFF03C}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{70CC2275-610A-4F6B-BD23-E5BFA14550B0}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{A3E91647-CBBA-4C2A-8966-4A9D1953C275}] => (Allow) OVRServer_x64.exe
FirewallRules: [{CFC50AAE-31A2-464D-B8EC-1440BC8AF75F}] => (Allow) OVRServer_x64.exe
FirewallRules: [{5DDA393E-C726-404A-B6BE-C81B852BE85E}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{AE7789AE-2746-4886-8A8C-0A9611145455}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{C0FA4152-1304-4909-9983-0E0B4DF8231E}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{F0B60581-18FA-4DA4-A857-7074717EFEB2}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{36C15119-7D97-4269-8318-0A54BF0699CE}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{15EFFFD8-2995-4D7A-8A1D-D55F0FBD3F00}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [UDP Query User{1F46EB63-73BB-49B7-B16A-AAABA83463D3}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [TCP Query User{DF38C388-6EF5-40E2-ABB5-7A7806CB462F}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [{2EC97B86-1219-49A0-A7A2-7391D7E3E416}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{4D349B1F-5DAA-4F16-B516-B91CF9D6E1C3}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{333A85DC-E692-4A7C-AC1E-923930542B8D}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{0A0E4521-8BE0-499A-A7CC-2D14A50E7945}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{FDAD1FE0-97EC-4D00-97CF-48EB0C58EF09}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{40561B9E-A123-4908-B83A-3C88C57B5391}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{CC04E9D0-241D-4D79-A268-A88497F20AD3}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [{2EECEE85-CFEE-4509-9F24-B1B03D3EE827}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [UDP Query User{45EB9ED9-0CAA-453D-B4D9-06B7B2FEBB5C}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{800CB73E-7CA2-463E-8EE9-3C87FF3734FA}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [UDP Query User{50A12DFF-801A-4AF4-9920-7E5B463506CD}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [TCP Query User{54606CA1-DA6B-4AF5-967A-E12F76C20ABC}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [{BF733EBD-02BE-4B5C-8C19-2FA8AF6ADEB7}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{B673414B-67A0-4DE7-8BA7-4910EA606C90}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{9FC42CE6-3FA4-466E-B7B5-E497154C3240}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{53723693-0DAF-4DE7-9B73-9154E45330ED}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{DBD75664-BE69-4222-985F-4C52ACDD34DA}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{3FB2591D-93B5-4808-AD14-D34BBF3C9876}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{291A965C-E12B-4661-B704-83E8743BB52C}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{9E376CE6-426A-4E7E-B116-65B088452225}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{43037CC1-0C70-40A3-8BEA-6392BC9CA3CD}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [{3F8F8D1C-5E0A-4FE8-81D4-0E90A5304A85}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [UDP Query User{2933B71E-AD92-47FB-9833-2943E612033A}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{7C1C116D-BB06-4F08-9FF8-06F1BCAF6231}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{65A88DF4-D55D-4D10-B267-092E4E81595E}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{61AB9D3C-7E2C-498E-B4C0-403D0D38CE33}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{1B64888E-6A42-422E-ADCA-E1AC56995ED7}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{7C71C520-0138-4A51-8DAF-2DC62ACAFFC2}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{53ED8D1A-8BED-457E-AE41-F08A40127E3C}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{BD6E9A75-9511-45A6-BB74-05CD434D17F6}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{DE5A1E59-8DB6-4619-AA85-79AC39691117}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{5695F430-0FE8-48C1-A594-CF8C4FD0704A}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{B5DA8A5E-4D4F-4C20-95F3-6B65B41ACD8E}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A4C7EA8-EA75-4249-8A13-A5DFD9404043}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C96678AE-C5EB-4085-A06B-F142B7C9CF80}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [{0D6113C4-FD38-466D-BA47-3844AB491F38}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [UDP Query User{16FB7109-76B1-49E7-AD78-62CAB08F652C}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [TCP Query User{F31A3F18-2596-450D-B0E2-3D2B785BEF25}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [{5005CEA3-87E3-4E58-9E27-AB3FD75FBC88}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{DE4E352D-3ADD-436E-BAA1-BE95D3987B52}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{2E4E90F2-95CF-425D-8541-030B3D462F85}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{477BC455-D26F-420D-B5FB-7C3F96B3A73D}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{06865A7F-2F3F-4008-AECF-96E39B11738D}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AA3DC80E-C831-4309-B0F4-A176BFF7030C}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AFFA8C04-DCAA-48EC-AE74-2AD45EF733FF}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{2F642C70-E2AE-4442-8001-EA9124030D71}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{4E547210-56DD-436D-AFB6-26132F63F1C3}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [{5AEACF73-9594-4924-9B2E-0EAA5121E625}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [UDP Query User{44EAC687-8C54-4322-8240-F8FB63E03101}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{24758668-2959-4BC3-8E2C-3E9E455E6734}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{5D898310-DB54-49ED-830B-05F242D1F421}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0466309B-407F-4D69-91E6-86BEAFE9DBEB}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{8AEE8D01-CF01-47AE-AD5D-714D7BE7D820}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{342EA1E1-2E21-4A09-8C9D-95D4D0B61526}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{0F13B3E5-0FC1-4D38-A9EC-6B8004EC0738}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{72B3B364-082E-4265-B78D-10FD766E99DB}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{2ED621BB-621E-4F5B-9EEE-2445F798F417}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{38EAF7FD-1387-4B2F-B071-A3050E0E7B52}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41BA33BD-41ED-4667-B5EC-850C760D7EC4}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{96FE98B7-8520-4C4B-889D-95A849A6406C}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{8F614056-23CF-4179-8110-CBF96615B056}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{92DEB061-DDBE-4317-9756-EED6E50B36C1}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{41E6B432-E1F9-4489-B50C-C3CFA89580CB}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{43D853E6-AAA5-4C78-8271-3DE5C476A900}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{3D4D3D55-258A-4452-8354-59A0C9B95BE9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{CF90FD8C-9D02-4F83-87A8-86DE8BF0703E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{3B74ADF1-6A43-4401-AB32-EF15C1D49194}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{4E54BFCF-03A4-4547-A53D-82440801A87A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{260AA3E5-85E1-4FE5-8534-D2CA83BB43AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3EC2834-8773-4B20-A2D9-841BF8179FDF}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{633BF3E0-7616-4F0C-BD34-D7AE38CF71C2}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{F523341D-D024-479A-B1C6-09E174003418}] => (Allow) D:\Programme\MAGIX\Video deluxe 2016 Premium\Videodeluxe.exe
FirewallRules: [{94207D91-6307-48BA-886A-841FBC51410E}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{2F2FD238-9218-4E73-8DA4-6FA41E0506C3}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{F55B01C6-BA46-4D72-BA01-DC0F62B2D9DE}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{4656B89B-E5B0-492F-AA56-97C9CB624605}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [UDP Query User{025F09C2-9AA1-4ADF-A604-9FA5A3FA0A64}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{4AB9BA08-A5C6-4079-9E58-21E9E7D66539}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [{BFF87F05-85B8-4FAB-A7BC-80B7D7ACB251}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{41F30114-6E1E-4DC6-A988-5235C132E4D3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [UDP Query User{09B31CFA-B2D4-4E9C-846A-9E6AE61A437F}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{59421173-7EB5-4508-9C9F-3ED146289E5B}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{32F1DDE8-CC4C-4320-A8A4-1C75F90D4BB4}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [TCP Query User{2B62BCA7-11D4-4AD8-B437-2DE1EAD40A50}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [UDP Query User{241742FE-2949-4E72-81E5-122D323D76F4}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [TCP Query User{009A6B4B-3F84-4965-99B0-AC627E9AB743}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [{410F8931-7BED-4D99-A248-881443D2BA43}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{FAB3AE78-C3C6-4DD4-A657-2D7D3A467C0F}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{B0D3FAB3-C04F-4761-8C97-FA0822243D3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D596AB4C-67A5-4F2C-8910-D45D23F07516}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F7A5C9A-2A1B-4FC7-94F6-93EDAECD75D4}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{17931943-1054-49E9-8E44-15C4ED0E76EC}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{1627D254-2807-47E5-A965-8EF14D291E95}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{372C07F2-7E64-4845-BD0D-18F42729A021}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9EE86F79-EA28-48E7-BDF7-DA3CB5CB0EB2}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{0C0096FD-BC19-4204-9414-C50767846395}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [UDP Query User{E8CCB980-186C-4786-9D43-AAF5F521C015}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{7B0BBD21-DD89-4546-A8E6-92CF642CFF29}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{B4BEBBEE-A2AB-4C62-BA1A-3E947E8618D0}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{F7A90859-ECB9-4126-9CF8-32AEF926581A}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [UDP Query User{118013CC-E8F7-4503-92F8-BED165808AE7}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [TCP Query User{24A0B1AA-132B-4576-965E-6044AAE7FE03}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [{5561E420-4BC8-44A8-9F33-AA239310F2C3}] => (Allow) LPort=41780
FirewallRules: [{EF206F0E-4EAA-4E2E-97A8-722315EF974A}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{92763FF7-CD31-49A4-AD1D-3C59426CE645}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{339CA568-B0BA-476E-8647-E398FD154305}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6AA3EA4-AE5F-4147-9477-C983C17F78B3}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A09E3AB7-BA3F-49B3-A93D-F50DEF8265E6}] => (Allow) D:\Programme\Skype\Phone\Skype.exe
FirewallRules: [{F7C0F58A-218F-41E3-B1F3-5E65CC3A3F50}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{8602E317-6CEA-4200-89BA-4F8E48E3414E}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [TCP Query User{9606A9D6-6A6A-40C7-AE58-17B18A3111E1}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [UDP Query User{48C77771-399E-4E63-BA0F-5C9A89A5F366}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [TCP Query User{549B6F9D-C048-4E95-99A2-3A377AAA0748}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{672FCE63-7931-4363-B2E8-7C5890F947CB}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{444E3619-2165-4B6B-A277-9CC0BC7B53B0}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{48AAD65B-32EF-4142-931D-684DA033FE0D}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{0302EA2C-2C88-4C68-8BC4-C486414C6275}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{655D0F0E-A538-45A5-83ED-0D949E232624}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{55CA69B3-FD1A-4886-909A-0C86C229B07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{595038C8-42B8-42A8-9DF8-1D679DCC7DBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E36AEE6-C7C2-4509-B7D9-1BB0E1F03EB1}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{68BB8839-299B-4D34-A527-FF5F23ED4D04}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{0273119C-7CAF-4396-A5AF-768B82E424E2}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{CACF1BA0-AB61-46E3-A4F6-E3FD55C94A29}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{B63306D8-F01B-4802-A5E9-6F36E2474501}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{22654D19-A692-4892-84F9-A6C46B8C6DAD}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{60339C49-0A25-4CD0-83D0-DEE32E2FDB0B}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{E69CBCFB-4693-4382-AB15-14D323B3B0E1}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{9193D3C6-6FBF-441D-BB2F-0C08BEB4E77C}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [{9DF8030F-3EF7-4A6C-918E-3D3DA0F83D6B}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [TCP Query User{367DB655-BB17-4BC1-AE31-F20ED49E3A88}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [UDP Query User{44C3E241-DED9-4E29-9063-06F33DD095ED}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [TCP Query User{D16373C4-962B-46AE-87F9-922D3DA20533}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [UDP Query User{FBF4100B-242E-4171-930C-AF872ABC032A}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [TCP Query User{4D2FE12B-90B6-4D54-A289-A724E7B95289}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [UDP Query User{D3B9D8DA-2FFC-48E4-82B4-FB2E4BBDCA12}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [{ED38B62B-7340-44D8-ACD2-C203EDDA1151}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [{A5F656B5-3F31-4FFC-BCC4-95FAB832FD48}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [TCP Query User{927C9C71-D614-4C26-B61A-A882E3817A70}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [UDP Query User{227C1F1C-3189-442E-84DC-6CC2E2E3E94B}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [TCP Query User{9D6AA729-9DA7-4763-89DE-52AF6DFC31EF}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{4D15A1ED-0497-41FE-9D0E-FAD00BF9D30E}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{AB34BC04-FF41-4337-9BD5-48D5A1B017E4}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{A54CB64D-E750-414A-A14B-A1C2AA0CC560}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{1771F40C-6EE8-4EA8-BFB0-F8C879A7DA49}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [{425D082B-2A4C-4FC6-8E3C-B11A884517AF}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [TCP Query User{43996D90-1975-4368-BED9-232501810761}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C8F2DE0C-F2D8-4BFB-B7FA-5725E9CA96E2}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C2B64B6A-1A45-4904-B911-8F4163D80E33}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{628C846B-37A4-43FA-8300-C2ABD8505CE3}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{2B306573-B82C-45B6-B744-9BFF24454263}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{02897BD8-93C8-4E39-9236-8581E64CA400}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{4243E46D-D91C-4899-B34D-2D0D9664912D}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{FAE9A318-685E-4CB8-A119-FC59DD4334CF}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{DBC819B9-E417-416A-BA9A-674662BF83AB}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{F20DCC84-A9D8-40AA-AFE7-B206053EDF38}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{6633A870-73F0-4F52-919E-D7A72822C841}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{69BC39B0-41F0-419B-BB20-14A374665975}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{82729D87-7959-4CA7-AA2F-9E5286114411}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [{C9C8859F-6322-41D1-AD05-B11D9DF4B04E}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [TCP Query User{1AA0FBF9-4330-4FF4-85DF-789C47018191}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{473BDA27-3954-4B5C-8221-8377E36B9CD2}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{B6368D2F-877F-4CE7-86EA-42CD059F4519}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{5EE59C3F-2D0D-4CED-840B-2BA998195FCA}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{C586A06C-0DA9-4744-80FD-2C40DC65522C}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{E575F97D-B64E-4E35-B30C-038822ECDED3}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [TCP Query User{69BFF41F-D1C1-4691-9FE1-B6DAE78B9AFD}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [UDP Query User{AD1889AD-5410-4C90-BFB2-372B345CE1D2}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [{8A3B0A28-A44F-4C11-8E0D-3B16592AB8B4}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{945066F8-25B0-4FB2-8A01-FB556A39BF1C}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{5E4A151B-2E94-4040-B1BB-8202B658D7E5}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{E73C3B66-59DC-4ADE-B5B1-0CCB9E5F15F1}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{C9C602B9-4B3D-4FA5-9D6F-61E42E613097}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{FB9ECD72-CABE-4824-9AAB-E4A6F0E35D84}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{EEB40E47-F1C4-4656-9C5C-2FEB1392B4DF}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [{9FCEF941-FA77-4150-BE2B-839A321CA27C}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [TCP Query User{62808090-BA71-4AE1-B049-85362774AAF2}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [UDP Query User{A2D3775C-19DD-4124-819B-5F534032CFA0}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{7F75C914-E50D-40B1-BB92-746FC9CCEDD2}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{D59DAF58-5343-49CB-A91C-6C96689546F1}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{62528508-75BE-47CA-9277-836908DF1719}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{3D3D0C0E-CC29-4785-BD54-CAF08252381C}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{8DC2D8B5-DB4B-40D1-97AE-6D4D2CDA677E}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{EA82A72A-0783-4376-86DE-66D463A97A0C}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{35D7E367-0ED3-4F47-8441-3A6A3F3561DC}] => (Allow) D:\Programme\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{6E0600B2-815E-48A0-B4AD-A5EAB1543BDB}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{7AC56B85-1415-4007-8E96-1361E1FABDE3}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{D95A68C3-537C-40C1-A744-442B4D5879B8}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{EF2BBEFC-1876-4BFA-B930-628D8649EA01}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{5C208156-3201-4BFD-9561-FF74F18CE96D}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [{651B32F7-67BE-427E-AED8-2E8B3D3929B7}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [TCP Query User{F680A4FB-8640-40DB-AED3-5FF14EB3BE73}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [UDP Query User{9D8568A2-6021-4089-A7E5-B899BE3AA6A2}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [TCP Query User{5297F42D-5675-4819-B80D-1F8FE92D8792}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [UDP Query User{52D31D87-A22B-4B4E-AFFB-41D5FE61C3E7}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [TCP Query User{84A070A8-9FCE-4BA1-907C-311A264759F3}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{B261384C-83D2-4BBA-B1CB-1A09E9C005B8}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [{149DCA28-7E08-4F6B-9642-4643C987479B}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{BF0B939D-91E1-4C1A-9C14-D46A9ADB71A3}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{70A71F66-CF4A-4F7D-9E11-A0B39DB3DFBD}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [{B87CA62F-C948-4990-81A5-3C8273F90ECF}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [TCP Query User{733AD380-6942-42B0-96A4-4C928D10A842}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [UDP Query User{4FC4F02E-DA30-4A2F-ADC6-2421F3C86C51}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [{F173D9E2-CFC5-456C-B772-38970156E8B5}] => (Allow) D:\Programme\MAGIX\Video deluxe Premium\2017\Videodeluxe.exe
FirewallRules: [{58565BAD-4103-4768-A22D-6A83399860EE}] => (Allow) D:\Programme\MAGIX\Music Maker\25\MusicMaker.exe
FirewallRules: [{B0F4AF05-3445-4E86-84ED-F9668F3EA52B}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{B6D46762-9437-4F7E-804C-595364ADB56E}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{DD9EDFC0-4384-42B2-99D5-8C17E4DDD7AC}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{A0600D8F-500A-4A44-89C6-282349CAE307}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{536D9FE2-FE06-430D-8696-DC1327D02F34}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{5A496D68-2EF3-43AD-98E3-578B7BA30874}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{B13220B0-F27B-4818-A76B-284143317672}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [{3543073A-B8AB-453D-A4D3-190625845506}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [{69CD8989-CD16-4562-BE3F-0988730932F3}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{CC1CF894-3B6A-4DC2-969F-3509EEE2C8B7}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{2F57496C-28BB-4BA2-B0DC-E8DBBA7A674B}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{3A10685A-A365-481C-8512-71D553076AD1}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [TCP Query User{946362F4-2735-432C-A060-BD80CF30C175}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36F60D16-C06C-4788-8120-C002ADB1A518}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [{50693B02-4980-454A-A2CD-C8AB00019487}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{D76891D4-8F80-44F1-A92E-A0FE7048C49A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{05C68A71-80C1-403E-9342-74CDFA2EB76A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{0BCB9B89-43C3-4687-A311-87DCF4725AC3}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{D61C37A6-ACC2-4494-96D8-897F554884E1}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{AC54F4D6-CCD8-4350-81A7-4122051063DB}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{724031A4-8631-4BA6-9B14-5C43D6C27B7A}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [{4F12E286-9A42-491E-BD48-5BE45805DF6F}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [TCP Query User{63EBF6ED-4320-4FD6-8349-76A314057E9B}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [UDP Query User{89DFC2DE-0D85-469A-8D40-ECEB29072155}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [{F6CFAD45-14D9-4F70-AE82-84915128CE6D}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{EB40392A-35B2-4B49-86CF-EB7327563DF7}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{B5D68DF0-AF23-431D-B345-C5278F6310D2}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{D12E3BDC-FA1F-4993-B187-17D842A92D49}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{EF42FFA6-F63B-4B18-B056-65AED7E3C817}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{949C85A8-693A-4505-9C65-2483077C2F59}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{118F724E-B0C9-484C-AA54-724951D58103}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{639D79C9-CEE6-4D37-9D37-41C7742D6476}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{113DDC4D-4A14-41D5-B79D-9286B9A6DE47}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{2EE7EFEE-59FF-4C8D-9838-2B2B9E00270C}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{5EF4F8B9-60AD-42E1-AB4A-2035E242CEE5}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{C8894B04-9B96-490B-B2F2-A8DA33112482}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{BC6E0C8F-343B-4209-8906-8701893745CD}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{E9AC4963-ED0F-429D-A657-A4247022DEF2}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [TCP Query User{5A22F760-CBCC-4E82-ACA1-F3E13E75C79E}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{97E90E47-6DFE-4D02-B6F7-2D529C9DCF92}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [{6478ACBE-A9BD-4004-99AE-5BC6F47E9A6E}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{78CF89E7-5691-4AD3-ACD0-EA5EF3E3ADB0}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{F994B6B6-3EF4-4BBE-AB52-770328BFBED1}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{FC8B8C65-D63E-454C-B8CA-8E5FEC275AC6}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{DA2A7636-FE20-4A55-8405-38F2A9800092}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{EA799577-B0B7-424D-81CE-CDFA03C9E253}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{2714EDEE-7A10-426D-9FD0-30151409B09B}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{1FEFAA6C-A74C-481F-8428-D872D4DF5A5A}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{943C1A90-26A3-46C8-B75A-6AB5FE4D9C63}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [{07764B6D-4A71-4707-862F-E2FCE2E941CD}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [TCP Query User{7E4F6977-CF90-458B-92F3-F84E646B614E}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [UDP Query User{BAD65C73-1242-446C-A7F2-425E8F1CA7C2}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [{FD6BCDDE-5D4D-4827-B8C0-07C5B6758FA3}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{45C6038B-B8D4-4DF9-8A9A-11BE0F587F4C}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{453D71D6-A585-44FD-85D5-2D73EDFC22B6}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{4BD1F834-69C3-4E05-8297-006053B83D13}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{789904E8-F71E-46A3-9B7B-76616E723997}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [{060AE121-401D-4ACC-8F5A-B5C264428BDC}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [TCP Query User{A10DC358-53EF-4B81-A409-6BE1CDA4CC1B}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [UDP Query User{4DA529DA-158D-45FE-9090-FE15CC0B46D7}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [TCP Query User{EB037A9C-4274-40DA-B348-5751821FEE09}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{64F17405-13C2-4CA1-BE0F-B4B4EBA822B8}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{039CE7D6-8615-4867-9B7D-5D77171CF046}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D5172F7E-49E6-4DDF-9DA9-AF66C81B5A55}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D2F00B33-3AA8-42D5-9B14-C767CFF32944}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [{AB5457CE-D7FE-4B34-B463-B155F14F96BD}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [TCP Query User{B77F38D4-CF61-44FA-BA53-BA1EFB7D5A95}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [UDP Query User{DE476809-6F31-461C-89B2-CFE16D7151EF}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [TCP Query User{70925235-EB3E-41A8-AAEA-F7560E1D8AE9}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [UDP Query User{BB5A0FCE-F704-4643-91FA-E3AEF49E2C0C}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [{E3DCA5F5-CFB9-49E6-A6D2-1E04C6C5BE44}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{8AC401C8-0D9E-486D-AD97-16F5B10C104D}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{1C79891E-9065-4FC7-BFEB-6D285BEED6DD}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{085103B3-52BB-4322-9116-5F92D990C16D}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{28C28A74-2BF9-4BBA-8801-DBE9B3113DD3}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{9BE9FEF8-B749-421F-AC97-368EC7D7282E}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{F2850B57-519D-46CA-A1C2-6C613C0B0F3A}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{15886ADE-5178-4380-ADAB-65B3A03C449F}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{5707A4E9-4AB0-4ADC-95A6-8891A2D6147B}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{F4D66E58-5638-4F67-8A31-62AEA5572057}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [TCP Query User{8324771A-96C6-4F9B-90DA-195A875C5631}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [UDP Query User{F03EA227-673C-4D1D-A045-93429F4F96CB}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [{F98C6DC3-DAF4-4D89-9EC0-32A20474D749}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{DEFC3B7B-4E63-430B-9F73-CED9B3360B00}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{B04F755E-73A7-4B19-A716-0B4936931199}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{971CC691-F9C0-4BE8-BDED-8815C6A6245D}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{80DE5553-410B-43C9-8FEF-E43891C78DAF}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{D5BDF78C-85D8-4E56-926C-CC2D7364646A}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{63DFEBFC-390C-40DE-933A-9F2DADAD8AFD}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{57D0E3A8-0AB2-48D7-AB64-E3FC8289ABF8}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{03B14AAC-85A3-4E1E-AAE6-D67BB763AB8A}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{5534C200-0E52-4CCC-BA98-DF0D25966303}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{319E1CFA-96F9-4765-B13D-2832EBC9F79E}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [{090C80C9-EF2A-4BCC-B274-DA738B85FF47}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [TCP Query User{D0852806-9B67-4849-B393-5BCFD73B4217}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [UDP Query User{732894AA-62DA-493F-BA78-A65544A6C539}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [{214564AF-BBA3-4E81-B17D-1F06B5D3AFD0}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{0B95A94E-567C-43B4-B71B-3B85B8188330}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{B33FB518-0761-4C24-8867-F0B7B14F323F}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{B76F326A-FE12-49DD-99D3-B8B83F95A4A2}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{CF53888A-5C8C-44A9-96E7-8D2A2C391893}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{E602716D-68E2-4725-97C8-C0555B0FF6BE}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{835F90F4-C74A-48E4-BD7B-7B7F3EB26BB1}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DE0ABF26-0839-44EA-9D69-ACA0A016BDA7}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{B8FEEE15-4AA9-48C5-BA8F-0D61F0142CC5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{BCD32AD3-5CF5-4EAA-B4BB-6B822714DD3E}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{2DE48180-C6D5-4C8B-B588-4E81E239B1A5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{139CD6E0-7156-45DD-80E7-9F30BCC3DAEC}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{4896923D-EA5C-492C-84A1-6FBE349C275C}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{6EBE3F0D-A166-408B-8DFC-80271D263B06}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{AA95A789-ABF7-49FA-BC2C-E8105DCD445E}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DBFA4C21-FBA5-440E-A8AF-C5E9777BABAE}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{56526727-9FF2-4767-8A86-67202932C05A}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F8C628C4-D6B5-414D-889E-EE364CFBC7D7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{B2F7A213-0B26-408B-9612-A5BE7520ED6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3AE1DE3A-8510-4A06-AA23-71A1A52679DB}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{313E92A5-5595-4288-A364-63B4C3B819E5}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [{34DD1EF5-DC69-4975-B0F4-78E0875E130B}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{67B2ECF1-9635-4060-80A8-E1D5452EA396}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{7A7CD880-69B3-4C3E-9647-5C3623C65E61}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{12B14AFB-878D-4FDA-A577-802F39490F85}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{47916F8C-0CAE-45DA-A7B4-985DA7C8F929}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [{9458BBAC-9252-4758-829F-79275BB8B2F9}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [TCP Query User{BDFDC57C-8BC9-4E79-B023-615557F08A78}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [UDP Query User{3F3D8A05-33CD-47CF-84C2-F977A40F537D}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [{00EC267C-F337-4CA1-AC15-822CA9CCB469}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{E86DD9EE-B256-4BBB-BE9C-C368494796F7}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [TCP Query User{CDF47A81-5308-4252-9667-38D9AB0D8061}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [UDP Query User{6F3E0A19-AC02-489E-89E6-5BF15BCCDDC2}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [{78F1101F-9872-4F30-919B-44FEF97AFA23}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{4A2A88E2-91E7-4949-88FC-A05F0BDAF2F7}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{DA1AB053-B838-4905-9B9F-CAF4FFD52AB5}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{23A99FAD-E518-4010-83FE-710A6E211B96}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{24359B6A-EE2C-4D5C-ABA5-6BF6CAC91504}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2AA6C628-7FB9-4F30-BB92-BDCF89F2181A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0B270495-D3DF-42B2-B552-52B9EE687746}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB7EE3A6-58A2-4ED9-90AD-3136049D6ED4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C89A8AB6-BCD9-4DC5-885F-DB0E8A508471}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{C3C6DF70-4CA9-430C-A8FF-FEEC9584346C}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{61C7FA33-4FA8-496A-804E-6F769606FD0A}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{14F4F47C-8305-4C7A-B552-AA5062DF3F14}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{81A6E9C9-CCA8-48DC-A19C-4425F738518E}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{794C269B-691B-4E72-847D-6BEAA1613019}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{2D1CC264-2E8C-4447-BF39-A770356FF620}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{6286C5FE-F448-4712-9198-65EA02C81ADC}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{D2C7216F-2F71-4D31-BBFA-CB24B6010AD4}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{025100DE-0293-4589-A81C-417A0604AB7F}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{E3A69345-E1C6-435C-962C-6C54065DD035}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{9FE21E23-0DDA-4020-952F-D1EE6C97D97B}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5014089B-AA20-40A0-BF72-A740F366A674}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{142D2C28-298C-4B34-B67F-4CCA94E45CE1}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{7813EC58-1DAF-4FFE-976A-80172154651E}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{CF67956E-6D20-4DE6-9ACB-2A3B6DC3AB41}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{699458AF-2F8D-48F1-8B2B-BA8454D8236C}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{ABFA37DD-029F-4272-A197-06762C110EB8}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{089F274A-3139-40E8-8F03-1BE0BB9EAE7D}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{2113B080-14B0-4BAE-9C02-A410FE21B061}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [{C0292D33-04A7-4511-A144-216679F9FFD4}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{D922841A-A90B-4235-89DF-426FB99D355F}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [TCP Query User{0800D4EE-74FF-4BFD-8430-5E5ED922607B}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [UDP Query User{CEACACE7-4640-4865-B504-F16A3ED17000}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{9CDAE3DE-33F2-4E84-A6EA-809402CA701B}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{0B4B05AB-250A-412E-9969-0586E560F06E}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{BC8A2FB2-90B9-47DB-A552-489AE165B13D}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{C3E2BBA9-A4B6-4FC8-9A79-8864D9775545}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{DA2A4F4D-F1E8-462A-B8EA-380E5D196DD2}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{02761161-C56D-453C-85F6-7D6D33393B5D}] => (Allow) C:\Windows\System32\rundll32.exe

==================== Wiederherstellungspunkte =========================

05-09-2017 18:50:03 Removed Robert D. Anderson & the legacy of Cthulhu
07-09-2017 11:15:45 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
07-09-2017 11:15:51 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
09-09-2017 10:15:30 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
12-09-2017 16:23:20 Entfernt Max Payne 3
16-09-2017 13:26:14 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/21/2017 06:33:37 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2017 06:33:36 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2017 06:33:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Hoshi-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI“ ist folgender Fehler aufgetreten: -2144927149. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (09/21/2017 06:25:18 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2017 06:16:59 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2017 05:47:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: c599f06f9ff37444c99b60561433d5f7.exe, Version: 13.14.1.34, Zeitstempel: 0x57c9dbc2
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.608, Zeitstempel: 0x802f667e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00062ec8
ID des fehlerhaften Prozesses: 0x2e78
Startzeit der fehlerhaften Anwendung: 0x01d332f0fcd63163
Pfad der fehlerhaften Anwendung: C:\Program Files\088195c19b33f61100dd567039f0a39e\c599f06f9ff37444c99b60561433d5f7.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: ff8b8eea-182f-4e1b-865d-04e60e18a49f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/21/2017 05:47:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: c599f06f9ff37444c99b60561433d5f7.exe, Version: 13.14.1.34, Zeitstempel: 0x57c9dbc2
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.608, Zeitstempel: 0x802f667e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00062ec8
ID des fehlerhaften Prozesses: 0x3844
Startzeit der fehlerhaften Anwendung: 0x01d332f0f6bba092
Pfad der fehlerhaften Anwendung: C:\Program Files\088195c19b33f61100dd567039f0a39e\c599f06f9ff37444c99b60561433d5f7.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 73b24f58-93de-4fdc-8dca-49dd1f44ff4f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/21/2017 05:47:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: c599f06f9ff37444c99b60561433d5f7.exe, Version: 13.14.1.34, Zeitstempel: 0x57c9dbc2
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.608, Zeitstempel: 0x802f667e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00043d7e
ID des fehlerhaften Prozesses: 0x1db0
Startzeit der fehlerhaften Anwendung: 0x01d332f0edce72fb
Pfad der fehlerhaften Anwendung: C:\Program Files\088195c19b33f61100dd567039f0a39e\c599f06f9ff37444c99b60561433d5f7.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 0fd6e04d-873a-46b2-a750-e6698fd196f8
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/21/2017 05:47:28 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/21/2017 05:47:26 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0


Systemfehler:
=============
Error: (09/21/2017 06:33:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/21/2017 06:33:13 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/21/2017 06:33:10 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "TermService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (09/21/2017 06:33:06 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/21/2017 06:33:05 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "TermService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (09/21/2017 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/21/2017 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/21/2017 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/21/2017 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/21/2017 06:33:03 PM) (Source: DCOM) (EventID: 10005) (User: Hoshi-PC)
Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


CodeIntegrity:
===================================
  Date: 2017-09-21 17:43:23.248
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:43:23.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:43:22.779
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:43:22.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:28:55.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:28:55.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:13:32.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 17:13:32.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 16:28:50.596
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-21 16:28:50.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16314.71 MB
Verfügbarer physikalischer RAM: 13374.82 MB
Summe virtueller Speicher: 32698.71 MB
Verfügbarer virtueller Speicher: 29523.37 MB

==================== Laufwerke ================================

Drive b: (Lokaler Datenträger) (Fixed) (Total:465.76 GB) (Free:102.52 GB) NTFS
Drive c: () (Fixed) (Total:223.03 GB) (Free:48.44 GB) NTFS
Drive d: () (Fixed) (Total:1464.84 GB) (Free:191.17 GB) NTFS
Drive e: () (Fixed) (Total:398.17 GB) (Free:71.99 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7D0DF0DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D0DF0CB)
Partition 1: (Not Active) - (Size=1464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 873A098D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Maleware Antimaleware letzter Scan
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 21.09.2017
Suchlaufzeit: 18:36
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2017.09.21.07
Rootkit-Datenbank: v2017.09.13.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Hoshi

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 434950
Abgelaufene Zeit: 5 Min., 24 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
Adware.IStartSurf, C:\Users\Hoshi\AppData\Local\Temp\is-K06PA.tmp\is-K06PA.tmp.exe, , [a76412a58e1bec4a7666dd11c23fca36], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
__________________

Alt 21.09.2017, 20:55   #4
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



Windows Defender
Code:
ATTFilter
Ebene	Datum und Uhrzeit	Quelle	Ereignis-ID	Aufgabenkategorie
Fehler	21.09.2017 20:29:17	Microsoft-Windows-Windows Defender	2001	Keine	"Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
 	Neue Signaturversion: 
 	Vorherige Signaturversion: 1.251.1222.0
 	Updatequelle: Microsoft Center zum Schutz vor Schadsoftware
 	Signaturtyp: AntiVirus
 	Updatetyp: Voll
 	Benutzer: NT-AUTORITÄT\Netzwerkdienst
 	Aktuelle Modulversion: 
 	Vorherige Modulversion: 1.1.14104.0
 	Fehlercode: 0x800704e8
 	Fehlerbeschreibung: Der Remotecomputer ist nicht verfügbar. Weitere Informationen zur Behebung von Netzwerkproblemen finden Sie in der Windows-Hilfe. "
Fehler	21.09.2017 20:29:17	Microsoft-Windows-Windows Defender	2001	Keine	"Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
 	Neue Signaturversion: 
 	Vorherige Signaturversion: 1.251.1222.0
 	Updatequelle: Microsoft Center zum Schutz vor Schadsoftware
 	Signaturtyp: AntiSpyware
 	Updatetyp: Voll
 	Benutzer: NT-AUTORITÄT\Netzwerkdienst
 	Aktuelle Modulversion: 
 	Vorherige Modulversion: 1.1.14104.0
 	Fehlercode: 0x800704e8
 	Fehlerbeschreibung: Der Remotecomputer ist nicht verfügbar. Weitere Informationen zur Behebung von Netzwerkproblemen finden Sie in der Windows-Hilfe. "
Fehler	21.09.2017 20:29:17	Microsoft-Windows-Windows Defender	2001	Keine	"Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
 	Neue Signaturversion: 
 	Vorherige Signaturversion: 1.251.1222.0
 	Updatequelle: Microsoft Center zum Schutz vor Schadsoftware
 	Signaturtyp: AntiVirus
 	Updatetyp: Voll
 	Benutzer: NT-AUTORITÄT\Netzwerkdienst
 	Aktuelle Modulversion: 
 	Vorherige Modulversion: 1.1.14104.0
 	Fehlercode: 0x800704e8
 	Fehlerbeschreibung: Der Remotecomputer ist nicht verfügbar. Weitere Informationen zur Behebung von Netzwerkproblemen finden Sie in der Windows-Hilfe. "
Informationen	21.09.2017 20:27:31	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-1CG2L.tmp\up.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 20:27:08	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-1CG2L.tmp\up.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:24:49	Microsoft-Windows-Windows Defender	1001	Keine	"Die Windows Defender Antivirus-Überprüfung wurde fertig gestellt.
 	Überprüfungs-ID: {C8298AC2-D534-4FAC-8851-68DEE1E484A6}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Schnellüberprüfung
 	Benutzer: Hoshi-PC\Hoshi
 	Überprüfungszeit: 0:04:45"
Informationen	21.09.2017 20:20:08	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:20:03	Microsoft-Windows-Windows Defender	1000	Keine	"Die Windows Defender Antivirus-Überprüfung wurde gestartet.
 	Überprüfungs-ID: {C8298AC2-D534-4FAC-8851-68DEE1E484A6}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Schnellüberprüfung
 	Überprüfungsressourcen: 
 	Benutzer: Hoshi-PC\Hoshi"
Warnung	21.09.2017 20:19:49	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:12396,ProcessStart:131504820268709030
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);process:_pid:15980,ProcessStart:131504822420186573
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: 
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
 	Name: BrowserModifier:Win32/Soctuseer!excl
 	ID: 237119
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\088195c19b33f61100dd567039f0a39e\
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:10280,ProcessStart:131504819433135227;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:12396,ProcessStart:131504820268709030;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 20:19:17	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:4056,ProcessStart:131504822438507742
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:45:08	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);process:_pid:15980,ProcessStart:131504822420186573
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:45:08	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
 	Name: BrowserModifier:Win32/Soctuseer!excl
 	ID: 237119
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\088195c19b33f61100dd567039f0a39e\
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:45:08	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
 	Name: BrowserModifier:Win32/Soctuseer!excl
 	ID: 237119
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\088195c19b33f61100dd567039f0a39e\
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:45:08	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\VoAhouq3n\VoAhouq3n.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\IG53WBKU5F\Sho9libi.exe
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:45:05	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);process:_pid:15980,ProcessStart:131504822420186573
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\Pcpy1x0ok\Pcpy1x0ok.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:45:05	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
 	Name: BrowserModifier:Win32/Soctuseer!excl
 	ID: 237119
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\088195c19b33f61100dd567039f0a39e\
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:45:05	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:4056,ProcessStart:131504822438507742
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:45:03	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\c:\program files\088195c19b33f61100dd567039f0a39e\ = 0x0
 	Neuer Wert: "
Warnung	21.09.2017 17:44:55	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-GRUB6.tmp\up.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\is-URS6K.tmp\Pcpy1x0ok.tmp
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:44:12	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\VoAhouq3n\VoAhouq3n.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\IG53WBKU5F\Sho9libi.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:44:09	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:44:09	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Soctuseer!excl&threatid=237119&enterprise=0
 	Name: BrowserModifier:Win32/Soctuseer!excl
 	ID: 237119
 	Schweregrad: Hoch
 	Kategorie: Browserveränderer
 	Pfad: regkeyvalue:_HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\\c:\program files\088195c19b33f61100dd567039f0a39e\
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:44:06	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:2836,ProcessStart:131504822391030590
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\nZBYX8kqI\netstream.exe
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:44:02	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:2836,ProcessStart:131504822391030590
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\nZBYX8kqI\netstream.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:43:26	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\f371379892038d205abbfa586a4788d0.xml = 0x0"
Informationen	21.09.2017 17:43:25	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1 = 0x0"
Informationen	21.09.2017 17:43:22	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:12396,ProcessStart:131504820268709030
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:43:22	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:10280,ProcessStart:131504819433135227;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: Unknown
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:43:22	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:12396,ProcessStart:131504820268709030;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: 
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Aktion: Nicht verfügbar
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:43:20	Microsoft-Windows-Windows Defender	2011	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen veraltete Signaturen verworfen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fb16a834c86d7ccf21850189f4d4c0d3b7e813a8
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:35:56
 	Grund der Entfernung: Automatisch
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 3000000"
Informationen	21.09.2017 17:43:20	Microsoft-Windows-Windows Defender	2011	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen veraltete Signaturen verworfen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fb16a834c86d7ccf21850189f4d4c0d3b7e813a8
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:35:56
 	Grund der Entfernung: Automatisch
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 3000000"
Informationen	21.09.2017 17:42:10	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\c:\program files\088195c19b33f61100dd567039f0a39e\ = 0x0"
Warnung	21.09.2017 17:42:10	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe;containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\is-48N6P.tmp\up.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\shutdowntime.exe->(inno#000002);file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:10280,ProcessStart:131504819433135227;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:41:56	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\ea25b50d8d77b75b0e1b47872ebc5b38.exe = 0x0"
Informationen	21.09.2017 17:41:56	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files\088195c19b33f61100dd567039f0a39e = 0x0"
Informationen	21.09.2017 17:41:56	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\uninstaller.dat = 0x0"
Informationen	21.09.2017 17:41:56	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\system32\drivers\ca411eda88aa6e27faf3faffca1124f5.sys = 0x0"
Warnung	21.09.2017 17:41:49	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\H9qYxhfC2\netstream.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:12396,ProcessStart:131504820268709030;process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:41:44	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:41:44	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-6BU2F.tmp\YX678.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe;process:_pid:2088,ProcessStart:131504819130369842
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:40:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\db4dadada3d04f3352df45798202d1125a4b7ea0
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:40:41
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:40:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\db4dadada3d04f3352df45798202d1125a4b7ea0
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:40:41
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:40:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\af2ec3e0cfd78bbd6f76da7260d6a7ce1e9b36bf
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:40:32
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:40:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\af2ec3e0cfd78bbd6f76da7260d6a7ce1e9b36bf
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:40:32
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Warnung	21.09.2017 17:40:56	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanProxy:Win32/Bunitu.R!bit&threatid=2147720067&enterprise=0
 	Name: TrojanProxy:Win32/Bunitu.R!bit
 	ID: 2147720067
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner - Proxyserver
 	Pfad: process:_pid:12396,ProcessStart:131504820268709030
 	Erkennungsursprung: Unbekannt
 	Erkennungstyp: Konkret
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:40:47	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: containerfile:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe->(inno#000004);process:_pid:14876,ProcessStart:131504819699467513
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\YRjyzsNCW\YRjyzsNCW.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:40:42	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-6BU2F.tmp\YX678.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe;process:_pid:2088,ProcessStart:131504819130369842
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:40:42	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\BKtW7Erl5\netstream.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\P5AJ6MC03B\Sho9libi.exe
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\WINDOWS\Temp\ieFYcOrvRDhDUnVO = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\TQoarIXzU = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\OVRLibraryService\AppData\LocalLow\zwMRXEuCYLuhR = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdlphncgdlaajddhdginocbkndmceaml = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\CKCpTyVyQIE = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Mcx1-HOSHI-PC\AppData\Local\Temp\bJDxxkuCsoIGprfpO = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Hoshi\AppData\Local\Temp\bJDxxkuCsoIGprfpO = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\OVRLibraryService\AppData\Local\Temp\bJDxxkuCsoIGprfpO = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\ICBaloCIDxXU2 = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Mcx1-HOSHI-PC\AppData\LocalLow\zwMRXEuCYLuhR = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Hoshi\AppData\LocalLow\zwMRXEuCYLuhR = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} = 0x0"
Informationen	21.09.2017 17:40:17	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\C:\Program Files (x86)\AvMVIUoBwtUn = 0x0"
Informationen	21.09.2017 17:40:04	Microsoft-Windows-Windows Defender	5007	Keine	"In der Konfiguration von Windows Defender Antivirus wurde eine Änderung erkannt. Falls dies unerwartet ist, überprüfen Sie die Einstellungen, da die Änderung möglicherweise von Schadsoftware verursacht wurde.
 	Bisheriger Wert: 
 	Neuer Wert: HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\225451 = 0x6"
Warnung	21.09.2017 17:39:58	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\is-6BU2F.tmp\YX678.exe;file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe;process:_pid:2088,ProcessStart:131504819130369842
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:39:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\a28b4a42659986dcb3d74f7c8a4afcdce3f163a5
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:39:57
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:39:58	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\a28b4a42659986dcb3d74f7c8a4afcdce3f163a5
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:39:57
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Warnung	21.09.2017 17:39:53	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\BKtW7Erl5\netstream.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\P5AJ6MC03B\Sho9libi.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:39:53	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe;process:_pid:2088,ProcessStart:131504819130369842
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:39:51	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe;process:_pid:2088,ProcessStart:131504819130369842
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:39:14	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\BKtW7Erl5\netstream.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: Echtzeitschutz
 	Benutzer: Hoshi-PC\Hoshi
 	Prozessname: C:\Users\Hoshi\AppData\Local\Temp\P5AJ6MC03B\Sho9libi.exe
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:38:49	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\speedownloader.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:38:43	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\6e6d7d5fd7c09b667bf50fecb366d731f217500c
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:38:40
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:38:43	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\6e6d7d5fd7c09b667bf50fecb366d731f217500c
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:38:40
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:38:42	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d0efc2f8f5c01648d77273e1dba2fa7aa0ebc4df
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:38:40
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:38:42	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\d0efc2f8f5c01648d77273e1dba2fa7aa0ebc4df
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:38:40
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:36:51	Microsoft-Windows-Windows Defender	1000	Keine	"Die Windows Defender Antivirus-Überprüfung wurde gestartet.
 	Überprüfungs-ID: {CEC76C46-3546-49C7-A5EB-CCE8C7A71678}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Schnellüberprüfung
 	Überprüfungsressourcen: 
 	Benutzer: Hoshi-PC\Hoshi"
Informationen	21.09.2017 17:36:29	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x80508023
 	Fehlerbeschreibung: Auf dem Gerät wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:36:28	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:36:28	Microsoft-Windows-Windows Defender	1117	Keine	"Von Windows Defender Antivirus wurden Maßnahmen ergriffen, um den Computer vor Schadsoftware oder anderer potenziell unerwünschter Software zu schützen.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe;process:_pid:9484,ProcessStart:131504817609445057
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Aktion: Quarantäne
 	Aktionsstatus: No additional actions required
	Fehlercode: 0x00000000
 	Fehlerbeschreibung: Der Vorgang wurde erfolgreich beendet. 
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:36:27	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe;process:_pid:9484,ProcessStart:131504817609445057
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Warnung	21.09.2017 17:36:23	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:36:23	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\43d6f3b6f1d30fc1b275c6cf1500496ca03a894e
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:20
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 864000000"
Informationen	21.09.2017 17:36:23	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\43d6f3b6f1d30fc1b275c6cf1500496ca03a894e
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:20
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 864000000"
Informationen	21.09.2017 17:36:23	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\4795e74b629641a33e9873b97d515fbc5e480985
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:19
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:36:23	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\4795e74b629641a33e9873b97d515fbc5e480985
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:19
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Warnung	21.09.2017 17:36:03	Microsoft-Windows-Windows Defender	1116	Keine	"Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
 Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuery.A!cl&threatid=2147718513&enterprise=0
 	Name: Trojan:Win32/Fuery.A!cl
 	ID: 2147718513
 	Schweregrad: Schwerwiegend
 	Kategorie: Trojaner
 	Pfad: file:_C:\Users\Hoshi\AppData\Local\Temp\163239140\ic-0.20dc7523649674.exe
 	Erkennungsursprung: Lokaler Computer
 	Erkennungstyp: FastPath
 	Erkennungsquelle: System
 	Benutzer: NT-AUTORITÄT\SYSTEM
 	Prozessname: Unknown
 	Signaturversion: AV: 1.251.1222.0, AS: 1.251.1222.0, NIS: 117.12.0.0
 	Modulversion: AM: 1.1.14104.0, NIS: 2.1.13804.0"
Informationen	21.09.2017 17:36:03	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\b1d2dd5fe602992310bc70ba8c2c6aced6766619
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:00
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:36:03	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\b1d2dd5fe602992310bc70ba8c2c6aced6766619
 	Version der dynamischen Signatur: 1.251.1222.1
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:36:00
 	Persistenzgrenztyp: VDM-Version
 	Persistenzgrenze: 1.251.1222.1"
Informationen	21.09.2017 17:36:00	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiSpyware
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fb16a834c86d7ccf21850189f4d4c0d3b7e813a8
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:35:56
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 3000000"
Informationen	21.09.2017 17:36:00	Microsoft-Windows-Windows Defender	2010	Keine	"Von Windows Defender Antivirus wurden mithilfe des Diensts für dynamische Signaturen zusätzliche Signaturen zum Schutz des Computers abgerufen.
 	Aktuelle Signaturversion: 1.251.1222.0
 	Signaturtyp: AntiVirus
 	Benutzer: \
 	Aktuelle Modulversion: 1.1.14104.0
 	Typ der dynamischen Signatur: Signaturupdate
 	Persistenzpfad: C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\data\fb16a834c86d7ccf21850189f4d4c0d3b7e813a8
 	Version der dynamischen Signatur: 0.0.0.0
 	Erstellungszeitstempel der dynamischen Signatur: ‎21.‎09.‎2017 15:35:56
 	Persistenzgrenztyp: Dauer
 	Persistenzgrenze: 3000000"
Informationen	21.09.2017 17:26:27	Microsoft-Windows-Windows Defender	1001	Keine	"Die Windows Defender Antivirus-Überprüfung wurde fertig gestellt.
 	Überprüfungs-ID: {72E2EACE-C8C8-43A2-9F86-C29F74C058D0}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Benutzerdefinierte Überprüfung
 	Benutzer: Hoshi-PC\Hoshi
 	Überprüfungszeit: 0:00:00"
Informationen	21.09.2017 17:26:26	Microsoft-Windows-Windows Defender	1000	Keine	"Die Windows Defender Antivirus-Überprüfung wurde gestartet.
 	Überprüfungs-ID: {72E2EACE-C8C8-43A2-9F86-C29F74C058D0}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Benutzerdefinierte Überprüfung
 	Überprüfungsressourcen: file:_E:\3d-converter.exe
 	Benutzer: Hoshi-PC\Hoshi"
Informationen	21.09.2017 17:13:31	Microsoft-Windows-Windows Defender	1013	Keine	"Von Windows Defender Antivirus wurden Verlaufsinformationen zu Schadsoftware oder anderer potenziell unerwünschter Software entfernt.
 	Zeit: ‎06.‎09.‎2017 17:13:31
 	Benutzer: NT-AUTORITÄT\SYSTEM
"
Informationen	21.09.2017 17:13:31	Microsoft-Windows-Windows Defender	1000	Keine	"Die Windows Defender Antivirus-Überprüfung wurde gestartet.
 	Überprüfungs-ID: {8BCB44DC-B1D0-467A-BFF6-D462EBF2ABD9}
 	Überprüfungstyp: Antimalware
 	Überprüfungsparameter: Schnellüberprüfung
 	Überprüfungsressourcen: 
 	Benutzer: NT-AUTORITÄT\SYSTEM"
         
Habe eben festgestellt, das sich Firefox einfach öffnet und ein willkürliches Werbefenster öffnet oder eins dieser "Panikmache"-Seite das ich infiziert wäre und auf Ok in einem Popupfenster klicken soll. Habe erstmal über Windows Apps & Features Firefox deinstalliert. Hier unter Chrome scheint das nicht zu passieren.

Alt 22.09.2017, 03:44   #5
burningice
/// Malwareteam
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware




Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
  • Bitte lies meine Posts komplett durch bevor du sie abarbeitest
  • Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
  • Bitte kein Crossposting
  • Installiere oder Deinstalliere keine Software ohne Aufforderung
  • Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
  • Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
  • Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
  • Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
  • Wir machen unsere Arbeit freiwillig und ehrenamtlich neben unserer normalen Beschäftigung im Leben. Dennoch, wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!
Los geht's

"Verdacht" ist gut, hier gibts einiges zu tun

Schritt: 1
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 22.09.2017, 19:11   #6
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



"einiges zu tun"... da hab ich wohl den Jackpot erwischt. Wie ist das mit der weiteren Benutzung des PCs? Darf ich in der Zeit Clients wie Steam oder Battle.net benutzen, da diese ja Logins benötigen, oder andere Onlinespiele? Spiele im Allgemein oder meine Grafik/Video Programme?

Hier die Logfile
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.09.22.01
  rootkit: v2017.09.13.01

Windows 10 x64 NTFS
Internet Explorer 11.608.15063.0
Hoshi :: HOSHI-PC [administrator]

22.09.2017 06:19:17
mbar-log-2017-09-22 (06-19-17).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 436916
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Hoshi\AppData\Local\drtaaf.dll (Trojan.ProxyAgent) -> Delete on reboot. [b3b6c9ee3f6a95a1ff4af5f918e9dd23]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.09.22.01
  rootkit: v2017.09.13.01

Windows 10 x64 NTFS
Internet Explorer 11.608.15063.0
Hoshi :: HOSHI-PC [administrator]

22.09.2017 06:34:11
mbar-log-2017-09-22 (06-34-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 436413
Time elapsed: 9 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Vorhin nochmal gescannt. Es kommt immer wieder was.
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.09.22.05
  rootkit: v2017.09.13.01

Windows 10 x64 NTFS
Internet Explorer 11.608.15063.0
Hoshi :: HOSHI-PC [administrator]

22.09.2017 18:51:09
mbar-log-2017-09-22 (18-51-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 437344
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Hoshi\AppData\Local\Temp\nZBYX8kqI\netstream.exe (Ransom.Cerber) -> Delete on reboot. [f27b1c9be1c8f93d5ed98866857c6b95]
C:\Users\Hoshi\AppData\Local\Temp\ZdYydE73t\ZdYydE73t.exe (Adware.Wajam) -> Delete on reboot. [fa73e8cfe9c06cca3a8a0fe14cb505fb]
C:\Users\Hoshi\AppData\Local\Temp\so24j8f5O\so24j8f5O.exe (Adware.Wajam) -> Delete on reboot. [5617783f3277e1556361aa4634cdc838]
C:\Windows\ea25b50d8d77b75b0e1b47872ebc5b38.exe (Adware.Wajam) -> Delete on reboot. [90dd6057f5b4bb7bee7607e88879e61a]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Und dieser Prozess startet jedes mal, wenn Windows startet. Sobald ich den beende stoppt auch das automatische öffnen wo ich ein Browser auswählen soll.
https://drive.google.com/open?id=0B-dJOMZu93--LXRZREs1NkdyODQ

Alt 23.09.2017, 00:43   #7
burningice
/// Malwareteam
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



ja ganz ruhig da, 2 mal hätte gereicht. Das hilft in deinem Fall eh noch nicht besonders. Aber bekommen wir alles hin.

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CloseProcesses:
Emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [4UEZZE426ZCBI5S] => C:\Program Files (x86)\SDownloader\6PZUP.exe [1226752 2017-09-21] (1VDQ)
FF user.js: detected! => C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\user.js [2017-09-21]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\wgfhygzl2oo
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1btjxe3pfv
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ky1ycpizc1m
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hj44pi4iij1
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\fslpzvplkzw
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\3K1EP8FZTW
2017-09-21 17:46 - 2017-09-21 17:46 - 000000000 ____D C:\Program Files\794JJ2L8W9
2017-09-21 17:45 - 2017-09-21 18:17 - 000000002 _____ C:\END
2017-09-21 17:45 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\xjrqshsfear
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1k4v1fzjcg
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\WSH55IY5CO
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\SUGMCJMJDX
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\L4GUFS7VFF
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\{E4156CA0-47AD-493C-980B-63E02EA7C93A}
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\{CF160C81-F78D-4A0C-BE47-AF22C8C533BE}
2017-09-21 17:44 - 2017-09-21 17:44 - 000024576 _____ C:\Users\Hoshi\AppData\Local\drtaaf.dll
2017-09-21 17:43 - 2017-09-21 18:17 - 000000306 __RSH C:\Users\Hoshi\ntuser.pol
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\rvv0f2joxp0
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hjvjanr5j10
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\h4hpycpiigw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cvmm2xhahv1
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\aa3cy0c3vrw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\NTLYPTR4F0
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\Users\Hoshi\AppData\Local\AdvinstAnalytics
2017-09-21 17:41 - 2017-09-21 17:44 - 000004608 _____ C:\WINDOWS\system32\mispaced.dll
2017-09-21 17:41 - 2017-09-21 17:41 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\jyqtpby3wrp
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cf0aqfn3f2w
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\1yqjmonlcdx
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\2J4S1XCBYH
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\0REZPKA8BK
2017-09-21 17:40 - 2017-09-21 17:44 - 000006656 _____ C:\WINDOWS\system32\mispacedx.dll
2017-09-21 17:40 - 2017-09-21 17:40 - 000004608 _____ C:\WINDOWS\SysWOW64\mispaced.dll
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\zh5avmoljgd
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ujkguhy3rb5
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ivuhqdpovve
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TVCTLBBTT8
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\R1VICQWYQE
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2017-09-21 17:39 - 2017-09-21 17:39 - 000140800 _____ C:\Users\Hoshi\AppData\Local\installer.dat
2017-09-21 17:39 - 2017-09-21 17:39 - 000016826 _____ C:\WINDOWS\System32\Tasks\Spin Driver Vuld
2017-09-21 17:39 - 2017-09-21 17:39 - 000011568 _____ C:\Users\Hoshi\AppData\Local\InstallationConfiguration.xml
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ErrorReporting
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cl2bnzogg1u
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\53uzogknheg
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TBUC85W4RM
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\CARPFHFJOG
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\SDownloader
2017-09-21 17:35 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Local\PCBooster
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\Documents\Aiseesoft Studio
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Aiseesoft Studio
2017-09-21 18:09 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Spin Driver Vuld
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> Keine Datei
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
Task: {25D5A32A-8909-4F96-8028-6E97C19E9277} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {3DEA7F3E-A5EB-45F0-9421-D9F66008ED63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {520A4ED2-9B29-4873-B2CA-FEA9273674C4} - \{4DD1B416-1A2D-4675-A6D6-8083878E9DE3} -> Keine Datei <==== ACHTUNG
Task: {674D3F7E-07C8-42A4-AD10-F21331870E05} - \Red Giant Link -> Keine Datei <==== ACHTUNG
Task: {6A9B91BB-C2E4-43F0-A903-2F8119DDC143} - System32\Tasks\Spin Driver Vuld => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Spin Driver Vuld\Spin Driver Vuld.dll",Nejpqk <==== ACHTUNG
Task: {73233123-6EEE-441F-ACD7-AC9AC6C2D30B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\Users\\Hoshi\\AppData\\Roaming\\ErrorReporting\\ermgr.exe
Task: {802BD126-ED9C-4502-8D98-7D2D98679DE2} - System32\Tasks\jJKowXmxzIFxIuj2 => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {8A11B9D7-5D1C-41EA-B4D4-112D27F98D33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {97496AF1-1EE8-4D66-924B-88673C3D7419} - System32\Tasks\jJKowXmxzIFxIuj => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {99A9C2AC-D3E0-4337-B0E6-3AFB38E4A179} - System32\Tasks\f371379892038d205abbfa586a4788d0 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1" <==== ACHTUNG
C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1
Task: {B2170479-C9ED-4E5A-BC64-4F7CA71C8180} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B689586B-9669-4E4E-84F2-2174ACB35C72} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {CFFD267D-0E96-4AE1-B8E2-62A0C9DF92B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {F1879657-BA06-438A-82B8-D2379034C86A} - System32\Tasks\LSjUFtTofwjkxN => rundll32 "C:\Program Files (x86)\ICBaloCIDxXU2\MUWtfQsPOcBXV.dll",#1
Task: {F81964E0-FEBD-4F08-A908-0ED367B4B50C} - System32\Tasks\0z8qp1lfDt => C:\Program Files (x86)\mML019nslc\updengine.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jJKowXmxzIFxIuj.job => C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll
C:\Program Files (x86)\TQoarIXzU
C:\Program Files (x86)\ICBaloCIDxXU2
AlternateDataStreams: C:\ProgramData\TEMP:98353363 [132]
AlternateDataStreams: C:\Users\Hoshi\AppData\Local\Temp:$DATA [16]

file: C:\Windows\eHome\McrMgr.exe
cmd: dir "C:\Program Files (x86)" /a
cmd: dir "C:\Program Files" /a
cmd: dir "C:\Users\Hoshi\AppData\Roaming" /a
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
powershell: Get-ChildItem -Path cert:\LocalMachine\Disallowed -recurse | Format-List -Property *
powershell: Get-ChildItem -Path cert:\CurrentUser\Disallowed -recurse | Format-List -Property *
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Geändert von burningice (23.09.2017 um 00:48 Uhr)

Alt 23.09.2017, 07:20   #8
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



fixlog
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-09-2017
durchgeführt von Hoshi (23-09-2017 07:15:35) Run:1
Gestartet von C:\Users\Hoshi\Desktop
Geladene Profile: Hoshi (Verfügbare Profile: Hoshi & Mcx1-HOSHI-PC & OVRLibraryService)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
Emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschr�nkung <==== ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschr�nkung <==== ACHTUNG
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [4UEZZE426ZCBI5S] => C:\Program Files (x86)\SDownloader\6PZUP.exe [1226752 2017-09-21] (1VDQ)
FF user.js: detected! => C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\user.js [2017-09-21]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\wgfhygzl2oo
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1btjxe3pfv
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ky1ycpizc1m
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hj44pi4iij1
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\fslpzvplkzw
2017-09-21 17:47 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\3K1EP8FZTW
2017-09-21 17:46 - 2017-09-21 17:46 - 000000000 ____D C:\Program Files\794JJ2L8W9
2017-09-21 17:45 - 2017-09-21 18:17 - 000000002 _____ C:\END
2017-09-21 17:45 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\xjrqshsfear
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\q1k4v1fzjcg
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\WSH55IY5CO
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\SUGMCJMJDX
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\L4GUFS7VFF
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\{E4156CA0-47AD-493C-980B-63E02EA7C93A}
2017-09-21 17:44 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\{CF160C81-F78D-4A0C-BE47-AF22C8C533BE}
2017-09-21 17:44 - 2017-09-21 17:44 - 000024576 _____ C:\Users\Hoshi\AppData\Local\drtaaf.dll
2017-09-21 17:43 - 2017-09-21 18:17 - 000000306 __RSH C:\Users\Hoshi\ntuser.pol
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\rvv0f2joxp0
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\hjvjanr5j10
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\h4hpycpiigw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cvmm2xhahv1
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\aa3cy0c3vrw
2017-09-21 17:43 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\NTLYPTR4F0
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-09-21 17:42 - 2017-09-21 17:42 - 000000000 ____D C:\Users\Hoshi\AppData\Local\AdvinstAnalytics
2017-09-21 17:41 - 2017-09-21 17:44 - 000004608 _____ C:\WINDOWS\system32\mispaced.dll
2017-09-21 17:41 - 2017-09-21 17:41 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\jyqtpby3wrp
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cf0aqfn3f2w
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\1yqjmonlcdx
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\2J4S1XCBYH
2017-09-21 17:40 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\0REZPKA8BK
2017-09-21 17:40 - 2017-09-21 17:44 - 000006656 _____ C:\WINDOWS\system32\mispacedx.dll
2017-09-21 17:40 - 2017-09-21 17:40 - 000004608 _____ C:\WINDOWS\SysWOW64\mispaced.dll
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\zh5avmoljgd
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ujkguhy3rb5
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ivuhqdpovve
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TVCTLBBTT8
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\R1VICQWYQE
2017-09-21 17:39 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2017-09-21 17:39 - 2017-09-21 17:39 - 000140800 _____ C:\Users\Hoshi\AppData\Local\installer.dat
2017-09-21 17:39 - 2017-09-21 17:39 - 000016826 _____ C:\WINDOWS\System32\Tasks\Spin Driver Vuld
2017-09-21 17:39 - 2017-09-21 17:39 - 000011568 _____ C:\Users\Hoshi\AppData\Local\InstallationConfiguration.xml
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\ErrorReporting
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\cl2bnzogg1u
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\53uzogknheg
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\TBUC85W4RM
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files\CARPFHFJOG
2017-09-21 17:38 - 2017-09-21 18:09 - 000000000 ____D C:\Program Files (x86)\SDownloader
2017-09-21 17:35 - 2017-09-21 18:09 - 000000000 ____D C:\Users\Hoshi\AppData\Local\PCBooster
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\Documents\Aiseesoft Studio
2017-09-21 17:28 - 2017-09-21 17:28 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Aiseesoft Studio
2017-09-21 18:09 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Spin Driver Vuld
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [MRAICQCMenu] -> {7C9E7B90-88EC-4852-AC7A-C938268A5D04} =>  -> Keine Datei
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
Task: {25D5A32A-8909-4F96-8028-6E97C19E9277} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {3DEA7F3E-A5EB-45F0-9421-D9F66008ED63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {520A4ED2-9B29-4873-B2CA-FEA9273674C4} - \{4DD1B416-1A2D-4675-A6D6-8083878E9DE3} -> Keine Datei <==== ACHTUNG
Task: {674D3F7E-07C8-42A4-AD10-F21331870E05} - \Red Giant Link -> Keine Datei <==== ACHTUNG
Task: {6A9B91BB-C2E4-43F0-A903-2F8119DDC143} - System32\Tasks\Spin Driver Vuld => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Spin Driver Vuld\Spin Driver Vuld.dll",Nejpqk <==== ACHTUNG
Task: {73233123-6EEE-441F-ACD7-AC9AC6C2D30B} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\Users\\Hoshi\\AppData\\Roaming\\ErrorReporting\\ermgr.exe
Task: {802BD126-ED9C-4502-8D98-7D2D98679DE2} - System32\Tasks\jJKowXmxzIFxIuj2 => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {8A11B9D7-5D1C-41EA-B4D4-112D27F98D33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {97496AF1-1EE8-4D66-924B-88673C3D7419} - System32\Tasks\jJKowXmxzIFxIuj => rundll32 "C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll",#1
Task: {99A9C2AC-D3E0-4337-B0E6-3AFB38E4A179} - System32\Tasks\f371379892038d205abbfa586a4788d0 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1" <==== ACHTUNG
C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1
Task: {B2170479-C9ED-4E5A-BC64-4F7CA71C8180} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B689586B-9669-4E4E-84F2-2174ACB35C72} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {CFFD267D-0E96-4AE1-B8E2-62A0C9DF92B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {F1879657-BA06-438A-82B8-D2379034C86A} - System32\Tasks\LSjUFtTofwjkxN => rundll32 "C:\Program Files (x86)\ICBaloCIDxXU2\MUWtfQsPOcBXV.dll",#1
Task: {F81964E0-FEBD-4F08-A908-0ED367B4B50C} - System32\Tasks\0z8qp1lfDt => C:\Program Files (x86)\mML019nslc\updengine.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\jJKowXmxzIFxIuj.job => C:\Program Files (x86)\TQoarIXzU\UtQPcX.dll
C:\Program Files (x86)\TQoarIXzU
C:\Program Files (x86)\ICBaloCIDxXU2
AlternateDataStreams: C:\ProgramData\TEMP:98353363 [132]
AlternateDataStreams: C:\Users\Hoshi\AppData\Local\Temp:$DATA [16]

file: C:\Windows\eHome\McrMgr.exe
cmd: dir "C:\Program Files (x86)" /a
cmd: dir "C:\Program Files" /a
cmd: dir "C:\Users\Hoshi\AppData\Roaming" /a
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
powershell: Get-ChildItem -Path cert:\LocalMachine\Disallowed -recurse | Format-List -Property *
powershell: Get-ChildItem -Path cert:\CurrentUser\Disallowed -recurse | Format-List -Property *
         
*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Policies\Google => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Windows\CurrentVersion\Run\\4UEZZE426ZCBI5S => Wert erfolgreich entfernt
C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\user.js => erfolgreich verschoben
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
C:\Users\Hoshi\AppData\Roaming\wgfhygzl2oo => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\q1btjxe3pfv => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\ky1ycpizc1m => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\hj44pi4iij1 => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\fslpzvplkzw => erfolgreich verschoben
C:\Program Files\3K1EP8FZTW => erfolgreich verschoben
C:\Program Files\794JJ2L8W9 => erfolgreich verschoben
C:\END => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\xjrqshsfear => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\q1k4v1fzjcg => erfolgreich verschoben
C:\Program Files\WSH55IY5CO => erfolgreich verschoben
C:\Program Files\SUGMCJMJDX => erfolgreich verschoben
C:\Program Files\L4GUFS7VFF => erfolgreich verschoben
C:\Program Files\{E4156CA0-47AD-493C-980B-63E02EA7C93A} => erfolgreich verschoben
C:\Program Files (x86)\{CF160C81-F78D-4A0C-BE47-AF22C8C533BE} => erfolgreich verschoben
"C:\Users\Hoshi\AppData\Local\drtaaf.dll" => nicht gefunden.
C:\Users\Hoshi\ntuser.pol => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\rvv0f2joxp0 => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\hjvjanr5j10 => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\h4hpycpiigw => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\cvmm2xhahv1 => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\aa3cy0c3vrw => erfolgreich verschoben
C:\Program Files\NTLYPTR4F0 => erfolgreich verschoben
C:\WINDOWS\SysWOW64\SSL => erfolgreich verschoben
C:\Users\Hoshi\AppData\Local\AdvinstAnalytics => erfolgreich verschoben
C:\WINDOWS\system32\mispaced.dll => erfolgreich verschoben
C:\Users\Public\Documents\XMUpdate => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\jyqtpby3wrp => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\cf0aqfn3f2w => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\1yqjmonlcdx => erfolgreich verschoben
C:\Program Files\2J4S1XCBYH => erfolgreich verschoben
C:\Program Files\0REZPKA8BK => erfolgreich verschoben
C:\WINDOWS\system32\mispacedx.dll => erfolgreich verschoben
C:\WINDOWS\SysWOW64\mispaced.dll => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\zh5avmoljgd => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\ujkguhy3rb5 => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\ivuhqdpovve => erfolgreich verschoben
C:\Program Files\TVCTLBBTT8 => erfolgreich verschoben
C:\Program Files\R1VICQWYQE => erfolgreich verschoben
"C:\Program Files (x86)\ShutdownTime" => nicht gefunden.
C:\Users\Hoshi\AppData\Local\installer.dat => erfolgreich verschoben
C:\WINDOWS\System32\Tasks\Spin Driver Vuld => erfolgreich verschoben
C:\Users\Hoshi\AppData\Local\InstallationConfiguration.xml => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\ErrorReporting => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\cl2bnzogg1u => erfolgreich verschoben
C:\Users\Hoshi\AppData\Roaming\53uzogknheg => erfolgreich verschoben
C:\Program Files\TBUC85W4RM => erfolgreich verschoben
C:\Program Files\CARPFHFJOG => erfolgreich verschoben
"C:\Program Files (x86)\SDownloader" => nicht gefunden.
C:\Users\Hoshi\AppData\Local\PCBooster => erfolgreich verschoben
C:\Users\Hoshi\Documents\Aiseesoft Studio => erfolgreich verschoben
C:\Users\Hoshi\AppData\Local\Aiseesoft Studio => erfolgreich verschoben
C:\Program Files\Spin Driver Vuld => erfolgreich verschoben
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden. 
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MRAICQCMenu => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{7C9E7B90-88EC-4852-AC7A-C938268A5D04} => Schlüssel nicht gefunden. 
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25D5A32A-8909-4F96-8028-6E97C19E9277} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25D5A32A-8909-4F96-8028-6E97C19E9277} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DEA7F3E-A5EB-45F0-9421-D9F66008ED63} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DEA7F3E-A5EB-45F0-9421-D9F66008ED63} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{520A4ED2-9B29-4873-B2CA-FEA9273674C4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{520A4ED2-9B29-4873-B2CA-FEA9273674C4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4DD1B416-1A2D-4675-A6D6-8083878E9DE3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{674D3F7E-07C8-42A4-AD10-F21331870E05} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{674D3F7E-07C8-42A4-AD10-F21331870E05} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Red Giant Link => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6A9B91BB-C2E4-43F0-A903-2F8119DDC143} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A9B91BB-C2E4-43F0-A903-2F8119DDC143} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Spin Driver Vuld => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Spin Driver Vuld => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73233123-6EEE-441F-ACD7-AC9AC6C2D30B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73233123-6EEE-441F-ACD7-AC9AC6C2D30B} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ErrorReporting => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{802BD126-ED9C-4502-8D98-7D2D98679DE2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{802BD126-ED9C-4502-8D98-7D2D98679DE2} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jJKowXmxzIFxIuj2 => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jJKowXmxzIFxIuj2 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A11B9D7-5D1C-41EA-B4D4-112D27F98D33} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A11B9D7-5D1C-41EA-B4D4-112D27F98D33} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97496AF1-1EE8-4D66-924B-88673C3D7419} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97496AF1-1EE8-4D66-924B-88673C3D7419} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\jJKowXmxzIFxIuj => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\jJKowXmxzIFxIuj => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99A9C2AC-D3E0-4337-B0E6-3AFB38E4A179} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99A9C2AC-D3E0-4337-B0E6-3AFB38E4A179} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\f371379892038d205abbfa586a4788d0 => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f371379892038d205abbfa586a4788d0 => Schlüssel erfolgreich entfernt
"C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2170479-C9ED-4E5A-BC64-4F7CA71C8180} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2170479-C9ED-4E5A-BC64-4F7CA71C8180} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B689586B-9669-4E4E-84F2-2174ACB35C72} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B689586B-9669-4E4E-84F2-2174ACB35C72} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFFD267D-0E96-4AE1-B8E2-62A0C9DF92B3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFFD267D-0E96-4AE1-B8E2-62A0C9DF92B3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1879657-BA06-438A-82B8-D2379034C86A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1879657-BA06-438A-82B8-D2379034C86A} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\LSjUFtTofwjkxN => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LSjUFtTofwjkxN => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F81964E0-FEBD-4F08-A908-0ED367B4B50C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F81964E0-FEBD-4F08-A908-0ED367B4B50C} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\0z8qp1lfDt => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0z8qp1lfDt => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\jJKowXmxzIFxIuj.job => erfolgreich verschoben
"C:\Program Files (x86)\TQoarIXzU" => nicht gefunden.
"C:\Program Files (x86)\ICBaloCIDxXU2" => nicht gefunden.
C:\ProgramData\TEMP => ":98353363" ADS erfolgreich entfernt.
C:\Users\Hoshi\AppData\Local\Temp => ":$DATA" ADS erfolgreich entfernt.

========================= file: C:\Windows\eHome\McrMgr.exe ========================

"C:\Windows\eHome\McrMgr.exe" => nicht gefunden.
====== Ende von File: ======


========= dir "C:\Program Files (x86)" /a =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 3A2A-1B4A

 Verzeichnis von C:\Program Files (x86)

23.09.2017  07:15    <DIR>          .
23.09.2017  07:15    <DIR>          ..
15.03.2017  11:49    <DIR>          AC3Filter
02.11.2015  18:18    <DIR>          Adobe
12.12.2015  14:27    <DIR>          AppInsights
12.09.2017  18:02    <DIR>          Battlelog Web Plugins
16.07.2016  15:07    <DIR>          Bonjour
18.07.2016  20:03             6.144 com.htc.vive.setup.bilogclient
23.07.2017  12:40    <DIR>          Common Files
18.02.2017  07:17    <DIR>          CronusPRO
18.03.2017  23:01               174 desktop.ini
19.07.2014  18:25    <DIR>          DivX Pro VFW
11.12.2015  15:23    <DIR>          Elgato
23.12.2014  13:42    <DIR>          Firebird
02.02.2016  18:42    <DIR>          FreeCodecPack
31.05.2016  19:06    <DIR>          Futuremark
03.07.2015  19:19    <DIR>          Google
12.12.2015  13:41    <DIR>          GtkSharp
12.09.2017  16:23    <DIR>          InstallShield Installation Information
30.09.2016  06:27    <DIR>          Intel
13.09.2017  20:58    <DIR>          Internet Explorer
10.11.2015  17:51    <DIR>          Java
06.08.2016  09:53    <DIR>          LAV Filters
23.06.2017  14:30    <DIR>          MAGIX
28.03.2016  03:42    <DIR>           Malwarebytes Anti-Malware 
05.02.2016  19:54    <DIR>          Microsoft ASP.NET
07.07.2014  16:52    <DIR>          Microsoft CAPICOM 2.1.0.2
20.08.2014  20:45    <DIR>          Microsoft Chart Controls
17.07.2015  20:52    <DIR>          Microsoft DirectX SDK (June 2010)
07.03.2015  12:44    <DIR>          Microsoft Games for Windows - LIVE
12.12.2015  14:12    <DIR>          Microsoft Help Viewer
12.12.2015  14:17    <DIR>          Microsoft Office365 Tools
12.12.2015  14:28    <DIR>          Microsoft SDKs
15.06.2017  07:08    <DIR>          Microsoft Silverlight
12.12.2015  14:22    <DIR>          Microsoft SQL Server
12.12.2015  14:21    <DIR>          Microsoft SQL Server Compact Edition
14.04.2017  09:15    <DIR>          Microsoft Visual Studio 12.0
14.04.2017  09:15    <DIR>          Microsoft Visual Studio 14.0
12.12.2015  14:30    <DIR>          Microsoft Visual Studio Tools for Unity
12.12.2015  14:15    <DIR>          Microsoft WCF Data Services
03.05.2014  10:39    <DIR>          Microsoft XNA
14.04.2017  09:06    <DIR>          Microsoft.NET
21.09.2017  20:24    <DIR>          Mozilla Firefox
22.09.2017  06:33    <DIR>          Mozilla Maintenance Service
29.03.2017  05:43    <DIR>          Mozilla Thunderbird
29.12.2014  22:21    <DIR>          Mplayer
14.04.2017  09:06    <DIR>          MSBuild
19.09.2016  17:50    <DIR>          MSECache
26.08.2015  16:45    <DIR>          MSXML 4.0
29.06.2014  13:43    <DIR>          Nero
26.12.2014  23:05    <DIR>          NETGEAR
18.09.2015  17:50    <DIR>          NewBlueFX
20.08.2017  18:50    <DIR>          NVIDIA Corporation
05.04.2015  12:07    <DIR>          OpenAL
18.03.2014  22:29    <DIR>          Realtek
14.04.2017  09:59    <DIR>          Reference Assemblies
18.06.2017  12:55    <DIR>          Rockstar Games
16.07.2016  18:25    <DIR>          Skype
06.08.2016  09:55    <DIR>          Stereoscopic Player
20.01.2015  20:14    <DIR>          SystemRequirementsLab
18.03.2014  22:30    <DIR>          Temp
16.06.2014  19:31    <DIR>          Total Immersion
14.04.2017  09:03    <DIR>          Uninstall Information
15.11.2015  20:50    <DIR>          VB
16.05.2015  09:06    <DIR>          VS Revo Group
25.08.2017  14:34    <DIR>          VulkanRT
30.12.2014  22:26    <DIR>          WestwoodChat
30.12.2014  20:16    <DIR>          WestwoodOnline
28.06.2017  06:44    <DIR>          Windows Defender
12.12.2015  14:21    <DIR>          Windows Kits
13.09.2017  20:58    <DIR>          Windows Mail
25.08.2015  18:33    <DIR>          Windows Media Components
20.03.2017  06:41    <DIR>          Windows Media Player
18.03.2017  23:03    <DIR>          Windows Multimedia Platform
18.03.2017  23:03    <DIR>          Windows NT
13.09.2017  20:58    <DIR>          Windows Photo Viewer
18.03.2017  23:03    <DIR>          Windows Portable Devices
14.04.2017  09:06    <DIR>          Windows Sidebar
18.03.2017  23:03    <DIR>          WindowsPowerShell
22.08.2014  20:30    <DIR>          Xiph.Org
29.06.2016  18:58    <DIR>          XML Notepad 2007
22.08.2014  20:34    <DIR>          Xvid
               2 Datei(en),          6.318 Bytes
              80 Verzeichnis(se), 61.289.345.024 Bytes frei

========= Ende von CMD: =========


========= dir "C:\Program Files" /a =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 3A2A-1B4A

 Verzeichnis von C:\Program Files

23.09.2017  07:15    <DIR>          .
23.09.2017  07:15    <DIR>          ..
29.03.2014  11:47    <DIR>          7-Zip
18.11.2014  19:14    <DIR>          AVAST Software
29.07.2016  20:20    <DIR>          Bonjour
23.06.2017  15:33    <DIR>          Common Files
06.09.2017  06:25    <DIR>          DAZ 3D
18.03.2017  23:01               174 desktop.ini
24.08.2017  16:00    <DIR>          DIFX
09.04.2016  14:29    <DIR>          DVD Maker
11.12.2015  15:23    <DIR>          Elgato
15.03.2014  14:09    <JUNCTION>     Gemeinsame Dateien [C:\Program Files\Common Files]
28.04.2017  13:37    <DIR>          Intel
13.09.2017  20:58    <DIR>          Internet Explorer
23.07.2017  12:40    <DIR>          Java
26.10.2015  20:03    <DIR>          Logitech
19.10.2016  12:33    <DIR>          Logitech Gaming Software
14.04.2017  09:06    <DIR>          Microsoft Games
15.06.2017  07:08    <DIR>          Microsoft Silverlight
12.12.2015  14:22    <DIR>          Microsoft SQL Server
12.12.2015  14:21    <DIR>          Microsoft SQL Server Compact Edition
12.12.2015  14:14    <DIR>          Microsoft Visual Studio 12.0
14.04.2017  09:59    <DIR>          MSBuild
23.06.2017  15:33    <DIR>          NewBlueFX
20.08.2017  18:50    <DIR>          NVIDIA Corporation
15.01.2017  09:21    <DIR>          Oculus VR Runtime Drivers
15.03.2014  14:13    <DIR>          Qualcomm Atheros
14.04.2017  09:04    <DIR>          Realtek
14.04.2017  09:59    <DIR>          Reference Assemblies
18.06.2017  12:54    <DIR>          Rockstar Games
21.10.2016  21:05    <DIR>          SteelSeries
26.05.2014  16:19    <DIR>          SteelSeries Engine
13.02.2016  19:26    <DIR>          Uninstall Information
13.04.2017  15:08    <DIR>          UNP
15.11.2015  20:50    <DIR>          VB
12.09.2017  16:44    <DIR>          Virtual Desktop
15.03.2014  15:40    <DIR>          VLC
28.06.2017  06:44    <DIR>          Windows Defender
20.03.2017  06:43    <DIR>          Windows Defender Advanced Threat Protection
13.09.2017  20:58    <DIR>          Windows Mail
20.03.2017  06:41    <DIR>          Windows Media Player
18.03.2017  23:03    <DIR>          Windows Multimedia Platform
14.04.2017  09:15    <DIR>          Windows NT
13.09.2017  20:58    <DIR>          Windows Photo Viewer
18.03.2017  23:03    <DIR>          Windows Portable Devices
18.03.2017  23:03    <DIR>          Windows Security
14.04.2017  09:06    <DIR>          Windows Sidebar
23.09.2017  07:04    <DIR>          WindowsApps
18.03.2017  23:03    <DIR>          WindowsPowerShell
               1 Datei(en),            174 Bytes
              48 Verzeichnis(se), 61.289.340.928 Bytes frei

========= Ende von CMD: =========


========= dir "C:\Users\Hoshi\AppData\Roaming" /a =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: 3A2A-1B4A

 Verzeichnis von C:\Users\Hoshi\AppData\Roaming

23.09.2017  07:15    <DIR>          .
23.09.2017  07:15    <DIR>          ..
25.08.2016  16:21    <DIR>          .minecraft
18.04.2016  16:28    <DIR>          .mono
02.08.2014  18:45    <DIR>          AC3Filter
09.11.2015  17:56    <DIR>          Adobe
12.05.2014  16:13    <DIR>          Apple Computer
01.12.2014  19:16    <DIR>          Arrowhead
14.08.2016  15:08    <DIR>          Aspyr Media
18.12.2015  12:38    <DIR>          Atari
15.06.2017  18:19    <DIR>          Audacity
12.03.2015  19:28    <DIR>          Awesomium
24.02.2015  19:38    <DIR>          BadFlyInteractive
21.05.2017  16:48    <DIR>          Battle.net
28.12.2015  21:09    <DIR>          Bioshock2Steam
04.08.2017  14:57    <DIR>          BioshockHD
27.12.2015  14:56               297 BreakingPoint_Login.ini
27.12.2015  16:12             1.427 BreakingPoint_Options.ini
29.08.2017  15:23    <DIR>          Bungie
19.07.2014  18:26    <DIR>          Capcom
10.09.2017  11:30    <DIR>          com.nolimitscoaster.nolimits2
13.07.2015  17:26    <DIR>          com.ohnoo.Tormentum
11.09.2017  20:25    <DIR>          Cronus
28.01.2016  19:25    <DIR>          Crystal Dynamics
23.08.2016  08:00    <DIR>          CtrlAltStudio Viewer
16.07.2016  15:07    <DIR>          Cyberduck
26.08.2017  15:28    <DIR>          DAEMON Tools Lite
22.02.2015  20:28    <DIR>          DarknessII
12.02.2016  15:05    <DIR>          DarkSoulsII
13.04.2016  17:56    <DIR>          DarkSoulsIII
06.09.2017  06:26    <DIR>          DAZ 3D
04.02.2017  16:43    <DIR>          descent-underground-launcher
05.09.2017  18:57    <DIR>          discord
07.12.2014  12:41    <DIR>          Disney Interactive Studios
29.05.2016  13:05    <DIR>          DisneyInteractiveStudios
06.04.2015  20:41    <DIR>          Doublefine
13.05.2017  11:26    <DIR>          DVDVideoSoft
04.08.2017  13:23    <DIR>          electron-quick-start
20.12.2016  20:48    <DIR>          Elgato
29.05.2016  10:11    <DIR>          Exanima
21.12.2016  20:37    <DIR>          fatshark
22.08.2016  19:51    <DIR>          FC-VR
26.03.2016  20:52    <DIR>          FileZilla
19.07.2017  20:18    <DIR>          Firestorm
23.06.2017  19:36    <DIR>          Firestorm_x64
31.03.2017  20:17    <DIR>          FlacSquisher
18.01.2015  22:30    <DIR>          fltk.org
17.11.2016  21:24    <DIR>          Frontier Developments
09.11.2015  17:59    <DIR>          G4E
09.11.2015  18:15    <DIR>          G4EDLC2
24.08.2017  16:01    <DIR>          Gaikai
13.05.2015  20:44    <DIR>          GameMill Entertainment
30.04.2014  22:48    <DIR>          Games
09.10.2015  16:55    <DIR>          GetRightToGo
03.06.2017  09:47    <DIR>          GHISLER
12.09.2017  18:08    <DIR>          Google
06.01.2016  19:27    <DIR>          Gyazo
18.08.2016  20:44    <DIR>          HandBrake
15.03.2014  19:35    <DIR>          HeidiSQL
14.08.2016  16:32               224 highScores.txt
24.08.2014  10:24    <DIR>          HomeSheepHome2
20.07.2016  16:57    <DIR>          HTC
23.08.2014  19:47    <DIR>          ImgBurn
15.03.2014  14:19    <DIR>          InstallShield
15.03.2014  14:19    <DIR>          Intel Corporation
16.07.2016  15:07    <DIR>          iterate_GmbH
16.01.2015  23:51    <DIR>          java
05.02.2015  21:16    <DIR>          Joymasher
17.08.2014  18:16    <DIR>          Kalypso Media
21.09.2015  14:52                99 LauncherSettings_live.cfg
15.03.2014  15:31    <DIR>          Logishrd
15.03.2014  15:31    <DIR>          Logitech
03.06.2015  19:42    <DIR>          LucasArts
15.03.2014  15:18    <DIR>          Macromedia
23.06.2017  14:31    <DIR>          MAGIX
26.06.2014  18:59    <DIR>          Malwarebytes
14.04.2017  09:12    <DIR>          Microsoft
29.01.2015  18:32    <DIR>          Milestone
15.01.2015  22:23    <DIR>          MMFApplications
15.03.2014  14:25    <DIR>          Mozilla
29.06.2014  13:44    <DIR>          Nero
26.10.2016  20:52    <DIR>          NVIDIA
07.08.2017  20:10    <DIR>          obs-studio
10.03.2017  21:07    <DIR>          Oculus
21.07.2016  19:13    <DIR>          OculusClient
13.09.2017  18:10    <DIR>          Origin
18.09.2015  17:49    <DIR>          proDAD
12.04.2015  20:08    <DIR>          QuickScan
17.04.2017  19:34    <DIR>          Revive
22.02.2015  20:46    <DIR>          ScummVM
25.09.2014  16:48    <DIR>          SecondLife
10.05.2014  11:53    <DIR>          SecuROM
09.11.2015  18:31    <DIR>          Shooter
13.06.2015  14:42    <DIR>          silenceofthesleep
18.01.2015  21:14    <DIR>          Silverback Productions
18.09.2017  19:11    <DIR>          Skype
24.08.2017  16:15    <DIR>          Sony Interactive Entertainment Network America LLC
28.05.2017  10:14    <DIR>          SpaceEngineers
08.09.2016  19:50    <DIR>          Spore
02.02.2017  18:59    <DIR>          Spotify
17.09.2016  19:34    <DIR>          StarTrekPC
02.09.2014  20:27    <DIR>          Steam
06.05.2016  09:29    <DIR>          SteelSeries
06.08.2016  09:53    <DIR>          Stereoscopic Player
24.04.2014  18:51    <DIR>          StunlockStudios
30.08.2015  16:15    <DIR>          Sun
16.07.2016  17:40    <DIR>          TeamViewer
26.12.2015  22:56    <DIR>          The Zombie Infection
21.09.2015  14:43    <DIR>          theHunter
21.09.2015  14:44            10.525 TheHunterSettings_live.bin
21.09.2015  14:43                40 TheHunterSettings_steam_live.cfg
21.09.2015  14:40    <DIR>          theHunterSteam
15.03.2014  15:14    <DIR>          Thunderbird
18.09.2015  18:11    <DIR>          Titler
23.12.2015  13:20    <DIR>          TLDCEPC
19.09.2017  21:08    <DIR>          TS3Client
25.08.2015  18:35    <DIR>          Ulead Systems
12.12.2015  14:12    <DIR>          Unity
22.09.2017  15:12    <DIR>          UseNeXT
13.09.2017  20:00    <DIR>          uTorrent
17.08.2014  15:37    <DIR>          VBA-M
21.05.2016  19:43    <DIR>          Vectec Software
10.07.2017  18:02    <DIR>          vice
21.07.2016  06:41    <DIR>          Virtual Desktop
22.09.2017  19:04    <DIR>          vlc
10.09.2016  14:05    <DIR>          VoiceAttack
02.12.2015  22:37             3.317 VoiceMeeterDefault.xml
28.05.2016  22:26    <DIR>          Warner Bros. Interactive Entertainment
13.05.2015  20:32    <DIR>          Wayforward Technologies
10.09.2016  18:39    <DIR>          WEVR
20.10.2015  19:29    <DIR>          Winamp
22.09.2017  20:12    <DIR>          WingsSaveData
19.03.2014  20:22    <DIR>          WinRAR
07.05.2015  17:30    <DIR>          Yacht Club Games
               7 Datei(en),         15.929 Bytes
             127 Verzeichnis(se), 61.289.336.832 Bytes frei

========= Ende von CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"C:\WINDOWS\uninstaller.dat"="0"
"C:\WINDOWS\ea25b50d8d77b75b0e1b47872ebc5b38.exe"="0"
"C:\WINDOWS\system32\drivers\ca411eda88aa6e27faf3faffca1124f5.sys"="0"
"C:\Program Files\088195c19b33f61100dd567039f0a39e"="0"
"C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1"="0"
"C:\WINDOWS\f371379892038d205abbfa586a4788d0.xml"="0"

=== Ende von ExportKey ===

========= Get-ChildItem -Path cert:\LocalMachine\Disallowed -recurse | Format-List -Property * =========


========= Ende von Powershell: =========


========= Get-ChildItem -Path cert:\CurrentUser\Disallowed -recurse | Format-List -Property * =========



PSPath                   : Microsoft.PowerShell.Security\Certificate::CurrentUser\Disallowed\9AAF24A4D6CA8CCDF64BBF916C
                           BC77512A9B0CA7
PSParentPath             : Microsoft.PowerShell.Security\Certificate::CurrentUser\Disallowed
PSChildName              : 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7
PSDrive                  : Cert
PSProvider               : Microsoft.PowerShell.Security\Certificate
PSIsContainer            : False
EnhancedKeyUsageList     : {Codesignatur (1.3.6.1.5.5.7.3.3)}
DnsNameList              : {Adobe Systems Incorporated}
SendAsTrustedIssuer      : False
EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty
PolicyId                 : 
Archived                 : False
Extensions               : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, 
                           System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
FriendlyName             : 
IssuerName               : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter                 : 08.01.2016 00:59:59
NotBefore                : 14.01.2014 01:00:00
HasPrivateKey            : False
PrivateKey               : 
PublicKey                : System.Security.Cryptography.X509Certificates.PublicKey
RawData                  : {48, 130, 5, 140...}
SerialNumber             : 50ED674255614BF4ED3ED423CC93CA7D
SubjectName              : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm       : System.Security.Cryptography.Oid
Thumbprint               : 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7
Version                  : 3
Handle                   : 2233233856608
Issuer                   : CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, 
                           O=Symantec Corporation, C=US
Subject                  : CN=Adobe Systems Incorporated, OU=Flash Player, O=Adobe Systems Incorporated, L=San Jose, 
                           S=California, C=US, SERIALNUMBER=2748129, OID.2.5.4.15=Private Organization, 
                           OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US




========= Ende von Powershell: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 174966436 B
Java, Flash, Steam htmlcache => 201382972 B
Windows/system/drivers => 51147575 B
Edge => 199 B
Chrome => 457020665 B
Firefox => 136540474 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 8162 B
NetworkService => 15359270 B
Hoshi => 1493389560 B
Mcx1-HOSHI-PC => 51481 B
OVRLibraryService => 33058 B

RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 07:16:07 ====
         

Alt 23.09.2017, 07:21   #9
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



frst
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-09-2017
durchgeführt von Hoshi (Administrator) auf HOSHI-PC (23-09-2017 07:18:50)
Gestartet von C:\Users\Hoshi\Desktop
Geladene Profile: Hoshi (Verfügbare Profile: Hoshi & Mcx1-HOSHI-PC & OVRLibraryService)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser nicht gefunden!)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Oculus VR) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\TeamViewer_Service.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify Web Helper] => C:\Users\Hoshi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify] => C:\Users\Hoshi\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{44eab3ff-54e7-4179-9334-818557caa181}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{48087fcf-0f34-473d-98e4-623094e6d179}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{50f0966d-4c38-4772-9bc1-2e04e25500e9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{53270d60-5f82-4144-bb10-31c955cd1d24}: [DhcpNameServer] 192.168.42.129
ManualProxies: 

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2016-01-18] (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: v835n1d8.default-1416499139358
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 [2017-09-23]
FF Homepage: Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 -> www.google.de
FF Extension: (MEGA) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\firefox@mega.co.nz.xpi [2017-09-21]
FF Extension: (FlashDisable) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2017-04-10]
FF Extension: (NoScript) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-12]
FF Extension: (Video DownloadHelper) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Bitdefender QuickScan) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-04-21] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-09-21]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default [2017-09-23]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
S3 GalaxyClientService; D:\Games\GalaxyClient\GalaxyClientService.exe [532544 2017-09-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-09-07] (GOG.com)
S4 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2098528 2017-09-12] (Electronic Arts)
S2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [2977640 2017-09-12] (Electronic Arts)
S3 OVRLibraryService; D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe [207656 2016-12-13] (Oculus VR, LLC)
R2 OVRService; D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [470480 2016-12-13] (Oculus VR)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-07-26] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2017-09-12] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [324224 2016-05-23] (Skype Technologies)
R2 TeamViewer; D:\Programme\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [330208 2017-07-19] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [75560 2017-05-06] (Broadcom Corporation.)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2017-05-25] (Disc Soft Ltd)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-09-29] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-09-29] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-11-09] () [Datei ist nicht signiert]
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-15] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 aspnet_state; kein ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-23 07:15 - 2017-09-23 07:16 - 000042987 _____ C:\Users\Hoshi\Desktop\Fixlog.txt
2017-09-23 07:15 - 2017-09-23 07:15 - 000000000 ____D C:\Users\Hoshi\Desktop\FRST-OlderVersion
2017-09-22 20:01 - 2017-09-22 20:01 - 000000955 _____ C:\Users\Public\Desktop\Wings! Remastered.lnk
2017-09-22 20:01 - 2017-09-22 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings! Remastered [GOG.com]
2017-09-22 15:45 - 2017-09-22 15:45 - 000070612 _____ C:\Users\Hoshi\Downloads\2a29ca61-d44f-4702-ada1-a5202ddde7c8.tmp
2017-09-22 15:14 - 2017-09-22 15:15 - 039468304 _____ (Microsoft Corporation) C:\Users\Hoshi\Downloads\mpas-feX64.exe
2017-09-22 06:19 - 2017-09-23 07:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-22 06:18 - 2017-09-22 19:58 - 000000000 ____D C:\Users\Hoshi\Desktop\mbar
2017-09-22 06:17 - 2017-09-22 06:17 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Hoshi\Downloads\mbar-1.09.3.1001.exe
2017-09-21 20:32 - 2017-09-21 20:32 - 000539414 _____ C:\Users\Hoshi\Desktop\Defender.txt
2017-09-21 20:25 - 2017-09-21 20:25 - 000245912 _____ (Mozilla) C:\Users\Hoshi\Downloads\Firefox Installer.exe
2017-09-21 20:23 - 2017-09-21 20:23 - 000251110 _____ C:\Users\Hoshi\Desktop\bookmarks-2017-09-21.json
2017-09-21 18:47 - 2017-09-21 18:47 - 000001279 _____ C:\Users\Hoshi\Desktop\mbam.txt
2017-09-21 18:39 - 2017-09-23 07:19 - 000022065 _____ C:\Users\Hoshi\Desktop\FRST.txt
2017-09-21 18:39 - 2017-09-23 07:18 - 000000000 ____D C:\FRST
2017-09-21 18:39 - 2017-09-21 18:39 - 000148672 _____ C:\Users\Hoshi\Desktop\Addition.txt
2017-09-21 18:37 - 2017-09-23 07:15 - 002399744 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2017-09-21 17:49 - 2017-09-21 18:32 - 000465324 _____ C:\WINDOWS\ntbtlog.txt
2017-09-21 17:49 - 2017-09-21 18:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-21 17:45 - 2017-09-21 17:45 - 000024658 _____ C:\WINDOWS\System32\Tasks\{79097F47-7A7D-0904-0B11-0F04040D1179}
2017-09-21 17:42 - 2017-09-21 17:47 - 000003286 _____ C:\WINDOWS\System32\Tasks\088195c19b33f61100dd567039f0a39e
2017-09-20 22:10 - 2017-09-20 22:10 - 000051624 _____ C:\WINDOWS\uninstaller.dat
2017-09-20 16:59 - 2017-09-20 17:01 - 004204032 _____ (crosire) C:\Users\Hoshi\Desktop\ReShade.exe
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ C:\Users\Hoshi\AppData\Local\recently-used.xbel
2017-09-19 16:48 - 2017-09-19 16:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-09-18 17:33 - 2017-09-18 17:33 - 000000098 _____ C:\WINDOWS\SysWOW64\QuickTime.qtp
2017-09-18 17:33 - 2017-09-18 17:33 - 000000000 ____D C:\WINDOWS\SysWOW64\QuickTime
2017-09-18 17:33 - 1999-07-13 20:02 - 000086016 _____ (MindVision Software) C:\WINDOWS\unvise32qt.exe
2017-09-18 17:32 - 2017-09-18 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time
2017-09-18 16:49 - 2017-09-19 19:20 - 000000000 ____D C:\Users\Hoshi\Documents\Project CARS
2017-09-18 16:49 - 2017-09-18 16:49 - 000000000 ____D C:\Users\Hoshi\Documents\wmd_symbol_cache
2017-09-17 20:26 - 2017-09-17 20:49 - 000000065 _____ C:\Users\Hoshi\Desktop\SL Foto Termine!.txt
2017-09-17 10:27 - 2017-09-17 10:29 - 021643807 _____ C:\Users\Hoshi\Desktop\Sound Fix v1.4.3.rar
2017-09-17 10:27 - 2017-09-17 10:28 - 021697338 _____ C:\Users\Hoshi\Desktop\Jaguar XJ220 v1.3.rar
2017-09-17 08:52 - 2017-09-17 09:35 - 000000000 ____D C:\Users\Hoshi\Documents\Assetto Corsa
2017-09-16 14:13 - 2017-09-16 14:13 - 000000000 ____D C:\Users\Hoshi\Desktop\Posen
2017-09-15 20:18 - 2017-09-15 20:21 - 000000000 ____D C:\Users\Hoshi\Documents\MindShow
2017-09-15 20:13 - 2017-09-15 20:13 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Mindshow
2017-09-15 19:43 - 2017-09-15 19:43 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Against Gravity
2017-09-15 15:52 - 2017-09-15 15:52 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Stress Level Zero
2017-09-13 20:38 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 20:38 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 20:38 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 20:38 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 20:38 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 20:38 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 20:38 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 20:38 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-13 20:38 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 20:38 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 20:38 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 20:38 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 20:38 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 20:38 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 20:38 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 20:38 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-09-13 20:38 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 20:38 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 20:34 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 20:34 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:34 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 20:34 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 20:34 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 20:34 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 20:34 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 20:34 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 20:34 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 20:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 20:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 20:33 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 20:33 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 20:33 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 20:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 20:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 20:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 20:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 20:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 20:33 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 20:33 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 20:33 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 20:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 20:33 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 20:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 20:33 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 20:33 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 20:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 20:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 20:33 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 20:33 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 20:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 20:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 20:32 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 20:32 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 20:32 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 20:32 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 20:32 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 20:32 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 20:32 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 20:32 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 20:32 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 20:32 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 20:32 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 20:32 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 20:32 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 20:32 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 20:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 20:32 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 20:32 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 20:32 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 20:32 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 20:32 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 20:32 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 20:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-09-13 20:32 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 20:32 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 20:32 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 20:32 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 20:31 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 20:31 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 20:31 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 20:31 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 20:31 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 20:31 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-13 20:31 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-13 20:31 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 20:31 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 20:31 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 20:31 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 20:31 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 20:31 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 20:31 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 20:31 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 20:30 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 19:33 - 2017-09-13 19:33 - 000000000 ____D C:\temp
2017-09-12 18:08 - 2017-09-12 18:08 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Google
2017-09-12 16:44 - 2017-09-12 18:32 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-09-12 16:44 - 2017-09-12 16:44 - 000000000 ____D C:\Program Files\Virtual Desktop
2017-09-10 10:52 - 2017-09-10 11:30 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\Users\Hoshi\Documents\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\ProgramData\com.nolimitscoaster.nolimits2
2017-09-09 17:16 - 2017-09-09 17:16 - 000000000 ____D C:\Users\Hoshi\AppData\Local\E1
2017-09-09 13:53 - 2017-09-09 13:53 - 000000000 ____D C:\Users\Hoshi\M210Projects
2017-09-09 13:28 - 2017-09-09 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood [GOG.com]
2017-09-09 11:09 - 2017-09-09 11:34 - 000000000 ____D C:\Users\Hoshi\Desktop\Aufnahme Vorlagen
2017-09-09 09:04 - 2017-09-09 09:05 - 000000024 _____ C:\Users\Hoshi\Desktop\SL Hud verstecken.txt
2017-09-08 19:08 - 2017-09-08 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima series
2017-09-08 18:14 - 2017-09-08 18:14 - 000000000 ____D C:\Users\Hoshi\AppData\Local\DarkSoulsMapViewer
2017-09-08 17:54 - 2017-09-08 17:54 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Citor3 Entertainment Studio Oy
2017-09-08 17:40 - 2017-09-08 17:40 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\STUDIO MORI
2017-09-08 12:24 - 2017-09-08 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clive Barkers Undying [GOG.com]
2017-09-08 09:09 - 2017-09-08 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Suffering [GOG.com]
2017-09-07 11:18 - 2017-09-07 11:18 - 000003908 _____ C:\WINDOWS\SysWOW64\ST5UNST.003
2017-09-07 11:18 - 2017-09-07 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Shock - Enhanced Edition [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlaws [GOG.com]
2017-09-07 10:10 - 2017-09-07 10:11 - 000096730 _____ C:\WINDOWS\TRON 2.0 Killer App Mod Uninstall Log.txt
2017-09-06 15:55 - 2017-09-06 15:55 - 000001151 _____ C:\Users\Hoshi\Desktop\DTLite.exe - Verknüpfung.lnk
2017-09-06 15:03 - 2017-09-06 15:57 - 000000000 ____D C:\Users\Hoshi\Documents\OpenRA
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\Documents\DAZ 3D
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\ProgramData\DAZ 3D
2017-09-06 06:25 - 2017-09-06 06:25 - 000000979 _____ C:\Users\Hoshi\Desktop\DAZ Studio 4.9 (64-bit).lnk
2017-09-06 06:25 - 2017-09-06 06:25 - 000000000 ____D C:\Program Files\DAZ 3D
2017-09-05 20:22 - 2017-09-06 11:48 - 000000000 ____D C:\Users\Public\Documents\My DAZ 3D Library
2017-09-05 20:20 - 2017-09-05 20:20 - 000000000 ____D C:\Users\Public\Documents\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:25 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-09-05 20:19 - 2017-09-05 20:19 - 000000949 _____ C:\Users\Hoshi\Desktop\DAZ Install Manager.lnk
2017-09-05 18:57 - 2017-09-05 18:57 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-09-05 18:55 - 2017-09-05 18:55 - 000000279 _____ C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (2).lnk
2017-09-05 17:50 - 2017-09-05 17:50 - 000001106 _____ C:\Users\Hoshi\Desktop\dosbox.exe - Verknüpfung.lnk
2017-09-01 19:29 - 2017-09-05 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MadOnion.com
2017-08-31 17:51 - 2017-08-31 17:51 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Lighthouse Games Studio
2017-08-29 15:23 - 2017-08-29 15:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Bungie
2017-08-28 17:33 - 2017-08-28 17:33 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Cinemur
2017-08-26 15:31 - 2017-08-26 15:31 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Acid Wizard Studio
2017-08-25 14:34 - 2017-08-22 00:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-25 14:34 - 2017-08-22 00:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-25 14:33 - 2017-08-22 03:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001289840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001007280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-24 16:01 - 2017-08-24 16:01 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Gaikai
2017-08-24 16:00 - 2017-08-24 16:15 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Sony Interactive Entertainment Network America LLC
2017-08-24 16:00 - 2017-08-24 16:00 - 000000000 ____D C:\Program Files\DIFX

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-23 07:16 - 2017-04-14 09:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-23 07:16 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-23 07:16 - 2017-03-18 13:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-23 07:15 - 2017-04-14 09:04 - 000000000 ____D C:\Users\Hoshi
2017-09-23 07:15 - 2016-06-05 13:41 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Temp
2017-09-23 07:04 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-23 07:04 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-22 20:12 - 2016-07-03 18:13 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\WingsSaveData
2017-09-22 19:49 - 2014-06-26 18:59 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-22 19:48 - 2014-06-26 18:59 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-22 19:12 - 2017-04-14 09:17 - 006609404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-22 19:12 - 2017-03-20 06:41 - 003329646 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-22 19:12 - 2017-03-20 06:41 - 000899882 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-22 19:06 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Performance
2017-09-22 19:04 - 2014-03-19 20:22 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\vlc
2017-09-22 17:45 - 2017-04-14 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-22 15:43 - 2015-11-17 21:12 - 000000000 ____D C:\Users\Hoshi\AppData\Local\CrashDumps
2017-09-22 15:12 - 2014-03-15 16:33 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\UseNeXT
2017-09-22 06:47 - 2017-04-14 09:13 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{91BA399B-E431-49C7-9B9A-A968D8719897}
2017-09-22 06:33 - 2014-03-15 14:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-22 06:17 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-22 05:15 - 2014-11-13 05:39 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-09-21 20:24 - 2016-03-19 10:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-21 18:54 - 2015-06-21 13:23 - 000000000 ____D C:\WINDOWS\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2017-09-21 18:24 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-21 18:17 - 2015-01-30 20:17 - 000000306 __RSH C:\ProgramData\ntuser.pol
2017-09-21 18:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-09-21 17:40 - 2017-04-14 09:13 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-21 17:40 - 2017-04-14 09:13 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-21 17:40 - 2009-07-14 05:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-20 16:33 - 2014-12-06 17:48 - 000000000 ____D C:\Users\Hoshi\AppData\Local\gtk-2.0
2017-09-20 16:33 - 2014-12-06 17:39 - 000000000 ____D C:\Users\Hoshi\.gimp-2.8
2017-09-19 21:08 - 2014-03-30 14:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\TS3Client
2017-09-18 19:11 - 2014-03-15 15:32 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Skype
2017-09-18 18:19 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Programme
2017-09-18 17:35 - 2015-12-13 09:21 - 000000000 ____D C:\Users\Hoshi\AppData\Local\ElevatedDiagnostics
2017-09-18 17:33 - 2014-05-11 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-09-16 14:13 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Games
2017-09-15 18:27 - 2017-05-21 16:47 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Battle.net
2017-09-14 17:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 06:10 - 2016-02-13 19:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-14 06:09 - 2017-04-14 09:03 - 005290080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 20:58 - 2017-03-20 06:41 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 20:57 - 2017-04-29 07:35 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Mixxx
2017-09-13 20:57 - 2014-03-15 15:20 - 000000000 ____D C:\ProgramData\Origin
2017-09-13 20:44 - 2014-03-15 17:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 20:43 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 20:43 - 2014-03-15 17:02 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 20:00 - 2014-03-19 18:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\uTorrent
2017-09-13 19:33 - 2016-10-01 09:25 - 000000000 ____D C:\Games
2017-09-13 18:10 - 2016-06-05 13:48 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Origin
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 18:32 - 2014-05-17 19:23 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-09-12 18:31 - 2014-03-15 16:03 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-09-12 18:16 - 2015-07-03 19:19 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Google
2017-09-12 18:02 - 2014-03-15 16:03 - 000000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-09-12 16:23 - 2014-03-15 14:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-12 16:23 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-11 20:25 - 2017-02-18 07:18 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Cronus
2017-09-10 19:43 - 2015-05-20 17:19 - 000000000 ____D C:\Users\Hoshi\Documents\The Witcher 3
2017-09-09 19:09 - 2014-03-16 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-09-09 19:09 - 2014-03-15 16:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 11:18 - 2016-04-16 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Gold [GOG.com]
2017-09-07 11:18 - 2014-06-16 17:24 - 000000390 _____ C:\WINDOWS\SysWOW64\ilent
2017-09-07 11:17 - 2017-07-18 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F.E.A.R. Platinum Collection [GOG.com]
2017-09-07 11:17 - 2016-12-16 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redneck Rampage [GOG.com]
2017-09-05 18:57 - 2017-05-23 16:41 - 000002237 _____ C:\Users\Hoshi\Desktop\Discord.lnk
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\discord
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Discord
2017-09-05 18:46 - 2017-07-16 08:25 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Thunder Lotus Games
2017-09-02 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-30 19:57 - 2015-11-02 18:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 05:56 - 2015-07-03 19:19 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 18:17 - 2017-07-19 20:18 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Firestorm
2017-08-26 15:28 - 2017-05-25 16:10 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2017-08-25 15:05 - 2014-03-22 15:08 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Blizzard Entertainment
2017-08-25 14:35 - 2017-04-14 09:13 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-25 14:35 - 2016-07-07 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-25 14:34 - 2016-03-19 18:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-18 20:03 - 2016-07-18 20:03 - 000006144 _____ () C:\Program Files (x86)\com.htc.vive.setup.bilogclient
2015-12-26 23:05 - 2015-12-27 14:56 - 000000297 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Login.ini
2015-12-26 23:06 - 2015-12-27 16:12 - 000001427 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Options.ini
2016-08-14 16:25 - 2016-08-14 16:32 - 000000224 _____ () C:\Users\Hoshi\AppData\Roaming\highScores.txt
2015-09-21 14:52 - 2015-09-21 14:52 - 000000099 _____ () C:\Users\Hoshi\AppData\Roaming\LauncherSettings_live.cfg
2015-09-21 14:44 - 2015-09-21 14:44 - 000010525 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_live.bin
2015-09-21 14:43 - 2015-09-21 14:43 - 000000040 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-11-15 21:03 - 2015-12-02 22:37 - 000003317 _____ () C:\Users\Hoshi\AppData\Roaming\VoiceMeeterDefault.xml
2015-01-30 20:11 - 2016-12-03 10:20 - 000010752 _____ () C:\Users\Hoshi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-19 11:53 - 2016-10-19 11:53 - 000000291 _____ () C:\Users\Hoshi\AppData\Local\ledConfiguration.config
2016-10-19 11:53 - 2016-12-25 12:58 - 000000737 _____ () C:\Users\Hoshi\AppData\Local\NvidiaLEDVisualizer.config
2016-03-15 17:36 - 2016-03-26 20:52 - 000000600 _____ () C:\Users\Hoshi\AppData\Local\PUTTY.RND
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ () C:\Users\Hoshi\AppData\Local\recently-used.xbel
2016-07-31 13:54 - 2017-04-02 16:11 - 000007659 _____ () C:\Users\Hoshi\AppData\Local\Resmon.ResmonCfg
2014-12-23 13:43 - 2014-12-23 13:43 - 000004999 _____ () C:\ProgramData\auqrgqib.ttw
2017-04-14 09:04 - 2017-04-14 09:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-04 09:56 - 2017-05-04 18:25 - 000000257 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-04-08 22:13 - 2017-04-08 22:13 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-15 14:00

==================== Ende von FRST.txt ============================
         

Alt 23.09.2017, 07:22   #10
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-09-2017
durchgeführt von Hoshi (23-09-2017 07:19:14)
Gestartet von C:\Users\Hoshi\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-14 07:15:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1299527896-1211748070-1707534253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1299527896-1211748070-1707534253-503 - Limited - Disabled)
Gast (S-1-5-21-1299527896-1211748070-1707534253-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1299527896-1211748070-1707534253-1002 - Limited - Enabled)
Hoshi (S-1-5-21-1299527896-1211748070-1707534253-1000 - Administrator - Enabled) => C:\Users\Hoshi
Mcx1-HOSHI-PC (S-1-5-21-1299527896-1211748070-1707534253-1005 - Limited - Enabled) => C:\Users\Mcx1-HOSHI-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Chair in a Room: Greenwater (HKLM\...\Steam App 427760) (Version:  - Wolf &amp; Wood Interactive Ltd)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)
Aeon (HKLM\...\Steam App 543390) (Version:  - Illusion Ranger)
Agents of Mayhem (HKLM\...\Steam App 304530) (Version:  - Deep Silver Volition)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Aliens vs. Predator (HKLM-x32\...\Steam App 10680) (Version:  - Rebellion)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{AFADB5DC-3ABC-421F-9DAD-BDABE511258B}) (Version: 4.0.51117.1 - Microsoft Corporation)
Arizona Sunshine (HKLM\...\Steam App 342180) (Version:  - Vertigo Games)
Art of Fight (HKLM\...\Steam App 531270) (Version:  - Raptor-Lab)
Assetto Corsa (HKLM\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Axiom Verge (HKLM\...\Steam App 332200) (Version:  - Thomas Happ Games LLC)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Battlezone (HKLM\...\Steam App 312650) (Version:  - Rebellion)
Beyond Good and Evil (HKLM-x32\...\Uplay Install 232) (Version:  - Ubisoft)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
Bullets And More VR - BAM VR (HKLM\...\Steam App 525640) (Version:  - Koenigz)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Infinite Warfare (HKLM\...\Steam App 292730) (Version:  - Infinity Ward)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\1207659191_is1) (Version: 2.1.0.9 - GOG.com)
Cloudlands : VR Minigolf (HKLM\...\Steam App 425720) (Version:  - Futuretown)
Cmoar VR Cinema (HKLM\...\Steam App 527160) (Version:  - Cmoar Studio)
Comedy Night (HKLM\...\Steam App 665360) (Version:  - Lighthouse Games Studio)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Conarium (HKLM\...\Steam App 313780) (Version:  - Zoetrope Interactive)
Connect (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.5.1.84 - MAGIX Software GmbH)
CoolSoft VirtualMIDISynth 1.14.1 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.14.1.0 - CoolSoft)
Cronus PRO 1.20 (HKLM-x32\...\Cronus PRO) (Version: 1.20 - CronusMAX Team)
CtrlAltStudio-Viewer-Alpha (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Alpha) (Version: 1.2.6.43412 - CtrlAltStudio)
Cyberduck (HKLM-x32\...\{27F61226-4F73-4617-BEDF-DBCB5C6D35D3}) (Version: 5.0.3.20504 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{be4c3b9a-7362-4e8b-a310-225db8ff97d6}) (Version: 5.0.3.20504 - iterate GmbH)
Dangerous Golf (HKLM\...\Steam App 405500) (Version:  - Three Fields Entertainment)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version:  - Double Fine Productions)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.71) (Version: 1.1.0.71 - DAZ 3D)
Dead Effect 2 VR (HKLM\...\Steam App 646200) (Version:  - BadFly Interactive, a.s.)
DeliPlayer (HKLM-x32\...\DeliPlayer2) (Version:  - )
Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
Discord (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DivX Pro 6.8.0 VFW (HKLM-x32\...\divx650vfw_is1) (Version: 6.8.0.14 - )
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Duck Season (HKLM\...\Steam App 503580) (Version:  - Stress Level Zero)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Elgato Game Capture HD (64-bit) (HKLM\...\{C59BB2DE-E483-4704-976C-652E38DB62A0}) (Version: 3.00.111.1111 - Elgato Systems GmbH)
Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version:  - Frontier Developments)
Epic Games Launcher (HKLM-x32\...\{FC1F25AF-C8BB-404E-B15F-1B12CAB98E7F}) (Version: 1.1.96.0 - Epic Games, Inc.)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
EVERSPACE™ (HKLM\...\Steam App 396750) (Version:  - ROCKFISH Games)
F.E.A.R. Platinum Collection (HKLM-x32\...\1423058413_is1) (Version: 2.0.0.6 - GOG.com)
Fast Action Hero (HKLM\...\Steam App 534000) (Version:  - Sirius Sam)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Firebird 2.5.2.26540 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Firestorm-Release (HKLM-x32\...\Firestorm-Release) (Version: 5.0.1.52150 - The Phoenix Firestorm Project, Inc.)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.1.119 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.21.610 - Digital Wave Ltd)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Full Throttle Remastered (HKLM\...\Steam App 228360) (Version:  - Double Fine Productions)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
G4E (HKLM-x32\...\{D42540BE-EB5A-9420-8101-6D87DCDACD9E}) (Version: 1.7 - UNKNOWN) Hidden
G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version:  - )
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Ghost Town Mine Ride & Shootin' Gallery (HKLM\...\Steam App 459010) (Version:  - Spectral Illusions)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth VR (HKLM\...\Steam App 348250) (Version:  - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GORN (HKLM\...\Steam App 578620) (Version:  - Free Lives)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HCS VoicePacks Deutsch AURORA version 2.0 (HKLM-x32\...\{D53FEFBB-C717-403A-8246-D8F2BFC507DA}_is1) (Version: 2.0 - HCS VoicePacks Ltd)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Hellblade: Senua's Sacrifice (HKLM\...\Steam App 414340) (Version:  - Ninja Theory)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Island 359 (HKLM\...\Steam App 476700) (Version:  - CloudGate Studio, Inc.)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Job Simulator (HKLM\...\Steam App 448280) (Version:  - Owlchemy Labs)
John Wick Chronicles (HKLM\...\Steam App 382360) (Version:  - Starbreeze Studios)
Karnage Chronicles (HKLM\...\Steam App 611160) (Version:  - Nordic Trolls)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.66 (HKLM-x32\...\lavfilters_is1) (Version: 0.66 - Hendrik Leppkes)
Layers of Fear (HKLM-x32\...\Steam App 391720) (Version:  - Bloober Team SA)
Lethal VR (HKLM\...\Steam App 532270) (Version:  - Three Fields Entertainment)
Lethe - Episode One (HKLM\...\Steam App 407780) (Version:  - KoukouStudios)
Lockdown: Stand Alone (HKLM\...\Steam App 513270) (Version:  - Viversion)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MAGIX Common Components 1 (HKLM-x32\...\{7A8B2204-574B-42A2-A3DC-52AE142D197F}) (Version: 1.2.0.0 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 1 (HKLM-x32\...\{3859AC53-3C30-4885-AA6B-5DAC442AC871}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fonts Package 2 (HKLM-x32\...\{BCE30F6A-D172-4A2A-94FC-65B6749FDBC7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{81F7511B-CB79-40CB-B173-35292038A84D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\MX.{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\MX.{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\MX.{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\MX.{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\MX.{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\MX.{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\MX.{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (HKLM\...\{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\MX.{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\MX.{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{310EA489-7C68-407E-A246-D600398647F8}) (Version: 15.0.0.107 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{7751963F-7D88-4626-BEFE-9A848F7400B4}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{AA6874A6-C7EB-42D5-B434-A86B75E00F32}) (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{D02B20D4-DA3E-4542-ADFD-D2B0BC8A1E84}) (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\MX.{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\MX.{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\MX.{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel's Guardians of the Galaxy: The Telltale Series (HKLM\...\Steam App 579950) (Version:  - Telltale Games)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.8 - Electronic Arts)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62607.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62607.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mindshow (HKLM\...\Steam App 382000) (Version:  - Mindshow, Inc.)
Mirror's Edge™ Catalyst (HKLM-x32\...\{12228a0d-f6ad-4691-82af-d2c643424468}) (Version: 1.0.3.47248 - Electronic Arts)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Monster Maze VR (HKLM\...\Steam App 543600) (Version:  - 4 Fun Studio)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH)
Music Maker Update (HKLM\...\{6B088B33-748B-4AFD-B6D1-841F298B5D52}) (Version: 25.0.2.44 - MAGIX Software GmbH) Hidden
My Game Long Name (HKLM\...\UDK-6a43523d-137c-4ffe-8432-fea0f9ad936e) (Version:  - Epic Games, Inc.)
Nature Treks VR (HKLM\...\Steam App 587580) (Version:  - John Carline)
Nero Burning ROM 2014 (HKLM-x32\...\{AB51F94A-8AA0-4F96-81B1-0446BA681083}) (Version: 15.0.02700 - Nero AG)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version:  - Infinitap Games)
NewBlue ActionCam Package (HKLM-x32\...\NewBlue ActionCam Package) (Version: 1.0 - NewBlue)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
NewBlue Titler Pro Express For Magix (HKLM\...\NewBlue Titler Pro Express For Magix) (Version: 1.0 - NewBlue)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
nGlide 1.03 (HKLM-x32\...\nGlide) (Version: 1.03 - Zeus Software)
NightCry (HKLM\...\Steam App 427660) (Version:  - Nude Maker)
Nock: Hidden Arrow (HKLM\...\Steam App 525210) (Version:  - CodeBison Games)
NoLimits 2 Roller Coaster Simulation (HKLM\...\Steam App 301320) (Version:  - Ole Lange)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Grafiktreiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA LED Visualizer 1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.LEDVisualizer) (Version: 1.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Observer (HKLM\...\Steam App 514900) (Version:  - Bloober Team SA)
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
One Unit Whole Blood (HKLM-x32\...\1207658856_is1) (Version: 2.1.0.24 - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Outlast 2 (HKLM\...\Steam App 414700) (Version:  - Red Barrels)
Outlaws (HKLM-x32\...\1425302464_is1) (Version: 2.1.0.11 - GOG.com)
Overload (HKLM\...\Steam App 448850) (Version:  - Revival Productions, LLC)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paranormal Activity: The Lost Soul (HKLM\...\Steam App 467660) (Version:  - VRWERX)
Pavlov VR (HKLM\...\Steam App 555160) (Version:  - davevillz)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Pierhead Arcade (HKLM\...\Steam App 435490) (Version:  - Mechabit Ltd)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pool Nation VR  (HKLM\...\Steam App 269170) (Version:  - Cherry Pop Games)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Prey (HKLM\...\Steam App 480490) (Version:  - Arkane Studios)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.467.1 - proDAD GmbH)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project CARS (HKLM\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PS4 Remote Play (HKLM-x32\...\{079C8DC3-767F-46CF-B871-14D21FCC2890}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Quantum Break (HKLM\...\Steam App 474960) (Version:  - Remedy Entertainment)
Quell 4D (HKLM\...\Steam App 534230) (Version:  - Rubycone)
Quest 5.6.1 (HKLM-x32\...\Quest_is1) (Version: 5.6.1 - Alex Warren)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Raw Data (HKLM\...\Steam App 436320) (Version:  - Survios)
Realms of the Haunting (HKLM-x32\...\Realms of the Haunting_is1) (Version:  - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity)
Redneck Rampage Collection (HKLM-x32\...\1207658674_is1) (Version: 2.1.0.12 - GOG.com)
Redout (HKLM\...\Steam App 517710) (Version:  - 34BigThings srl)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-388E-4359-A6DB-DA1000048401}) (Version: 1.0.0004.132 - CAPCOM U.S.A, INC) Hidden
Return to Castle Wolfenstein (HKLM-x32\...\1441704976_is1) (Version: 2.0.0.2 - GOG.com)
Revive Dashboard (HKLM-x32\...\Revive) (Version:  - )
Rez Infinite (HKLM\...\Steam App 636450) (Version:  - Monstars Inc.)
Rick and Morty: Virtual Rick-ality (HKLM\...\Steam App 469610) (Version:  - Owlchemy Labs)
Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version:  - Crystal Dynamics)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version:  - Antimatter Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{6A7F37C9-1E37-3A9A-93D4-09BBEB4BD343}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
Secret World Legends (HKLM\...\Steam App 215280) (Version:  - Funcom)
Serious Sam VR: The First Encounter (HKLM\...\Steam App 552450) (Version:  - Croteam VR)
Shadow Warrior 2 (HKLM\...\Steam App 324800) (Version:  - Flying Wild Hog)
SHOUTcast DNAS (remove only) (HKLM-x32\...\SCDNAS) (Version:  - )
Sin (HKLM-x32\...\Sin) (Version:  - )
Sin Gold (HKLM-x32\...\GOGPACKSINGOLD_is1) (Version: 2.0.0.9 - GOG.com)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM-x32\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Soldier of Fortune - Community Edition 6.1 (HKLM-x32\...\Soldier of Fortune - Community Edition 6.1) (Version:  - )
Sonic Mania (HKLM\...\Steam App 584400) (Version:  - Christian Whitehead)
Soundscape VR (HKLM\...\Steam App 636930) (Version:  - Groove Science)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version:  - )
Space Hulk: Deathwing (HKLM\...\Steam App 298900) (Version:  - Streum On Studio)
Spirits of Xanadu (HKLM-x32\...\Steam App 312230) (Version:  - Good Morning, Commander)
Spotify (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ II Closed Alpha (HKLM-x32\...\{d32f9b53-3a06-4720-bc64-c56f0fe8256a}) (Version: 1.0.0.0 - Electronic Arts)
STASIS (HKLM\...\Steam App 380150) (Version:  - THE BROTHERHOOD)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteamDolls VR Demo (HKLM\...\Steam App 528690) (Version:  - The Shady Gentlemen)
STRAFE® (HKLM\...\Steam App 442780) (Version:  - Pixel Titans)
Strife: Veteran Edition (HKLM-x32\...\Steam App 317040) (Version:  - Rogue Entertainment)
SUPERHOT VR (HKLM\...\Steam App 617830) (Version:  - SUPERHOT Team)
SVRVIVE: The Deus Helix (HKLM\...\Steam App 509540) (Version:  - SVRVIVE Studios)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Tales from the Borderlands (HKLM\...\Steam App 330830) (Version:  - Telltale Games)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Terminator Future Shock + SkyNET version 1.0 (HKLM-x32\...\{AC9D63E6-A090-49E3-95CA-9CAA6706AEAF}_is1) (Version: 1.0 - Bethesda Softworks)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Brookhaven Experiment (HKLM\...\Steam App 440630) (Version:  - Phosphor Games)
The Chronicles of Riddick - Assault on Dark Athena (HKLM-x32\...\GOGPACKRIDDICK_is1) (Version: 2.0.0.10 - GOG.com)
The Gallery - Episode 1: Call of the Starseed (HKLM\...\Steam App 270130) (Version:  - Cloudhead Games ltd.)
The Klub 17 (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Klub-7) (Version: 7.5.0 - Team WRK17)
The Lab (HKLM\...\Steam App 450390) (Version:  - Valve)
The Solus Project (HKLM\...\Steam App 313630) (Version:  - Hourences)
The Suffering (HKLM-x32\...\1268478205_is1) (Version: 1.0.1 - GOG.com)
The Unwelcomed (HKLM\...\Steam App 504560) (Version:  - The Unwelcomed Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
theBlu (HKLM\...\Steam App 451520) (Version:  - Wevr, Inc.)
TheWaveVR (HKLM\...\Steam App 453000) (Version:  - TheWaveVR)
Thief 3 Sneaky Upgrade SDB (HKLM\...\{61271900-d6b0-4da5-801b-7127a8713df1}.sdb) (Version:  - )
Thief 3 Sneaky Upgrade version 1.1.5.2 (HKLM-x32\...\{6787B847-DE1D-4B75-AF7F-9F0B0FF9E59E}_is1) (Version: 1.1.5.2 - )
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.0.9 - Electronic Arts, Inc.)
Tormentum - Dark Sorrow (HKLM\...\Steam App 335000) (Version:  - OhNoo Studio)
TrackMania² Canyon (HKLM\...\Steam App 228760) (Version:  - Nadeo)
Trapcode Suite 64-bit (HKLM\...\{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
TypeScript Power Tool (HKLM-x32\...\{7FBEE165-A653-4B2A-A93A-4643794E22A8}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{D7C8A95B-B1EE-43B1-837D-C73D1321FEBA}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ulead MediaStudio Pro 8.0 (HKLM-x32\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Ultima Underworld 2 (HKLM-x32\...\1207662473_is1) (Version: 2.1.0.20 - GOG.com)
Ultimate Booster Experience (HKLM\...\Steam App 499620) (Version:  - GexagonVR)
Uninvited: MacVenture Series (HKLM\...\Steam App 343810) (Version:  - Zojoi)
Unknown Pharaoh (HKLM\...\Steam App 576100) (Version:  - 4 Fun Studio)
Unreal Gold (HKLM-x32\...\1207658679_is1) (Version: 2.1.0.6 - GOG.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Vanishing Realms (HKLM\...\Steam App 322770) (Version:  - Indimo Labs LLC)
Vasco da Gama 9 HD Essential (HKLM-x32\...\{132A1B32-8C6A-416C-B7FB-7D4CD54C18DE}) (Version: 9.00.0000 - MotionStudios)
Vertigo (HKLM\...\Steam App 465430) (Version:  - Zach Tsiakalis-Brown)
Virtual Desktop (HKLM\...\Steam App 382110) (Version:  - Guy Godin)
Virtual Desktop Service (HKLM\...\{2F1A2C04-7695-47E1-B69E-B2B5B2038C39}) (Version: 1.5.1 - Guy Godin)
Visual Basic 5.0 (C:\WINDOWS\system32\) #3 (HKLM-x32\...\ST5UNST #3) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #4 (HKLM-x32\...\ST5UNST #4) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #5 (HKLM-x32\...\ST5UNST #5) (Version:  - )
Visual Basic 5.0 (C:\Windows\system32\) (HKLM-x32\...\ST5UNST #2) (Version:  - )
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
Vita 2 (HKLM\...\{39B956AD-00E8-4561-B6CC-7E91BDEDB0AF}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Concert Grand LE (HKLM\...\{0501DF32-8054-41E0-A1D1-B6BEAB54CACF}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Drum Engine (HKLM\...\{E5494279-4C0C-4220-9B41-A6BC89D6A92E}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Electric Piano (HKLM\...\{D14FE00B-0E75-462A-936A-C9483A20D0D0}) (Version: 1.0.2.0 - MAGIX Software GmbH) Hidden
Vita Power Guitar (HKLM\...\{69F05894-87A2-4E92-A6E3-EE8937D09CC0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceAttack version 1.5.12 (HKLM-x32\...\{D6EDF6DB-029E-4A34-A3A0-D960CB0FCB2A}_is1) (Version: 1.5.12 - VoiceAttack.com)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
vorpX (HKLM-x32\...\{C136D0CC-9077-4979-801E-6B5A956EED6A}_is1) (Version: 17.1.3.0 - Animation Labs)
VRporize - VR FPS (HKLM\...\Steam App 498970) (Version:  - Mercury Aerospace Industries)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Waltz of the Wizard (HKLM\...\Steam App 436820) (Version:  - Aldin Dynamics)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wheel of Time (HKLM-x32\...\Wheel of Time) (Version:  - )
White Night (HKLM-x32\...\Steam App 301560) (Version:  - OSome Studio)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windlands (HKLM\...\Steam App 428370) (Version:  - Psytec Games Ltd)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
Wings! Remastered (HKLM-x32\...\1207666423_is1) (Version: 2.1.0.2 - GOG.com)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xara 3D Maker 7 (HKLM-x32\...\{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.415 - Xara Group Ltd) Hidden
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {08060686-DA7A-4F81-903F-5EF5846EBC46} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {10FB4821-8293-4FB8-93AC-ED877096D358} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {15CEA677-3D1C-403A-8EE5-9C536AE36655} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3356136B-5DA8-4E2C-94F1-D934C3FFD02A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33D241F7-FCC1-4696-BA50-24F80B532744} - System32\Tasks\{EA0A359E-2C55-46AC-83DB-0F986B25B53B} => C:\Windows\system32\pcalua.exe -a E:\WMEncoder64.exe -d E:\
Task: {39B3A4D0-967A-4B83-8FAE-BFC9CCF78C7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {3C768F76-478B-4129-836E-66BBD535DF4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CA1C205-5779-4D65-9B79-03CA693A49ED} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [2017-05-10] (MAGIX Software GmbH)
Task: {3F26B3E2-B93D-49BD-BC7E-5F720B51C994} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {415F7118-E84D-43AD-B678-2809A265ACDD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52FD4488-82FE-4FC3-A835-7330FDE39B8B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58E0F5EB-6F42-4B37-A50A-952C0182547B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A2D88F9-D511-4485-A81D-E9539F5865C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D12D0DE-7C2D-43EB-88A7-25C081D80C44} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6509C4C3-BDFD-4861-ABD9-95C391A5DA45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {67D99D18-6635-4D3E-869B-A89F58F4E0BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {6ACACBFB-34D5-4E50-99F6-7C2E8F65870B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {6DFFA0FA-204A-4DB6-A32D-36551F60CD88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {71CC4BE9-738E-4546-A312-5370DAC238D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {72C2654C-0345-4427-92A1-203E5906A350} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EE287C4-2286-41C0-8590-B925FB2DD061} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8426F389-7EEE-48D3-86F8-A0B7F68C0351} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9502FC37-4BF3-4187-97DB-BB885F817B28} - System32\Tasks\{540C4F0A-AFE9-41B0-8BED-770ADCAFCFDD} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/de/abandoninstall?page=tsMain
Task: {9F4B56CC-50E0-44AF-946B-932FF1BB8876} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {ADEAE2A2-DBBC-4FEA-AE2B-1ACCCCA9F22C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B265853E-1EB9-4490-8346-026981D861F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B7290E7F-96E2-49E1-94BC-17D8FC712ACF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF0E8690-E916-421C-925C-8EF2FB370D68} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {CCEA5BF9-67E9-44F9-8750-250CB46A4824} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {D61F55A8-B0BB-4781-80FD-8F7B16E7EA4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E025C148-A5D4-4254-AAA8-1B4360B2374B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)
Task: {E6B257D7-040D-4610-AFE5-4256956C9B14} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAE39C83-0CAA-4312-907A-1243969BAB66} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {ED55E21A-57DB-4591-8F95-58F0658945D4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F2A52317-F2C1-4630-87BC-E12B2FFC7496} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5132FA3-CAD1-4315-BF63-D7542912C7C7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F75A3443-BF9D-4B1D-BAB0-DA6B05C232BC} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HOSHI-PC => C:\WINDOWS\ehome\McxTask.exe
Task: {FC7911CA-4CA6-4249-A2B5-D3C065E61A89} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC8098E2-47F8-48D3-A990-2172097B9ABA} - System32\Tasks\{1B9BAEFE-CA33-481C-8FAF-AF1A3509FC73} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\Battlefield - Bad Company 2\Cleanup.exe" -c uninstall_game -autologging

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\Hoshi\Desktop\Games\InLucysEyes.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\InLucysEyes\InLucysEyes.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\Desktop\Games\TenebrisLake.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\TenebrisLake.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-07-19 21:54 - 2017-07-19 21:54 - 000330208 _____ () C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
2014-12-26 23:05 - 2011-07-28 18:06 - 000297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-09-21 17:40 - 2017-09-21 17:44 - 000014336 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\WTSAPI32.dll
2017-08-29 05:56 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 05:56 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2014-12-26 23:05 - 2011-07-27 12:53 - 000360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-03-15 14:20 - 2013-09-03 17:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-09-07 10:11 - 000000027 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\desktop-hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.
         

Alt 23.09.2017, 07:24   #11
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition fortsetzung
Code:
ATTFilter
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: LogitechQuickCamRibbon => "D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe" /hide
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "HTC Store User Content Helper"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{BA585EE1-A7F9-49C7-88D7-522B7C9DC59D}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{E0DC3C0F-8A5A-4950-B29C-A9CC62B6E5CA}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{702407FC-570B-48B7-B575-F088B82F5FD7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DEEF9EE1-3254-466A-98B9-C6EF05212ACD}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [UDP Query User{19C290C3-9D18-4F16-B042-EFF275DA013C}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [TCP Query User{A632B5B6-D96A-4EA2-A892-8626A8AF81A8}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [UDP Query User{1E455C75-FB8D-483B-91A4-B8C11BE4C869}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [TCP Query User{813295F7-78FC-4553-AC43-715C5B7879F5}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [{3C3D2E69-5741-4D9C-8BA6-F881ECC18C21}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AA3B8C49-6083-48B9-AE89-19BC7C9097E3}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AC96AE27-8529-497D-8B66-FCC05C1371F3}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{A7801E9D-E656-4A15-A6D0-32B372633B3A}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{F90A37A4-FB13-402B-B550-8F4E250A6235}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{003666E4-1942-464C-8684-9E3839ACA7ED}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{5D395514-FDFF-41A2-9CD5-AEF110564C5E}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{DD6D3136-65A5-46F7-B3F2-9309062D411C}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{6B0A2104-10B4-44D9-83FF-602956979021}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{2EA87923-BA90-4961-B89D-8193B1BA93B7}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{4C28E660-F41C-4E65-BE80-7BCCA081576B}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{97BEA2F2-001B-4D94-A00B-9C1B06EBD466}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{E97CCF0D-855F-4E08-91CD-B3B76D5ECE85}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{ADA15F69-55DB-43BD-8F88-F6183D6DCE81}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{E0CEF3DC-4FAE-458D-9748-B22736715E69}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [{9813278E-1BE2-419A-BF40-0A0AFC5DE0FC}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [UDP Query User{1FDBA183-7457-486A-8B59-C110F9C0AA2B}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{DFF78058-8AF5-447D-9241-DAAD9F1A1678}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{4223108D-1598-41A0-9C7D-C98C2C7E8CF0}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{D6FE4E3D-1689-4D1C-8769-66E136EB5BFD}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{07F2908B-71B8-4032-8FCA-9B9F60CD886D}] => (Allow) OVRServer_x64.exe
FirewallRules: [{68A4192E-0BCE-4E38-B01C-7D04950BB40B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{0F30DC54-5C6A-4862-9E20-9CA261B83F8B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{4806CE95-7DBE-4F03-9E01-0E8C5E15CE1B}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{9B495424-3E3E-48C7-9734-B427D7AA5148}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{56D51920-A5CD-4085-B0AE-E21ED31050B7}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{778CDE73-7D13-4DAC-A715-F9998C193F4C}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{16FBA39D-A8FB-4368-AE02-748CFDC4C0BB}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{8F1A9D38-4640-4CAE-B1B3-6B1659F740EE}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{DE830C2D-2792-4793-B8C3-03EE4268374A}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{69B2D7B0-0B35-4D67-870F-B80D5DA11976}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{C02F1FD2-BE14-4B1D-820D-88F3FB6CADED}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{349FF32B-00CD-4466-BD48-49EC3ECF16E1}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{67B64759-2152-491A-B7FD-5F2D77A134C5}] => (Allow) OculusClient.exe
FirewallRules: [{B354CDB8-59FB-4AD5-B91B-1FE9E59160DA}] => (Allow) OculusClient.exe
FirewallRules: [{1E2E29D8-EDB5-4745-9273-0E2B44C2BA12}] => (Allow) OculusVR.exe
FirewallRules: [{B3B70576-2AA5-479D-BB33-ED66BF047058}] => (Allow) OculusVR.exe
FirewallRules: [{BD2E0371-BC51-40C5-8AC5-994147DFF03C}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{70CC2275-610A-4F6B-BD23-E5BFA14550B0}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{A3E91647-CBBA-4C2A-8966-4A9D1953C275}] => (Allow) OVRServer_x64.exe
FirewallRules: [{CFC50AAE-31A2-464D-B8EC-1440BC8AF75F}] => (Allow) OVRServer_x64.exe
FirewallRules: [{5DDA393E-C726-404A-B6BE-C81B852BE85E}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{AE7789AE-2746-4886-8A8C-0A9611145455}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{C0FA4152-1304-4909-9983-0E0B4DF8231E}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{F0B60581-18FA-4DA4-A857-7074717EFEB2}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{36C15119-7D97-4269-8318-0A54BF0699CE}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{15EFFFD8-2995-4D7A-8A1D-D55F0FBD3F00}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [UDP Query User{1F46EB63-73BB-49B7-B16A-AAABA83463D3}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [TCP Query User{DF38C388-6EF5-40E2-ABB5-7A7806CB462F}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [{2EC97B86-1219-49A0-A7A2-7391D7E3E416}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{4D349B1F-5DAA-4F16-B516-B91CF9D6E1C3}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{333A85DC-E692-4A7C-AC1E-923930542B8D}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{0A0E4521-8BE0-499A-A7CC-2D14A50E7945}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{FDAD1FE0-97EC-4D00-97CF-48EB0C58EF09}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{40561B9E-A123-4908-B83A-3C88C57B5391}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{CC04E9D0-241D-4D79-A268-A88497F20AD3}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [{2EECEE85-CFEE-4509-9F24-B1B03D3EE827}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [UDP Query User{45EB9ED9-0CAA-453D-B4D9-06B7B2FEBB5C}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{800CB73E-7CA2-463E-8EE9-3C87FF3734FA}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [UDP Query User{50A12DFF-801A-4AF4-9920-7E5B463506CD}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [TCP Query User{54606CA1-DA6B-4AF5-967A-E12F76C20ABC}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [{BF733EBD-02BE-4B5C-8C19-2FA8AF6ADEB7}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{B673414B-67A0-4DE7-8BA7-4910EA606C90}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{9FC42CE6-3FA4-466E-B7B5-E497154C3240}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{53723693-0DAF-4DE7-9B73-9154E45330ED}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{DBD75664-BE69-4222-985F-4C52ACDD34DA}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{3FB2591D-93B5-4808-AD14-D34BBF3C9876}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{291A965C-E12B-4661-B704-83E8743BB52C}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{9E376CE6-426A-4E7E-B116-65B088452225}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{43037CC1-0C70-40A3-8BEA-6392BC9CA3CD}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [{3F8F8D1C-5E0A-4FE8-81D4-0E90A5304A85}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [UDP Query User{2933B71E-AD92-47FB-9833-2943E612033A}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{7C1C116D-BB06-4F08-9FF8-06F1BCAF6231}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{65A88DF4-D55D-4D10-B267-092E4E81595E}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{61AB9D3C-7E2C-498E-B4C0-403D0D38CE33}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{1B64888E-6A42-422E-ADCA-E1AC56995ED7}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{7C71C520-0138-4A51-8DAF-2DC62ACAFFC2}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{53ED8D1A-8BED-457E-AE41-F08A40127E3C}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{BD6E9A75-9511-45A6-BB74-05CD434D17F6}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{DE5A1E59-8DB6-4619-AA85-79AC39691117}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{5695F430-0FE8-48C1-A594-CF8C4FD0704A}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{B5DA8A5E-4D4F-4C20-95F3-6B65B41ACD8E}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A4C7EA8-EA75-4249-8A13-A5DFD9404043}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C96678AE-C5EB-4085-A06B-F142B7C9CF80}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [{0D6113C4-FD38-466D-BA47-3844AB491F38}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [UDP Query User{16FB7109-76B1-49E7-AD78-62CAB08F652C}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [TCP Query User{F31A3F18-2596-450D-B0E2-3D2B785BEF25}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [{5005CEA3-87E3-4E58-9E27-AB3FD75FBC88}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{DE4E352D-3ADD-436E-BAA1-BE95D3987B52}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{2E4E90F2-95CF-425D-8541-030B3D462F85}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{477BC455-D26F-420D-B5FB-7C3F96B3A73D}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{06865A7F-2F3F-4008-AECF-96E39B11738D}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AA3DC80E-C831-4309-B0F4-A176BFF7030C}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AFFA8C04-DCAA-48EC-AE74-2AD45EF733FF}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{2F642C70-E2AE-4442-8001-EA9124030D71}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{4E547210-56DD-436D-AFB6-26132F63F1C3}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [{5AEACF73-9594-4924-9B2E-0EAA5121E625}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [UDP Query User{44EAC687-8C54-4322-8240-F8FB63E03101}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{24758668-2959-4BC3-8E2C-3E9E455E6734}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{5D898310-DB54-49ED-830B-05F242D1F421}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0466309B-407F-4D69-91E6-86BEAFE9DBEB}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{8AEE8D01-CF01-47AE-AD5D-714D7BE7D820}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{342EA1E1-2E21-4A09-8C9D-95D4D0B61526}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{0F13B3E5-0FC1-4D38-A9EC-6B8004EC0738}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{72B3B364-082E-4265-B78D-10FD766E99DB}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{2ED621BB-621E-4F5B-9EEE-2445F798F417}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{38EAF7FD-1387-4B2F-B071-A3050E0E7B52}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41BA33BD-41ED-4667-B5EC-850C760D7EC4}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{96FE98B7-8520-4C4B-889D-95A849A6406C}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{8F614056-23CF-4179-8110-CBF96615B056}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{92DEB061-DDBE-4317-9756-EED6E50B36C1}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{41E6B432-E1F9-4489-B50C-C3CFA89580CB}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{43D853E6-AAA5-4C78-8271-3DE5C476A900}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{3D4D3D55-258A-4452-8354-59A0C9B95BE9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{CF90FD8C-9D02-4F83-87A8-86DE8BF0703E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{3B74ADF1-6A43-4401-AB32-EF15C1D49194}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{B3EC2834-8773-4B20-A2D9-841BF8179FDF}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{633BF3E0-7616-4F0C-BD34-D7AE38CF71C2}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{F523341D-D024-479A-B1C6-09E174003418}] => (Allow) D:\Programme\MAGIX\Video deluxe 2016 Premium\Videodeluxe.exe
FirewallRules: [{94207D91-6307-48BA-886A-841FBC51410E}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{2F2FD238-9218-4E73-8DA4-6FA41E0506C3}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{F55B01C6-BA46-4D72-BA01-DC0F62B2D9DE}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{4656B89B-E5B0-492F-AA56-97C9CB624605}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [UDP Query User{025F09C2-9AA1-4ADF-A604-9FA5A3FA0A64}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{4AB9BA08-A5C6-4079-9E58-21E9E7D66539}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [{BFF87F05-85B8-4FAB-A7BC-80B7D7ACB251}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{41F30114-6E1E-4DC6-A988-5235C132E4D3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [UDP Query User{09B31CFA-B2D4-4E9C-846A-9E6AE61A437F}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{59421173-7EB5-4508-9C9F-3ED146289E5B}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{32F1DDE8-CC4C-4320-A8A4-1C75F90D4BB4}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [TCP Query User{2B62BCA7-11D4-4AD8-B437-2DE1EAD40A50}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [UDP Query User{241742FE-2949-4E72-81E5-122D323D76F4}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [TCP Query User{009A6B4B-3F84-4965-99B0-AC627E9AB743}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [{410F8931-7BED-4D99-A248-881443D2BA43}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{FAB3AE78-C3C6-4DD4-A657-2D7D3A467C0F}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{6F7A5C9A-2A1B-4FC7-94F6-93EDAECD75D4}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{17931943-1054-49E9-8E44-15C4ED0E76EC}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{1627D254-2807-47E5-A965-8EF14D291E95}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{372C07F2-7E64-4845-BD0D-18F42729A021}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9EE86F79-EA28-48E7-BDF7-DA3CB5CB0EB2}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{0C0096FD-BC19-4204-9414-C50767846395}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [UDP Query User{E8CCB980-186C-4786-9D43-AAF5F521C015}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{7B0BBD21-DD89-4546-A8E6-92CF642CFF29}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{B4BEBBEE-A2AB-4C62-BA1A-3E947E8618D0}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{F7A90859-ECB9-4126-9CF8-32AEF926581A}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [UDP Query User{118013CC-E8F7-4503-92F8-BED165808AE7}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [TCP Query User{24A0B1AA-132B-4576-965E-6044AAE7FE03}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [{5561E420-4BC8-44A8-9F33-AA239310F2C3}] => (Allow) LPort=41780
FirewallRules: [{EF206F0E-4EAA-4E2E-97A8-722315EF974A}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{92763FF7-CD31-49A4-AD1D-3C59426CE645}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{339CA568-B0BA-476E-8647-E398FD154305}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6AA3EA4-AE5F-4147-9477-C983C17F78B3}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A09E3AB7-BA3F-49B3-A93D-F50DEF8265E6}] => (Allow) D:\Programme\Skype\Phone\Skype.exe
FirewallRules: [{F7C0F58A-218F-41E3-B1F3-5E65CC3A3F50}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{8602E317-6CEA-4200-89BA-4F8E48E3414E}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [TCP Query User{9606A9D6-6A6A-40C7-AE58-17B18A3111E1}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [UDP Query User{48C77771-399E-4E63-BA0F-5C9A89A5F366}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [TCP Query User{549B6F9D-C048-4E95-99A2-3A377AAA0748}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{672FCE63-7931-4363-B2E8-7C5890F947CB}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{444E3619-2165-4B6B-A277-9CC0BC7B53B0}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{48AAD65B-32EF-4142-931D-684DA033FE0D}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{0302EA2C-2C88-4C68-8BC4-C486414C6275}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{655D0F0E-A538-45A5-83ED-0D949E232624}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{55CA69B3-FD1A-4886-909A-0C86C229B07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{595038C8-42B8-42A8-9DF8-1D679DCC7DBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E36AEE6-C7C2-4509-B7D9-1BB0E1F03EB1}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{68BB8839-299B-4D34-A527-FF5F23ED4D04}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{0273119C-7CAF-4396-A5AF-768B82E424E2}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{CACF1BA0-AB61-46E3-A4F6-E3FD55C94A29}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{B63306D8-F01B-4802-A5E9-6F36E2474501}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{22654D19-A692-4892-84F9-A6C46B8C6DAD}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{60339C49-0A25-4CD0-83D0-DEE32E2FDB0B}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{E69CBCFB-4693-4382-AB15-14D323B3B0E1}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{9193D3C6-6FBF-441D-BB2F-0C08BEB4E77C}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [{9DF8030F-3EF7-4A6C-918E-3D3DA0F83D6B}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [TCP Query User{367DB655-BB17-4BC1-AE31-F20ED49E3A88}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [UDP Query User{44C3E241-DED9-4E29-9063-06F33DD095ED}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [TCP Query User{D16373C4-962B-46AE-87F9-922D3DA20533}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [UDP Query User{FBF4100B-242E-4171-930C-AF872ABC032A}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [TCP Query User{4D2FE12B-90B6-4D54-A289-A724E7B95289}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [UDP Query User{D3B9D8DA-2FFC-48E4-82B4-FB2E4BBDCA12}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [{ED38B62B-7340-44D8-ACD2-C203EDDA1151}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [{A5F656B5-3F31-4FFC-BCC4-95FAB832FD48}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [TCP Query User{927C9C71-D614-4C26-B61A-A882E3817A70}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [UDP Query User{227C1F1C-3189-442E-84DC-6CC2E2E3E94B}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [TCP Query User{9D6AA729-9DA7-4763-89DE-52AF6DFC31EF}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{4D15A1ED-0497-41FE-9D0E-FAD00BF9D30E}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{AB34BC04-FF41-4337-9BD5-48D5A1B017E4}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{A54CB64D-E750-414A-A14B-A1C2AA0CC560}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{1771F40C-6EE8-4EA8-BFB0-F8C879A7DA49}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [{425D082B-2A4C-4FC6-8E3C-B11A884517AF}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [TCP Query User{43996D90-1975-4368-BED9-232501810761}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C8F2DE0C-F2D8-4BFB-B7FA-5725E9CA96E2}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C2B64B6A-1A45-4904-B911-8F4163D80E33}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{628C846B-37A4-43FA-8300-C2ABD8505CE3}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{2B306573-B82C-45B6-B744-9BFF24454263}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{02897BD8-93C8-4E39-9236-8581E64CA400}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{4243E46D-D91C-4899-B34D-2D0D9664912D}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{FAE9A318-685E-4CB8-A119-FC59DD4334CF}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{DBC819B9-E417-416A-BA9A-674662BF83AB}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{F20DCC84-A9D8-40AA-AFE7-B206053EDF38}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{6633A870-73F0-4F52-919E-D7A72822C841}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{69BC39B0-41F0-419B-BB20-14A374665975}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{82729D87-7959-4CA7-AA2F-9E5286114411}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [{C9C8859F-6322-41D1-AD05-B11D9DF4B04E}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [TCP Query User{1AA0FBF9-4330-4FF4-85DF-789C47018191}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{473BDA27-3954-4B5C-8221-8377E36B9CD2}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{B6368D2F-877F-4CE7-86EA-42CD059F4519}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{5EE59C3F-2D0D-4CED-840B-2BA998195FCA}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{C586A06C-0DA9-4744-80FD-2C40DC65522C}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{E575F97D-B64E-4E35-B30C-038822ECDED3}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [TCP Query User{69BFF41F-D1C1-4691-9FE1-B6DAE78B9AFD}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [UDP Query User{AD1889AD-5410-4C90-BFB2-372B345CE1D2}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [{8A3B0A28-A44F-4C11-8E0D-3B16592AB8B4}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{945066F8-25B0-4FB2-8A01-FB556A39BF1C}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{5E4A151B-2E94-4040-B1BB-8202B658D7E5}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{E73C3B66-59DC-4ADE-B5B1-0CCB9E5F15F1}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{C9C602B9-4B3D-4FA5-9D6F-61E42E613097}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{FB9ECD72-CABE-4824-9AAB-E4A6F0E35D84}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{EEB40E47-F1C4-4656-9C5C-2FEB1392B4DF}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [{9FCEF941-FA77-4150-BE2B-839A321CA27C}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [TCP Query User{62808090-BA71-4AE1-B049-85362774AAF2}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [UDP Query User{A2D3775C-19DD-4124-819B-5F534032CFA0}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{7F75C914-E50D-40B1-BB92-746FC9CCEDD2}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{D59DAF58-5343-49CB-A91C-6C96689546F1}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{62528508-75BE-47CA-9277-836908DF1719}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{3D3D0C0E-CC29-4785-BD54-CAF08252381C}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{8DC2D8B5-DB4B-40D1-97AE-6D4D2CDA677E}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{EA82A72A-0783-4376-86DE-66D463A97A0C}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{35D7E367-0ED3-4F47-8441-3A6A3F3561DC}] => (Allow) D:\Programme\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{6E0600B2-815E-48A0-B4AD-A5EAB1543BDB}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{7AC56B85-1415-4007-8E96-1361E1FABDE3}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{D95A68C3-537C-40C1-A744-442B4D5879B8}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{EF2BBEFC-1876-4BFA-B930-628D8649EA01}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{5C208156-3201-4BFD-9561-FF74F18CE96D}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [{651B32F7-67BE-427E-AED8-2E8B3D3929B7}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [TCP Query User{F680A4FB-8640-40DB-AED3-5FF14EB3BE73}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [UDP Query User{9D8568A2-6021-4089-A7E5-B899BE3AA6A2}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [TCP Query User{5297F42D-5675-4819-B80D-1F8FE92D8792}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [UDP Query User{52D31D87-A22B-4B4E-AFFB-41D5FE61C3E7}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [TCP Query User{84A070A8-9FCE-4BA1-907C-311A264759F3}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{B261384C-83D2-4BBA-B1CB-1A09E9C005B8}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [{149DCA28-7E08-4F6B-9642-4643C987479B}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{BF0B939D-91E1-4C1A-9C14-D46A9ADB71A3}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{70A71F66-CF4A-4F7D-9E11-A0B39DB3DFBD}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [{B87CA62F-C948-4990-81A5-3C8273F90ECF}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [TCP Query User{733AD380-6942-42B0-96A4-4C928D10A842}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [UDP Query User{4FC4F02E-DA30-4A2F-ADC6-2421F3C86C51}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [{F173D9E2-CFC5-456C-B772-38970156E8B5}] => (Allow) D:\Programme\MAGIX\Video deluxe Premium\2017\Videodeluxe.exe
FirewallRules: [{58565BAD-4103-4768-A22D-6A83399860EE}] => (Allow) D:\Programme\MAGIX\Music Maker\25\MusicMaker.exe
FirewallRules: [{B0F4AF05-3445-4E86-84ED-F9668F3EA52B}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{B6D46762-9437-4F7E-804C-595364ADB56E}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{DD9EDFC0-4384-42B2-99D5-8C17E4DDD7AC}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{A0600D8F-500A-4A44-89C6-282349CAE307}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{536D9FE2-FE06-430D-8696-DC1327D02F34}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{5A496D68-2EF3-43AD-98E3-578B7BA30874}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{B13220B0-F27B-4818-A76B-284143317672}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [{3543073A-B8AB-453D-A4D3-190625845506}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [{69CD8989-CD16-4562-BE3F-0988730932F3}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{CC1CF894-3B6A-4DC2-969F-3509EEE2C8B7}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{2F57496C-28BB-4BA2-B0DC-E8DBBA7A674B}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{3A10685A-A365-481C-8512-71D553076AD1}] => (Allow) C:\Games\Origin\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [TCP Query User{946362F4-2735-432C-A060-BD80CF30C175}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36F60D16-C06C-4788-8120-C002ADB1A518}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [{50693B02-4980-454A-A2CD-C8AB00019487}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{D76891D4-8F80-44F1-A92E-A0FE7048C49A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{05C68A71-80C1-403E-9342-74CDFA2EB76A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{0BCB9B89-43C3-4687-A311-87DCF4725AC3}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{D61C37A6-ACC2-4494-96D8-897F554884E1}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{AC54F4D6-CCD8-4350-81A7-4122051063DB}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{724031A4-8631-4BA6-9B14-5C43D6C27B7A}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [{4F12E286-9A42-491E-BD48-5BE45805DF6F}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [TCP Query User{63EBF6ED-4320-4FD6-8349-76A314057E9B}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [UDP Query User{89DFC2DE-0D85-469A-8D40-ECEB29072155}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [{F6CFAD45-14D9-4F70-AE82-84915128CE6D}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{EB40392A-35B2-4B49-86CF-EB7327563DF7}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{B5D68DF0-AF23-431D-B345-C5278F6310D2}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{D12E3BDC-FA1F-4993-B187-17D842A92D49}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{EF42FFA6-F63B-4B18-B056-65AED7E3C817}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{949C85A8-693A-4505-9C65-2483077C2F59}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{118F724E-B0C9-484C-AA54-724951D58103}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{639D79C9-CEE6-4D37-9D37-41C7742D6476}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{113DDC4D-4A14-41D5-B79D-9286B9A6DE47}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{2EE7EFEE-59FF-4C8D-9838-2B2B9E00270C}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{5EF4F8B9-60AD-42E1-AB4A-2035E242CEE5}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{C8894B04-9B96-490B-B2F2-A8DA33112482}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{BC6E0C8F-343B-4209-8906-8701893745CD}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{E9AC4963-ED0F-429D-A657-A4247022DEF2}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [TCP Query User{5A22F760-CBCC-4E82-ACA1-F3E13E75C79E}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{97E90E47-6DFE-4D02-B6F7-2D529C9DCF92}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [{6478ACBE-A9BD-4004-99AE-5BC6F47E9A6E}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{78CF89E7-5691-4AD3-ACD0-EA5EF3E3ADB0}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{F994B6B6-3EF4-4BBE-AB52-770328BFBED1}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{FC8B8C65-D63E-454C-B8CA-8E5FEC275AC6}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{DA2A7636-FE20-4A55-8405-38F2A9800092}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{EA799577-B0B7-424D-81CE-CDFA03C9E253}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{2714EDEE-7A10-426D-9FD0-30151409B09B}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{1FEFAA6C-A74C-481F-8428-D872D4DF5A5A}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{943C1A90-26A3-46C8-B75A-6AB5FE4D9C63}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [{07764B6D-4A71-4707-862F-E2FCE2E941CD}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [TCP Query User{7E4F6977-CF90-458B-92F3-F84E646B614E}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [UDP Query User{BAD65C73-1242-446C-A7F2-425E8F1CA7C2}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [{FD6BCDDE-5D4D-4827-B8C0-07C5B6758FA3}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{45C6038B-B8D4-4DF9-8A9A-11BE0F587F4C}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{453D71D6-A585-44FD-85D5-2D73EDFC22B6}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{4BD1F834-69C3-4E05-8297-006053B83D13}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{789904E8-F71E-46A3-9B7B-76616E723997}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [{060AE121-401D-4ACC-8F5A-B5C264428BDC}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [TCP Query User{A10DC358-53EF-4B81-A409-6BE1CDA4CC1B}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [UDP Query User{4DA529DA-158D-45FE-9090-FE15CC0B46D7}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [TCP Query User{EB037A9C-4274-40DA-B348-5751821FEE09}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{64F17405-13C2-4CA1-BE0F-B4B4EBA822B8}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{039CE7D6-8615-4867-9B7D-5D77171CF046}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D5172F7E-49E6-4DDF-9DA9-AF66C81B5A55}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D2F00B33-3AA8-42D5-9B14-C767CFF32944}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [{AB5457CE-D7FE-4B34-B463-B155F14F96BD}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [TCP Query User{B77F38D4-CF61-44FA-BA53-BA1EFB7D5A95}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [UDP Query User{DE476809-6F31-461C-89B2-CFE16D7151EF}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [TCP Query User{70925235-EB3E-41A8-AAEA-F7560E1D8AE9}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [UDP Query User{BB5A0FCE-F704-4643-91FA-E3AEF49E2C0C}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [{E3DCA5F5-CFB9-49E6-A6D2-1E04C6C5BE44}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{8AC401C8-0D9E-486D-AD97-16F5B10C104D}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{1C79891E-9065-4FC7-BFEB-6D285BEED6DD}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{085103B3-52BB-4322-9116-5F92D990C16D}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{28C28A74-2BF9-4BBA-8801-DBE9B3113DD3}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{9BE9FEF8-B749-421F-AC97-368EC7D7282E}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{5707A4E9-4AB0-4ADC-95A6-8891A2D6147B}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{F4D66E58-5638-4F67-8A31-62AEA5572057}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [TCP Query User{8324771A-96C6-4F9B-90DA-195A875C5631}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [UDP Query User{F03EA227-673C-4D1D-A045-93429F4F96CB}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [{F98C6DC3-DAF4-4D89-9EC0-32A20474D749}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{DEFC3B7B-4E63-430B-9F73-CED9B3360B00}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{B04F755E-73A7-4B19-A716-0B4936931199}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{971CC691-F9C0-4BE8-BDED-8815C6A6245D}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{80DE5553-410B-43C9-8FEF-E43891C78DAF}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{D5BDF78C-85D8-4E56-926C-CC2D7364646A}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{63DFEBFC-390C-40DE-933A-9F2DADAD8AFD}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{57D0E3A8-0AB2-48D7-AB64-E3FC8289ABF8}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{03B14AAC-85A3-4E1E-AAE6-D67BB763AB8A}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{5534C200-0E52-4CCC-BA98-DF0D25966303}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{319E1CFA-96F9-4765-B13D-2832EBC9F79E}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [{090C80C9-EF2A-4BCC-B274-DA738B85FF47}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [TCP Query User{D0852806-9B67-4849-B393-5BCFD73B4217}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [UDP Query User{732894AA-62DA-493F-BA78-A65544A6C539}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [{214564AF-BBA3-4E81-B17D-1F06B5D3AFD0}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{0B95A94E-567C-43B4-B71B-3B85B8188330}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{B33FB518-0761-4C24-8867-F0B7B14F323F}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{B76F326A-FE12-49DD-99D3-B8B83F95A4A2}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{CF53888A-5C8C-44A9-96E7-8D2A2C391893}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{E602716D-68E2-4725-97C8-C0555B0FF6BE}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{835F90F4-C74A-48E4-BD7B-7B7F3EB26BB1}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DE0ABF26-0839-44EA-9D69-ACA0A016BDA7}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{B8FEEE15-4AA9-48C5-BA8F-0D61F0142CC5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{BCD32AD3-5CF5-4EAA-B4BB-6B822714DD3E}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{2DE48180-C6D5-4C8B-B588-4E81E239B1A5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{139CD6E0-7156-45DD-80E7-9F30BCC3DAEC}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{4896923D-EA5C-492C-84A1-6FBE349C275C}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{6EBE3F0D-A166-408B-8DFC-80271D263B06}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{AA95A789-ABF7-49FA-BC2C-E8105DCD445E}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DBFA4C21-FBA5-440E-A8AF-C5E9777BABAE}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{56526727-9FF2-4767-8A86-67202932C05A}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F8C628C4-D6B5-414D-889E-EE364CFBC7D7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{B2F7A213-0B26-408B-9612-A5BE7520ED6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3AE1DE3A-8510-4A06-AA23-71A1A52679DB}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{313E92A5-5595-4288-A364-63B4C3B819E5}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [{34DD1EF5-DC69-4975-B0F4-78E0875E130B}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{67B2ECF1-9635-4060-80A8-E1D5452EA396}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{7A7CD880-69B3-4C3E-9647-5C3623C65E61}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{12B14AFB-878D-4FDA-A577-802F39490F85}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{47916F8C-0CAE-45DA-A7B4-985DA7C8F929}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [{9458BBAC-9252-4758-829F-79275BB8B2F9}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [TCP Query User{BDFDC57C-8BC9-4E79-B023-615557F08A78}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [UDP Query User{3F3D8A05-33CD-47CF-84C2-F977A40F537D}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [{00EC267C-F337-4CA1-AC15-822CA9CCB469}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{E86DD9EE-B256-4BBB-BE9C-C368494796F7}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [TCP Query User{CDF47A81-5308-4252-9667-38D9AB0D8061}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [UDP Query User{6F3E0A19-AC02-489E-89E6-5BF15BCCDDC2}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [{78F1101F-9872-4F30-919B-44FEF97AFA23}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{4A2A88E2-91E7-4949-88FC-A05F0BDAF2F7}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{DA1AB053-B838-4905-9B9F-CAF4FFD52AB5}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{23A99FAD-E518-4010-83FE-710A6E211B96}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{24359B6A-EE2C-4D5C-ABA5-6BF6CAC91504}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2AA6C628-7FB9-4F30-BB92-BDCF89F2181A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0B270495-D3DF-42B2-B552-52B9EE687746}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB7EE3A6-58A2-4ED9-90AD-3136049D6ED4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C89A8AB6-BCD9-4DC5-885F-DB0E8A508471}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{C3C6DF70-4CA9-430C-A8FF-FEEC9584346C}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{61C7FA33-4FA8-496A-804E-6F769606FD0A}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{14F4F47C-8305-4C7A-B552-AA5062DF3F14}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{81A6E9C9-CCA8-48DC-A19C-4425F738518E}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{794C269B-691B-4E72-847D-6BEAA1613019}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{2D1CC264-2E8C-4447-BF39-A770356FF620}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{6286C5FE-F448-4712-9198-65EA02C81ADC}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{D2C7216F-2F71-4D31-BBFA-CB24B6010AD4}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{025100DE-0293-4589-A81C-417A0604AB7F}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{E3A69345-E1C6-435C-962C-6C54065DD035}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{9FE21E23-0DDA-4020-952F-D1EE6C97D97B}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5014089B-AA20-40A0-BF72-A740F366A674}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{142D2C28-298C-4B34-B67F-4CCA94E45CE1}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{7813EC58-1DAF-4FFE-976A-80172154651E}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{CF67956E-6D20-4DE6-9ACB-2A3B6DC3AB41}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{699458AF-2F8D-48F1-8B2B-BA8454D8236C}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{ABFA37DD-029F-4272-A197-06762C110EB8}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{089F274A-3139-40E8-8F03-1BE0BB9EAE7D}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{2113B080-14B0-4BAE-9C02-A410FE21B061}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [{C0292D33-04A7-4511-A144-216679F9FFD4}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{D922841A-A90B-4235-89DF-426FB99D355F}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [TCP Query User{0800D4EE-74FF-4BFD-8430-5E5ED922607B}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [UDP Query User{CEACACE7-4640-4865-B504-F16A3ED17000}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{9CDAE3DE-33F2-4E84-A6EA-809402CA701B}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{0B4B05AB-250A-412E-9969-0586E560F06E}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{BC8A2FB2-90B9-47DB-A552-489AE165B13D}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{C3E2BBA9-A4B6-4FC8-9A79-8864D9775545}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{DA2A4F4D-F1E8-462A-B8EA-380E5D196DD2}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{02761161-C56D-453C-85F6-7D6D33393B5D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{D743BB1E-5935-428E-8603-2AFEE37DC980}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{25B1F3B6-3DE9-4F4E-8155-5B40B04FF2DC}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{FD16AFE9-6DF5-46F2-8870-A99E4CBD85CD}] => (Allow) B:\Steam\steamapps\common\Bullets And More VR\BAM_VR.exe
FirewallRules: [{4C6250CC-10C1-41BF-A1E0-5BDDC0A4A700}] => (Allow) B:\Steam\steamapps\common\Bullets And More VR\BAM_VR.exe

==================== Wiederherstellungspunkte =========================

22-09-2017 06:16:02 Windows Update
22-09-2017 06:16:08 Windows Update
22-09-2017 06:33:10 Malwarebytes Anti-Rootkit Restore Point
22-09-2017 19:04:10 Malwarebytes Anti-Rootkit Restore Point

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/23/2017 07:16:35 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 07:16:34 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 07:01:05 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/22/2017 08:39:19 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/22/2017 07:06:56 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/22/2017 07:06:54 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/22/2017 03:45:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Name des fehlerhaften Moduls: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000035e68
ID des fehlerhaften Prozesses: 0x1fb0
Startzeit der fehlerhaften Anwendung: 0x01d333a90702ae89
Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Berichtskennung: bff2087d-815e-4553-91cf-c4c8f3e5b370
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/22/2017 03:45:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Name des fehlerhaften Moduls: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000035e68
ID des fehlerhaften Prozesses: 0xfa4
Startzeit der fehlerhaften Anwendung: 0x01d333a90388bf3a
Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Berichtskennung: 1c43047b-249b-42c9-b18d-d27a9ec3af9c
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/22/2017 03:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Name des fehlerhaften Moduls: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000035e68
ID des fehlerhaften Prozesses: 0x1dd4
Startzeit der fehlerhaften Anwendung: 0x01d333a8e31434f2
Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Berichtskennung: 2d8a655a-cb78-4caf-b1fb-ed6ee76fd4dd
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/22/2017 03:44:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Name des fehlerhaften Moduls: MsSense.exe, Version: 10.2930.15063.0, Zeitstempel: 0x39f7edf6
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0000000000035e68
ID des fehlerhaften Prozesses: 0x1214
Startzeit der fehlerhaften Anwendung: 0x01d333a8de6e6ce5
Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
Berichtskennung: f829ad86-9cce-4084-ab03-81a8d04e4ed8
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (09/23/2017 07:16:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/23/2017 07:16:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 11" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Oculus VR Runtime Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 07:15:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WSWNA1100" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2017-09-23 07:19:26.655
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 07:19:26.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-22 15:45:18.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-22 15:45:18.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-22 15:45:12.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-22 15:45:12.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-22 15:44:25.572
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-22 15:44:22.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-22 15:44:18.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-09-22 15:44:18.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 16%
Installierter physikalischer RAM: 16314.71 MB
Verfügbarer physikalischer RAM: 13691.15 MB
Summe virtueller Speicher: 32698.71 MB
Verfügbarer virtueller Speicher: 29926.82 MB

==================== Laufwerke ================================

Drive b: (Lokaler Datenträger) (Fixed) (Total:465.76 GB) (Free:119.14 GB) NTFS
Drive c: () (Fixed) (Total:223.03 GB) (Free:59.1 GB) NTFS
Drive d: () (Fixed) (Total:1464.84 GB) (Free:190.84 GB) NTFS
Drive e: () (Fixed) (Total:398.17 GB) (Free:71.49 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7D0DF0DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D0DF0CB)
Partition 1: (Not Active) - (Size=1464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 873A098D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 23.09.2017, 15:44   #12
burningice
/// Malwareteam
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /t REG_DWORD /v DisableAntiSpyware /d 0
powershell: Get-mpPreference
exportkey: HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt: 2
Deinstalliere das folgende Programm über die Systemsteuerung:
Malwarebytes Anti-Malware Version 2.2.1.1043

Schritt: 3
Lade dir folgendes Programm herunter und installiere es: Malwarebytes Anti-Malware
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt: 4
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt: 5
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:
  • Logfile von AdwCleaner
  • Logfile von Malwarebytes
  • Fixlog.txt
  • Frst.txt
  • Addition.txt
__________________
Mfg,
Rafael

~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~

Unterstütze uns mit einer Spende
......... Lob, Kritik oder Wünsche .........
.......... Folge uns auf Facebook ..........

Alt 23.09.2017, 17:01   #13
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



fixlog
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-09-2017 02
durchgeführt von Hoshi (23-09-2017 16:31:32) Run:2
Gestartet von C:\Users\Hoshi\Desktop
Geladene Profile: Hoshi (Verfügbare Profile: Hoshi & Mcx1-HOSHI-PC & OVRLibraryService)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /t REG_DWORD /v DisableAntiSpyware /d 0
powershell: Get-mpPreference
exportkey: HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction
exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
*****************


========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /t REG_DWORD /v DisableAntiSpyware /d 0 =========



========= Ende von Reg: =========


========= Get-mpPreference =========



CheckForSignaturesBeforeRunningScan           : False
ComputerID                                    : 4123B229-DF9D-4C3E-8D91-664DAD014B8F
DisableArchiveScanning                        : False
DisableAutoExclusions                         : False
DisableBehaviorMonitoring                     : False
DisableBlockAtFirstSeen                       : False
DisableCatchupFullScan                        : True
DisableCatchupQuickScan                       : True
DisableEmailScanning                          : True
DisableIntrusionPreventionSystem              : 
DisableIOAVProtection                         : False
DisablePrivacyMode                            : False
DisableRealtimeMonitoring                     : False
DisableRemovableDriveScanning                 : True
DisableRestorePoint                           : True
DisableScanningMappedNetworkDrivesForFullScan : True
DisableScanningNetworkFiles                   : False
DisableScriptScanning                         : False
ExclusionExtension                            : 
ExclusionPath                                 : {C:\Program Files\088195c19b33f61100dd567039f0a39e, 
                                                C:\WINDOWS\ea25b50d8d77b75b0e1b47872ebc5b38.exe, 
                                                C:\WINDOWS\f371379892038d205abbfa586a4788d0.ps1, 
                                                C:\WINDOWS\f371379892038d205abbfa586a4788d0.xml...}
ExclusionProcess                              : 
HighThreatDefaultAction                       : 0
LowThreatDefaultAction                        : 0
MAPSReporting                                 : 2
ModerateThreatDefaultAction                   : 0
PUAProtection                                 : 0
QuarantinePurgeItemsAfterDelay                : 90
RandomizeScheduleTaskTimes                    : True
RealTimeScanDirection                         : 0
RemediationScheduleDay                        : 0
RemediationScheduleTime                       : 02:00:00
ReportingAdditionalActionTimeOut              : 10080
ReportingCriticalFailureTimeOut               : 10080
ReportingNonCriticalTimeOut                   : 1440
ScanAvgCPULoadFactor                          : 50
ScanOnlyIfIdleEnabled                         : True
ScanParameters                                : 1
ScanPurgeItemsAfterDelay                      : 15
ScanScheduleDay                               : 0
ScanScheduleQuickScanTime                     : 00:00:00
ScanScheduleTime                              : 02:00:00
SevereThreatDefaultAction                     : 0
SignatureAuGracePeriod                        : 0
SignatureDefinitionUpdateFileSharesSources    : 
SignatureDisableUpdateOnStartupWithoutEngine  : False
SignatureFallbackOrder                        : MicrosoftUpdateServer|MMPC
SignatureFirstAuGracePeriod                   : 120
SignatureScheduleDay                          : 8
SignatureScheduleTime                         : 01:45:00
SignatureUpdateCatchupInterval                : 1
SignatureUpdateInterval                       : 0
SubmitSamplesConsent                          : 1
ThreatIDDefaultAction_Actions                 : {6}
ThreatIDDefaultAction_Ids                     : {225451}
UILockdown                                    : False
UnknownThreatDefaultAction                    : 0
PSComputerName                                : 




========= Ende von Powershell: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction]
"225451"="6"

=== Ende von ExportKey ===
================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]

=== Ende von ExportKey ===

==== Ende von Fixlog 16:31:33 ====
         
mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.09.2017
Suchlaufzeit: 16:33
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2017.09.23.04
Rootkit-Datenbank: v2017.09.13.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Hoshi

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 434432
Abgelaufene Zeit: 6 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
adwcleanter[c0]
Code:
ATTFilter
# AdwCleaner 7.0.2.1 - Logfile created on Sat Sep 23 14:47:07 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\Hoshi\AppData\LocalLow\Zynga


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\DriverTuner
Deleted: [Key] - HKCU\Software\DriverTuner
Deleted: [Key] - HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\DriverTuner_Init
Deleted: [Key] - HKCU\Software\DriverTuner_Init
Deleted: [Key] - HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\VideoBox
Deleted: [Key] - HKCU\Software\VideoBox
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{C654F3FE-8E84-4BB7-87CF-8D9171FC3C73}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1C6F51F8-BCE6-4702-8952-6A8233359FBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted: [Key] - HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\FastDataX
Deleted: [Key] - HKCU\Software\FastDataX
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\APreSam
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\NSaveA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrAmNP
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\MPrForShutT
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\PrIncub
Deleted: [Key] - HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}
Deleted: [Key] - HKCU\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3677 B] - [2017/9/23 14:46:16]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
         
adwcleaner[c1]
Code:
ATTFilter
# AdwCleaner 7.0.2.1 - Logfile created on Sat Sep 23 14:52:20 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3533 B] - [2017/9/23 14:47:7]
C:/AdwCleaner/AdwCleaner[S0].txt - [3677 B] - [2017/9/23 14:46:16]
C:/AdwCleaner/AdwCleaner[S1].txt - [1649 B] - [2017/9/23 14:51:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
         
frst
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-09-2017 02
durchgeführt von Hoshi (Administrator) auf HOSHI-PC (23-09-2017 16:55:16)
Gestartet von C:\Users\Hoshi\Desktop
Geladene Profile: Hoshi (Verfügbare Profile: Hoshi & Mcx1-HOSHI-PC & OVRLibraryService)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Oculus VR) D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\TeamViewer_Service.exe
(Firebird Project) C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-29] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\ DisallowedCertificates: 9AAF24A4D6CA8CCDF64BBF916CBC77512A9B0CA7 (U)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify Web Helper] => C:\Users\Hoshi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [Spotify] => C:\Users\Hoshi\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-02-02] (Spotify Ltd)
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Run: [DAEMON Tools Lite] => D:\Programme\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{44eab3ff-54e7-4179-9334-818557caa181}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{48087fcf-0f34-473d-98e4-623094e6d179}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{50f0966d-4c38-4772-9bc1-2e04e25500e9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{53270d60-5f82-4144-bb10-31c955cd1d24}: [DhcpNameServer] 192.168.42.129
ManualProxies: 

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-23] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-23] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2016-01-18] (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF DefaultProfile: v835n1d8.default-1416499139358
FF ProfilePath: C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 [2017-09-23]
FF Homepage: Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358 -> www.google.de
FF Extension: (MEGA) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\firefox@mega.co.nz.xpi [2017-09-21]
FF Extension: (FlashDisable) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi [2017-04-10]
FF Extension: (NoScript) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-09-12]
FF Extension: (Video DownloadHelper) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (Bitdefender QuickScan) - C:\Users\Hoshi\AppData\Roaming\Mozilla\Firefox\Profiles\v835n1d8.default-1416499139358\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-09-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Keine Datei]
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-04-21] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Programme\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1299527896-1211748070-1707534253-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-09-21]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default [2017-09-23]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-12]
CHR Extension: (Kein Name) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Hoshi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
R2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [3784704 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
S3 GalaxyClientService; D:\Games\GalaxyClient\GalaxyClientService.exe [532544 2017-09-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8242752 2017-09-07] (GOG.com)
S4 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-23] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-29] (Logitech Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2098528 2017-09-12] (Electronic Arts)
S2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [2977640 2017-09-12] (Electronic Arts)
S3 OVRLibraryService; D:\Oculus\Support\oculus-librarian\OVRLibraryService.exe [207656 2016-12-13] (Oculus VR, LLC)
R2 OVRService; D:\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [470480 2016-12-13] (Oculus VR)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-07-26] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2017-09-12] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Programme\Skype\Updater\Updater.exe [324224 2016-05-23] (Skype Technologies)
R2 TeamViewer; D:\Programme\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 VirtualDesktop.Service.exe; C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe [330208 2017-07-19] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [75560 2017-05-06] (Broadcom Corporation.)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2017-05-25] (Disc Soft Ltd)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2016-09-29] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2016-09-29] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-10-08] (SteelSeries Corporation) [Datei ist nicht signiert]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-11-09] () [Datei ist nicht signiert]
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-11-15] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U4 aspnet_state; kein ImagePath
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-23 16:50 - 2017-09-23 16:50 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-23 16:50 - 2017-09-23 16:50 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-09-23 16:50 - 2017-09-23 16:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-23 16:49 - 2017-09-23 16:49 - 000245912 _____ (Mozilla) C:\Users\Hoshi\Desktop\Firefox Installer.exe
2017-09-23 16:48 - 2017-09-23 16:48 - 000097457 _____ (Mozilla) C:\Users\Hoshi\Downloads\1f8b5ad9-cb69-4d6b-a7b4-4e37900b4ca9.tmp
2017-09-23 16:46 - 2017-09-23 16:46 - 000000008 __RSH C:\Users\Hoshi\ntuser.pol
2017-09-23 16:44 - 2017-09-23 16:53 - 000000000 ____D C:\AdwCleaner
2017-09-23 16:34 - 2017-09-23 16:34 - 008182736 _____ (Malwarebytes) C:\Users\Hoshi\Desktop\AdwCleaner_7.0.2.1.exe
2017-09-23 16:33 - 2017-09-23 16:33 - 000034532 _____ C:\Users\Hoshi\Downloads\533fd124-ca54-4763-a6db-b396caed6a8f.tmp
2017-09-23 16:33 - 2017-09-23 16:33 - 000001136 _____ C:\Users\Hoshi\Downloads\7fc3c9b5-c46a-4e84-b979-d6ea5bbcd6b1.tmp
2017-09-23 16:32 - 2017-09-23 16:32 - 000034532 _____ C:\Users\Hoshi\Downloads\b1bb7384-7163-43b3-a4b2-270df49a2362.tmp
2017-09-23 08:56 - 2017-09-23 08:56 - 000001177 _____ C:\Users\Public\Desktop\Tyrian 2000.lnk
2017-09-23 08:56 - 2017-09-23 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyrian 2000 [GOG.com]
2017-09-23 07:15 - 2017-09-23 16:31 - 000004791 _____ C:\Users\Hoshi\Desktop\Fixlog.txt
2017-09-23 07:15 - 2017-09-23 16:31 - 000000000 ____D C:\Users\Hoshi\Desktop\FRST-OlderVersion
2017-09-22 15:45 - 2017-09-22 15:45 - 000070612 _____ C:\Users\Hoshi\Downloads\2a29ca61-d44f-4702-ada1-a5202ddde7c8.tmp
2017-09-22 15:14 - 2017-09-22 15:15 - 039468304 _____ (Microsoft Corporation) C:\Users\Hoshi\Downloads\mpas-feX64.exe
2017-09-22 06:19 - 2017-09-23 07:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-22 06:18 - 2017-09-22 19:58 - 000000000 ____D C:\Users\Hoshi\Desktop\mbar
2017-09-22 06:17 - 2017-09-22 06:17 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Hoshi\Downloads\mbar-1.09.3.1001.exe
2017-09-21 20:32 - 2017-09-21 20:32 - 000539414 _____ C:\Users\Hoshi\Desktop\Defender.txt
2017-09-21 20:25 - 2017-09-21 20:25 - 000245912 _____ (Mozilla) C:\Users\Hoshi\Downloads\Firefox Installer.exe
2017-09-21 20:23 - 2017-09-21 20:23 - 000251110 _____ C:\Users\Hoshi\Desktop\bookmarks-2017-09-21.json
2017-09-21 18:47 - 2017-09-23 16:44 - 000001192 _____ C:\Users\Hoshi\Desktop\mbam.txt
2017-09-21 18:39 - 2017-09-23 16:55 - 000021631 _____ C:\Users\Hoshi\Desktop\FRST.txt
2017-09-21 18:39 - 2017-09-23 16:55 - 000000000 ____D C:\FRST
2017-09-21 18:39 - 2017-09-23 07:19 - 000142747 _____ C:\Users\Hoshi\Desktop\Addition.txt
2017-09-21 18:37 - 2017-09-23 16:31 - 002399744 _____ (Farbar) C:\Users\Hoshi\Desktop\FRST64.exe
2017-09-21 17:49 - 2017-09-21 18:32 - 000465324 _____ C:\WINDOWS\ntbtlog.txt
2017-09-21 17:49 - 2017-09-21 18:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-21 17:45 - 2017-09-21 17:45 - 000024658 _____ C:\WINDOWS\System32\Tasks\{79097F47-7A7D-0904-0B11-0F04040D1179}
2017-09-21 17:42 - 2017-09-21 17:47 - 000003286 _____ C:\WINDOWS\System32\Tasks\088195c19b33f61100dd567039f0a39e
2017-09-20 22:10 - 2017-09-20 22:10 - 000051624 _____ C:\WINDOWS\uninstaller.dat
2017-09-20 16:59 - 2017-09-20 17:01 - 004204032 _____ (crosire) C:\Users\Hoshi\Desktop\ReShade.exe
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ C:\Users\Hoshi\AppData\Local\recently-used.xbel
2017-09-19 16:48 - 2017-09-19 16:48 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-09-18 17:33 - 2017-09-18 17:33 - 000000098 _____ C:\WINDOWS\SysWOW64\QuickTime.qtp
2017-09-18 17:33 - 2017-09-18 17:33 - 000000000 ____D C:\WINDOWS\SysWOW64\QuickTime
2017-09-18 17:33 - 1999-07-13 20:02 - 000086016 _____ (MindVision Software) C:\WINDOWS\unvise32qt.exe
2017-09-18 17:32 - 2017-09-18 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wheel of Time
2017-09-18 16:49 - 2017-09-19 19:20 - 000000000 ____D C:\Users\Hoshi\Documents\Project CARS
2017-09-18 16:49 - 2017-09-18 16:49 - 000000000 ____D C:\Users\Hoshi\Documents\wmd_symbol_cache
2017-09-17 20:26 - 2017-09-17 20:49 - 000000065 _____ C:\Users\Hoshi\Desktop\SL Foto Termine!.txt
2017-09-17 10:27 - 2017-09-17 10:29 - 021643807 _____ C:\Users\Hoshi\Desktop\Sound Fix v1.4.3.rar
2017-09-17 10:27 - 2017-09-17 10:28 - 021697338 _____ C:\Users\Hoshi\Desktop\Jaguar XJ220 v1.3.rar
2017-09-17 08:52 - 2017-09-17 09:35 - 000000000 ____D C:\Users\Hoshi\Documents\Assetto Corsa
2017-09-16 14:13 - 2017-09-16 14:13 - 000000000 ____D C:\Users\Hoshi\Desktop\Posen
2017-09-15 20:18 - 2017-09-15 20:21 - 000000000 ____D C:\Users\Hoshi\Documents\MindShow
2017-09-15 20:13 - 2017-09-15 20:13 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Mindshow
2017-09-15 19:43 - 2017-09-15 19:43 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Against Gravity
2017-09-15 15:52 - 2017-09-15 15:52 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Stress Level Zero
2017-09-13 20:38 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 20:38 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 20:38 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 20:38 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 20:38 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 20:38 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 20:38 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 20:38 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 20:38 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 20:38 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 20:38 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 20:38 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 20:38 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 20:38 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 20:38 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 20:38 - 2017-09-05 06:39 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-09-13 20:38 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 20:38 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 20:38 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 20:38 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 20:38 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 20:38 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 20:38 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 20:38 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 20:38 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 20:38 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 20:38 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 20:38 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 20:38 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 20:38 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 20:38 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 20:38 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-09-13 20:38 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 20:38 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 20:38 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 20:38 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 20:38 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 20:38 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 20:38 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 20:38 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 20:38 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 20:34 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 20:34 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 20:34 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 20:34 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 20:34 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 20:34 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 20:34 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 20:34 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 20:34 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 20:33 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 20:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 20:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 20:33 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 20:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 20:33 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 20:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 20:33 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 20:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 20:33 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 20:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 20:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 20:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 20:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 20:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 20:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 20:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 20:33 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 20:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 20:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 20:33 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 20:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 20:33 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 20:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 20:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 20:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 20:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 20:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 20:33 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 20:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 20:33 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 20:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 20:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 20:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 20:33 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 20:33 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 20:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 20:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 20:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 20:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 20:33 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 20:33 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 20:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 20:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 20:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 20:32 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 20:32 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 20:32 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 20:32 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 20:32 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 20:32 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 20:32 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 20:32 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 20:32 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 20:32 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 20:32 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 20:32 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 20:32 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 20:32 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 20:32 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 20:32 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 20:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 20:32 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 20:32 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 20:32 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 20:32 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 20:32 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 20:32 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 20:32 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 20:32 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 20:32 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 20:32 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 20:32 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 20:32 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 20:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 20:32 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 20:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 20:32 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 20:32 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-09-13 20:32 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 20:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 20:32 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 20:32 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 20:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 20:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 20:32 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 20:32 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 20:32 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 20:31 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 20:31 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 20:31 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 20:31 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 20:31 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 20:31 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 20:31 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 20:31 - 2017-09-05 07:13 - 000078240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2017-09-13 20:31 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 001462688 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000855456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000849824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000674720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000406944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-09-13 20:31 - 2017-09-05 07:12 - 000235424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-09-13 20:31 - 2017-09-05 07:12 - 000203680 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2017-09-13 20:31 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 20:31 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 20:31 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 20:31 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 20:31 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 20:31 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 20:31 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 20:31 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 20:30 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 19:33 - 2017-09-13 19:33 - 000000000 ____D C:\temp
2017-09-12 18:08 - 2017-09-12 18:08 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Google
2017-09-12 16:44 - 2017-09-12 18:32 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-09-12 16:44 - 2017-09-12 16:44 - 000000000 ____D C:\Program Files\Virtual Desktop
2017-09-10 10:52 - 2017-09-10 11:30 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\Users\Hoshi\Documents\com.nolimitscoaster.nolimits2
2017-09-10 10:52 - 2017-09-10 10:52 - 000000000 ____D C:\ProgramData\com.nolimitscoaster.nolimits2
2017-09-09 17:16 - 2017-09-09 17:16 - 000000000 ____D C:\Users\Hoshi\AppData\Local\E1
2017-09-09 13:53 - 2017-09-09 13:53 - 000000000 ____D C:\Users\Hoshi\M210Projects
2017-09-09 13:28 - 2017-09-09 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood [GOG.com]
2017-09-09 11:09 - 2017-09-09 11:34 - 000000000 ____D C:\Users\Hoshi\Desktop\Aufnahme Vorlagen
2017-09-09 09:04 - 2017-09-09 09:05 - 000000024 _____ C:\Users\Hoshi\Desktop\SL Hud verstecken.txt
2017-09-08 19:08 - 2017-09-08 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima series
2017-09-08 18:14 - 2017-09-08 18:14 - 000000000 ____D C:\Users\Hoshi\AppData\Local\DarkSoulsMapViewer
2017-09-08 17:54 - 2017-09-08 17:54 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Citor3 Entertainment Studio Oy
2017-09-08 17:40 - 2017-09-08 17:40 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\STUDIO MORI
2017-09-08 12:24 - 2017-09-08 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clive Barkers Undying [GOG.com]
2017-09-08 09:09 - 2017-09-08 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Suffering [GOG.com]
2017-09-07 11:18 - 2017-09-07 11:18 - 000003908 _____ C:\WINDOWS\SysWOW64\ST5UNST.003
2017-09-07 11:18 - 2017-09-07 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Shock - Enhanced Edition [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein [GOG.com]
2017-09-07 11:17 - 2017-09-07 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlaws [GOG.com]
2017-09-07 10:10 - 2017-09-07 10:11 - 000096730 _____ C:\WINDOWS\TRON 2.0 Killer App Mod Uninstall Log.txt
2017-09-06 15:55 - 2017-09-06 15:55 - 000001151 _____ C:\Users\Hoshi\Desktop\DTLite.exe - Verknüpfung.lnk
2017-09-06 15:03 - 2017-09-06 15:57 - 000000000 ____D C:\Users\Hoshi\Documents\OpenRA
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\Documents\DAZ 3D
2017-09-06 06:26 - 2017-09-06 06:26 - 000000000 ____D C:\ProgramData\DAZ 3D
2017-09-06 06:25 - 2017-09-06 06:25 - 000000979 _____ C:\Users\Hoshi\Desktop\DAZ Studio 4.9 (64-bit).lnk
2017-09-06 06:25 - 2017-09-06 06:25 - 000000000 ____D C:\Program Files\DAZ 3D
2017-09-05 20:22 - 2017-09-06 11:48 - 000000000 ____D C:\Users\Public\Documents\My DAZ 3D Library
2017-09-05 20:20 - 2017-09-05 20:20 - 000000000 ____D C:\Users\Public\Documents\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:26 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAZ 3D
2017-09-05 20:19 - 2017-09-06 06:25 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2017-09-05 20:19 - 2017-09-05 20:19 - 000000949 _____ C:\Users\Hoshi\Desktop\DAZ Install Manager.lnk
2017-09-05 18:57 - 2017-09-05 18:57 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-09-05 18:55 - 2017-09-05 18:55 - 000000279 _____ C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Papierkorb (2).lnk
2017-09-05 17:50 - 2017-09-05 17:50 - 000001106 _____ C:\Users\Hoshi\Desktop\dosbox.exe - Verknüpfung.lnk
2017-09-01 19:29 - 2017-09-05 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MadOnion.com
2017-08-31 17:51 - 2017-08-31 17:51 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Lighthouse Games Studio
2017-08-29 15:23 - 2017-08-29 15:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Bungie
2017-08-28 17:33 - 2017-08-28 17:33 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Cinemur
2017-08-26 15:31 - 2017-08-26 15:31 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Acid Wizard Studio
2017-08-25 14:34 - 2017-08-22 00:54 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-25 14:34 - 2017-08-22 00:33 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-25 14:33 - 2017-08-22 03:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001289840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001007280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-08-25 14:33 - 2017-08-22 03:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-08-24 16:01 - 2017-08-24 16:01 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Gaikai
2017-08-24 16:00 - 2017-08-24 16:15 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Sony Interactive Entertainment Network America LLC
2017-08-24 16:00 - 2017-08-24 16:00 - 000000000 ____D C:\Program Files\DIFX

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-09-23 16:52 - 2017-04-14 09:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-23 16:52 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-23 16:52 - 2017-03-18 13:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-23 16:52 - 2014-03-15 14:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-23 16:47 - 2017-04-14 09:04 - 000000000 ____D C:\Users\Hoshi
2017-09-23 16:46 - 2015-01-30 20:17 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-23 16:33 - 2014-06-26 18:59 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-23 16:30 - 2017-04-14 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-23 13:14 - 2016-06-05 13:48 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Origin
2017-09-23 13:14 - 2014-03-20 18:26 - 000000000 ____D C:\Users\Hoshi\Documents\My Games
2017-09-23 13:14 - 2014-03-15 16:03 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-23 13:05 - 2014-03-15 16:33 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\UseNeXT
2017-09-23 12:54 - 2016-10-21 12:42 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2017-09-23 12:50 - 2014-03-15 15:20 - 000000000 ____D C:\ProgramData\Origin
2017-09-23 08:23 - 2014-10-19 17:11 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Cinemaware
2017-09-23 07:28 - 2017-04-14 09:13 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{91BA399B-E431-49C7-9B9A-A968D8719897}
2017-09-23 07:22 - 2017-04-14 09:17 - 006638594 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-23 07:22 - 2017-03-20 06:41 - 003345334 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-23 07:22 - 2017-03-20 06:41 - 000904400 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-23 07:15 - 2016-06-05 13:41 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Temp
2017-09-23 07:04 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-23 07:04 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-22 19:48 - 2014-06-26 18:59 - 000109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-09-22 19:06 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Performance
2017-09-22 19:04 - 2014-03-19 20:22 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\vlc
2017-09-22 15:43 - 2015-11-17 21:12 - 000000000 ____D C:\Users\Hoshi\AppData\Local\CrashDumps
2017-09-22 06:17 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-22 05:15 - 2014-11-13 05:39 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-09-21 20:24 - 2016-03-19 10:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-21 18:54 - 2015-06-21 13:23 - 000000000 ____D C:\WINDOWS\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2017-09-21 18:24 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-21 18:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\Registration
2017-09-21 17:40 - 2017-04-14 09:13 - 000003616 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-21 17:40 - 2017-04-14 09:13 - 000003392 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-20 16:33 - 2014-12-06 17:48 - 000000000 ____D C:\Users\Hoshi\AppData\Local\gtk-2.0
2017-09-20 16:33 - 2014-12-06 17:39 - 000000000 ____D C:\Users\Hoshi\.gimp-2.8
2017-09-19 21:08 - 2014-03-30 14:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\TS3Client
2017-09-18 19:11 - 2014-03-15 15:32 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Skype
2017-09-18 18:19 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Programme
2017-09-18 17:35 - 2015-12-13 09:21 - 000000000 ____D C:\Users\Hoshi\AppData\Local\ElevatedDiagnostics
2017-09-18 17:33 - 2014-05-11 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-09-16 14:13 - 2014-03-15 15:44 - 000000000 ___RD C:\Users\Hoshi\Desktop\Games
2017-09-15 18:27 - 2017-05-21 16:47 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Battle.net
2017-09-14 17:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 06:10 - 2016-02-13 19:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-14 06:09 - 2017-04-14 09:03 - 005290080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 20:58 - 2017-03-20 06:41 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 20:58 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 20:57 - 2017-04-29 07:35 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Mixxx
2017-09-13 20:44 - 2014-03-15 17:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 20:43 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 20:43 - 2014-03-15 17:02 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 20:00 - 2014-03-19 18:23 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\uTorrent
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 05:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-12 18:32 - 2014-05-17 19:23 - 000348360 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2017-09-12 18:31 - 2014-03-15 16:03 - 000280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2017-09-12 18:16 - 2015-07-03 19:19 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Google
2017-09-12 18:02 - 2014-03-15 16:03 - 000000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2017-09-12 16:23 - 2014-03-15 14:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-12 16:23 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-11 20:25 - 2017-02-18 07:18 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\Cronus
2017-09-10 19:43 - 2015-05-20 17:19 - 000000000 ____D C:\Users\Hoshi\Documents\The Witcher 3
2017-09-09 19:09 - 2014-03-16 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-09-07 11:18 - 2016-04-16 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Gold [GOG.com]
2017-09-07 11:18 - 2014-06-16 17:24 - 000000390 _____ C:\WINDOWS\SysWOW64\ilent
2017-09-07 11:17 - 2017-07-18 14:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\F.E.A.R. Platinum Collection [GOG.com]
2017-09-07 11:17 - 2016-12-16 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redneck Rampage [GOG.com]
2017-09-05 18:57 - 2017-05-23 16:41 - 000002237 _____ C:\Users\Hoshi\Desktop\Discord.lnk
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\discord
2017-09-05 18:57 - 2017-05-23 16:41 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Discord
2017-09-05 18:46 - 2017-07-16 08:25 - 000000000 ____D C:\Users\Hoshi\AppData\LocalLow\Thunder Lotus Games
2017-09-02 17:15 - 2017-03-18 23:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 17:15 - 2017-03-18 23:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-30 19:57 - 2015-11-02 18:18 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 05:56 - 2015-07-03 19:19 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-27 18:17 - 2017-07-19 20:18 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Firestorm
2017-08-26 15:28 - 2017-05-25 16:10 - 000000000 ____D C:\Users\Hoshi\AppData\Roaming\DAEMON Tools Lite
2017-08-25 15:05 - 2014-03-22 15:08 - 000000000 ____D C:\Users\Hoshi\AppData\Local\Blizzard Entertainment
2017-08-25 14:35 - 2017-04-14 09:13 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:13 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-25 14:35 - 2017-04-14 09:03 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-25 14:35 - 2016-07-07 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-25 14:34 - 2016-03-19 18:06 - 000000000 ____D C:\Program Files (x86)\VulkanRT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-07-18 20:03 - 2016-07-18 20:03 - 000006144 _____ () C:\Program Files (x86)\com.htc.vive.setup.bilogclient
2015-12-26 23:05 - 2015-12-27 14:56 - 000000297 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Login.ini
2015-12-26 23:06 - 2015-12-27 16:12 - 000001427 _____ () C:\Users\Hoshi\AppData\Roaming\BreakingPoint_Options.ini
2016-08-14 16:25 - 2016-08-14 16:32 - 000000224 _____ () C:\Users\Hoshi\AppData\Roaming\highScores.txt
2015-09-21 14:52 - 2015-09-21 14:52 - 000000099 _____ () C:\Users\Hoshi\AppData\Roaming\LauncherSettings_live.cfg
2015-09-21 14:44 - 2015-09-21 14:44 - 000010525 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_live.bin
2015-09-21 14:43 - 2015-09-21 14:43 - 000000040 _____ () C:\Users\Hoshi\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-11-15 21:03 - 2015-12-02 22:37 - 000003317 _____ () C:\Users\Hoshi\AppData\Roaming\VoiceMeeterDefault.xml
2015-01-30 20:11 - 2016-12-03 10:20 - 000010752 _____ () C:\Users\Hoshi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-19 11:53 - 2016-10-19 11:53 - 000000291 _____ () C:\Users\Hoshi\AppData\Local\ledConfiguration.config
2016-10-19 11:53 - 2016-12-25 12:58 - 000000737 _____ () C:\Users\Hoshi\AppData\Local\NvidiaLEDVisualizer.config
2016-03-15 17:36 - 2016-03-26 20:52 - 000000600 _____ () C:\Users\Hoshi\AppData\Local\PUTTY.RND
2017-09-20 16:33 - 2017-09-20 16:33 - 000027238 _____ () C:\Users\Hoshi\AppData\Local\recently-used.xbel
2016-07-31 13:54 - 2017-04-02 16:11 - 000007659 _____ () C:\Users\Hoshi\AppData\Local\Resmon.ResmonCfg
2014-12-23 13:43 - 2014-12-23 13:43 - 000004999 _____ () C:\ProgramData\auqrgqib.ttw
2017-04-14 09:04 - 2017-04-14 09:04 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-04 09:56 - 2017-05-04 18:25 - 000000257 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-04-08 22:13 - 2017-04-08 22:13 - 000000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-09-15 14:00

==================== Ende von FRST.txt ============================
         

Alt 23.09.2017, 17:02   #14
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-09-2017 02
durchgeführt von Hoshi (23-09-2017 16:55:49)
Gestartet von C:\Users\Hoshi\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-14 07:15:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1299527896-1211748070-1707534253-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1299527896-1211748070-1707534253-503 - Limited - Disabled)
Gast (S-1-5-21-1299527896-1211748070-1707534253-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1299527896-1211748070-1707534253-1002 - Limited - Enabled)
Hoshi (S-1-5-21-1299527896-1211748070-1707534253-1000 - Administrator - Enabled) => C:\Users\Hoshi
Mcx1-HOSHI-PC (S-1-5-21-1299527896-1211748070-1707534253-1005 - Limited - Enabled) => C:\Users\Mcx1-HOSHI-PC

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Chair in a Room: Greenwater (HKLM\...\Steam App 427760) (Version:  - Wolf &amp; Wood Interactive Ltd)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{151974E9-9B16-47DC-8B57-5684A1E42127}) (Version: 12.1.1.151 - Adobe Systems, Inc)
Aeon (HKLM\...\Steam App 543390) (Version:  - Illusion Ranger)
Agents of Mayhem (HKLM\...\Steam App 304530) (Version:  - Deep Silver Volition)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
Aliens vs. Predator (HKLM-x32\...\Steam App 10680) (Version:  - Rebellion)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{AFADB5DC-3ABC-421F-9DAD-BDABE511258B}) (Version: 4.0.51117.1 - Microsoft Corporation)
Arizona Sunshine (HKLM\...\Steam App 342180) (Version:  - Vertigo Games)
Art of Fight (HKLM\...\Steam App 531270) (Version:  - Raptor-Lab)
Assetto Corsa (HKLM\...\Steam App 244210) (Version:  - Kunos Simulazioni)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Axiom Verge (HKLM\...\Steam App 332200) (Version:  - Thomas Happ Games LLC)
Azure AD Authentication Connected Service (HKLM-x32\...\{3FEAC561-1CF6-41D6-B0F3-BECDD9C88A1B}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Battlezone (HKLM\...\Steam App 312650) (Version:  - Rebellion)
Beyond Good and Evil (HKLM-x32\...\Uplay Install 232) (Version:  - Ubisoft)
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
Bullets And More VR - BAM VR (HKLM\...\Steam App 525640) (Version:  - Koenigz)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
Call of Duty: Infinite Warfare (HKLM\...\Steam App 292730) (Version:  - Infinity Ward)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\1207659191_is1) (Version: 2.1.0.9 - GOG.com)
Cloudlands : VR Minigolf (HKLM\...\Steam App 425720) (Version:  - Futuretown)
Cmoar VR Cinema (HKLM\...\Steam App 527160) (Version:  - Cmoar Studio)
Comedy Night (HKLM\...\Steam App 665360) (Version:  - Lighthouse Games Studio)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Conarium (HKLM\...\Steam App 313780) (Version:  - Zoetrope Interactive)
Connect (HKLM-x32\...\MAGIX_connector_is1) (Version: 2.5.1.84 - MAGIX Software GmbH)
CoolSoft VirtualMIDISynth 1.14.1 (HKLM-x32\...\CoolSoft VirtualMIDISynth) (Version: 1.14.1.0 - CoolSoft)
Cronus PRO 1.20 (HKLM-x32\...\Cronus PRO) (Version: 1.20 - CronusMAX Team)
CtrlAltStudio-Viewer-Alpha (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Alpha) (Version: 1.2.6.43412 - CtrlAltStudio)
Cyberduck (HKLM-x32\...\{27F61226-4F73-4617-BEDF-DBCB5C6D35D3}) (Version: 5.0.3.20504 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{be4c3b9a-7362-4e8b-a310-225db8ff97d6}) (Version: 5.0.3.20504 - iterate GmbH)
Dangerous Golf (HKLM\...\Steam App 405500) (Version:  - Three Fields Entertainment)
DARK SOULS III (HKLM\...\Steam App 374320) (Version:  - FromSoftware, Inc.)
Day of the Tentacle Remastered (HKLM\...\Steam App 388210) (Version:  - Double Fine Productions)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.71) (Version: 1.1.0.71 - DAZ 3D)
Dead Effect 2 VR (HKLM\...\Steam App 646200) (Version:  - BadFly Interactive, a.s.)
DeliPlayer (HKLM-x32\...\DeliPlayer2) (Version:  - )
Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura)
Discord (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
DivX Pro 6.8.0 VFW (HKLM-x32\...\divx650vfw_is1) (Version: 6.8.0.14 - )
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
Dotfuscator and Analytics Community Edition 5.19.0 (HKLM-x32\...\{4C5B1DD0-7E8E-4972-9247-818E6D030552}) (Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Duck Season (HKLM\...\Steam App 503580) (Version:  - Stress Level Zero)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Elgato Game Capture HD (64-bit) (HKLM\...\{C59BB2DE-E483-4704-976C-652E38DB62A0}) (Version: 3.00.111.1111 - Elgato Systems GmbH)
Elite Dangerous: Horizons (HKLM-x32\...\Steam App 419270) (Version:  - Frontier Developments)
Epic Games Launcher (HKLM-x32\...\{FC1F25AF-C8BB-404E-B15F-1B12CAB98E7F}) (Version: 1.1.96.0 - Epic Games, Inc.)
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
EVERSPACE™ (HKLM\...\Steam App 396750) (Version:  - ROCKFISH Games)
F.E.A.R. Platinum Collection (HKLM-x32\...\1423058413_is1) (Version: 2.0.0.6 - GOG.com)
Fast Action Hero (HKLM\...\Steam App 534000) (Version:  - Sirius Sam)
FileZilla Client 3.16.1 (HKLM-x32\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Firebird 2.5.2.26540 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26540 - Firebird Project)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Firestorm-Release (HKLM-x32\...\Firestorm-Release) (Version: 5.0.1.52150 - The Phoenix Firestorm Project, Inc.)
FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.1.119 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.21.610 - Digital Wave Ltd)
Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Full Throttle Remastered (HKLM\...\Steam App 228360) (Version:  - Double Fine Productions)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
G4E (HKLM-x32\...\{D42540BE-EB5A-9420-8101-6D87DCDACD9E}) (Version: 1.7 - UNKNOWN) Hidden
G4E (HKLM-x32\...\G4E) (Version: 1.7 - UNKNOWN)
Game Capture HD v2.3.3.40 (HKLM-x32\...\Software_Elgato_Game Capture HD) (Version: 2.3.3.40 - Elgato Systems)
Game Capture HD60 Pro v1.1.0.149 (HKLM-x32\...\Software_Elgato_Game Capture HD60 Pro) (Version: 1.1.0.149 - Elgato Systems)
Game Capture HD60 v2.1.1.4 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.4 - Elgato Systems)
Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version:  - )
Ghost of a Tale (HKLM\...\Steam App 417290) (Version:  - SeithCG)
Ghost Town Mine Ride & Shootin' Gallery (HKLM\...\Steam App 459010) (Version:  - Spectral Illusions)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Earth VR (HKLM\...\Steam App 348250) (Version:  - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GORN (HKLM\...\Steam App 578620) (Version:  - Free Lives)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HCS VoicePacks Deutsch AURORA version 2.0 (HKLM-x32\...\{D53FEFBB-C717-403A-8246-D8F2BFC507DA}_is1) (Version: 2.0 - HCS VoicePacks Ltd)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version:  - Ansgar Becker)
Hellblade: Senua's Sacrifice (HKLM\...\Steam App 414340) (Version:  - Ninja Theory)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami 2: Wrong Number (HKLM\...\Steam App 274170) (Version:  - Dennaton Games)
ILLUSION HoneySelect (HKLM-x32\...\{1F709DAC-507B-47DA-B04F-367EF5AA20B4}) (Version: 1.00.0000 - ILLUSION)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
INSIDE (HKLM\...\Steam App 304430) (Version:  - Playdead)
Intel A/V Codecs V2.0 (HKLM-x32\...\CodInstl) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel(R) Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Island 359 (HKLM\...\Steam App 476700) (Version:  - CloudGate Studio, Inc.)
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Job Simulator (HKLM\...\Steam App 448280) (Version:  - Owlchemy Labs)
John Wick Chronicles (HKLM\...\Steam App 382360) (Version:  - Starbreeze Studios)
Karnage Chronicles (HKLM\...\Steam App 611160) (Version:  - Nordic Trolls)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LAV Filters 0.66 (HKLM-x32\...\lavfilters_is1) (Version: 0.66 - Hendrik Leppkes)
Layers of Fear (HKLM-x32\...\Steam App 391720) (Version:  - Bloober Team SA)
Lethal VR (HKLM\...\Steam App 532270) (Version:  - Three Fields Entertainment)
Lethe - Episode One (HKLM\...\Steam App 407780) (Version:  - KoukouStudios)
Lockdown: Stand Alone (HKLM\...\Steam App 513270) (Version:  - Viversion)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Logitech Gaming Software 8.88 (HKLM\...\Logitech Gaming Software) (Version: 8.88.30 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MAGIX Common Components 1 (HKLM-x32\...\{7A8B2204-574B-42A2-A3DC-52AE142D197F}) (Version: 1.2.0.0 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 1 (HKLM-x32\...\{3859AC53-3C30-4885-AA6B-5DAC442AC871}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Fonts Package 2 (HKLM-x32\...\{BCE30F6A-D172-4A2A-94FC-65B6749FDBC7}) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{2497E82C-98AE-494E-B155-52623C230EC6}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Soundpool Music Maker - Feel good (HKLM\...\{81F7511B-CB79-40CB-B173-35292038A84D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM\...\{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{3F744D82-3ED5-48B6-A3C8-C0208C3BEE0B}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 1) (HKLM\...\MX.{E9D2A2BC-900E-4CBE-8543-E2EEF79163CB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 2) (HKLM\...\MX.{38B2C12F-B11F-40A5-B04C-9819949FFE01}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 3) (HKLM\...\MX.{1759FCEB-940B-4D92-9F45-E55E7E6736C0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 4) (HKLM\...\MX.{A35C545A-8BF8-40C4-BC04-50216A46C2F0}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 5) (HKLM\...\MX.{57AA9D95-6A4C-4247-B98A-6EA983F3E0FB}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 6) (HKLM\...\MX.{D3AC4780-D1C1-4A70-9832-BB64E79C62B3}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Filmvorlagen 7) (HKLM\...\MX.{98C37332-DC95-426F-A987-043FA9A282D1}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (HKLM\...\{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (HKLM\...\MX.{B9D9D873-ADDA-4D0C-B691-0F323C6DD62A}) (Version: 15.0.0.62 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (NewBlue ActionCam Package) (HKLM\...\MX.{02C01AE1-F497-475A-AA45-43E41A495136}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (proDAD Mercalli V4) (HKLM\...\MX.{89CF4765-0012-4619-BA4E-1571376A25CA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Titeleffekte) (HKLM\...\MX.{28FE7891-77C0-45E1-9CA4-35E9250F91DA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium (Überblendeffekte) (HKLM\...\MX.{585234EA-CDB3-48A7-B6C4-0EFF9A86D244}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{310EA489-7C68-407E-A246-D600398647F8}) (Version: 15.0.0.107 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{7751963F-7D88-4626-BEFE-9A848F7400B4}) (Version: 15.0.0.90 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{AA6874A6-C7EB-42D5-B434-A86B75E00F32}) (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (HKLM\...\{D02B20D4-DA3E-4542-ADFD-D2B0BC8A1E84}) (Version: 15.0.0.102 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (HKLM\...\MX.{6EF62090-796C-42D3-9D71-BA127DDEC550}) (Version: 16.0.1.22 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (MotionStudios Vasco da Gama 9 Essential) (HKLM\...\MX.{5EC327CC-EEA1-41E1-A416-0E931051D49B}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe Premium (NewBlue Titler Pro Express) (HKLM\...\MX.{1746FE16-859D-4169-960B-712ED9A0215D}) (Version: 16.0.0.0 - MAGIX Software GmbH)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marvel's Guardians of the Galaxy: The Telltale Series (HKLM\...\Steam App 579950) (Version:  - Telltale Games)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62607.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62607.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Text to Speech Voice (en-US, Helen) (HKLM-x32\...\{8466EAED-7024-4AEE-9D13-F3A55B98D114}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{F0DB2786-18C8-4B0D-9DC2-BA58856A2821}) (Version: 2.1.0.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{5642384f-2a89-46d3-acd5-bfe8bf6e8b2f}) (Version: 14.0.24720.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mindshow (HKLM\...\Steam App 382000) (Version:  - Mindshow, Inc.)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Monster Maze VR (HKLM\...\Steam App 543600) (Version:  - 4 Fun Studio)
Mozilla Firefox 55.0.3 (x64 de) (HKLM\...\Mozilla Firefox 55.0.3 (x64 de)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{FA0599C5-C083-41BE-8AEA-E8EB9070D128}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Music Maker (HKLM\...\{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH) Hidden
Music Maker (HKLM-x32\...\MX.{D5FF45D3-3AE3-4490-85DE-04D059606382}) (Version: 25.0.1.33 - MAGIX Software GmbH)
Music Maker Update (HKLM\...\{6B088B33-748B-4AFD-B6D1-841F298B5D52}) (Version: 25.0.2.44 - MAGIX Software GmbH) Hidden
My Game Long Name (HKLM\...\UDK-6a43523d-137c-4ffe-8432-fea0f9ad936e) (Version:  - Epic Games, Inc.)
Nature Treks VR (HKLM\...\Steam App 587580) (Version:  - John Carline)
Nero Burning ROM 2014 (HKLM-x32\...\{AB51F94A-8AA0-4F96-81B1-0446BA681083}) (Version: 15.0.02700 - Nero AG)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Neverending Nightmares (HKLM-x32\...\Steam App 253330) (Version:  - Infinitap Games)
NewBlue ActionCam Package (HKLM-x32\...\NewBlue ActionCam Package) (Version: 1.0 - NewBlue)
NewBlue Titler EX for MAGIX (HKLM-x32\...\NewBlue Titler EX for MAGIX) (Version: 1.0 - NewBlue)
NewBlue Titler Pro Express For Magix (HKLM\...\NewBlue Titler Pro Express For Magix) (Version: 1.0 - NewBlue)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
nGlide 1.03 (HKLM-x32\...\nGlide) (Version: 1.03 - Zeus Software)
NightCry (HKLM\...\Steam App 427660) (Version:  - Nude Maker)
Nock: Hidden Arrow (HKLM\...\Steam App 525210) (Version:  - CodeBison Games)
NoLimits 2 Roller Coaster Simulation (HKLM\...\Steam App 301320) (Version:  - Ole Lange)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA Grafiktreiber 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA LED Visualizer 1.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.LEDVisualizer) (Version: 1.0 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
Observer (HKLM\...\Steam App 514900) (Version:  - Bloober Team SA)
Oculus (HKLM\...\Oculus) (Version: <3 - Oculus VR, LLC)
Oculus Rift DK2 Sensor Driver (HKLM\...\{F786EF4E-73FE-4700-AC19-FFC0B2298F20}) (Version: 1.0.0.0 - Oculus VR, LLC) Hidden
Oculus Rift Monitor Driver (HKLM\...\{E932D5B4-547A-4959-B642-3816836283E3}) (Version: 1.0.1.0 - Oculus VR, LLC) Hidden
Oculus Rift Sensor Driver (HKLM\...\{E724ED40-8962-4987-901D-57AC8C9E41CD}) (Version: 1.0.20.0 - Oculus VR, LLC) Hidden
One Unit Whole Blood (HKLM-x32\...\1207658856_is1) (Version: 2.1.0.24 - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.)
Outlast 2 (HKLM\...\Steam App 414700) (Version:  - Red Barrels)
Outlaws (HKLM-x32\...\1425302464_is1) (Version: 2.1.0.11 - GOG.com)
Overload (HKLM\...\Steam App 448850) (Version:  - Revival Productions, LLC)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Paranormal Activity: The Lost Soul (HKLM\...\Steam App 467660) (Version:  - VRWERX)
Pavlov VR (HKLM\...\Steam App 555160) (Version:  - davevillz)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Pierhead Arcade (HKLM\...\Steam App 435490) (Version:  - Mechabit Ltd)
Planet Coaster (HKLM\...\Steam App 493340) (Version:  - Frontier Developments)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Pool Nation VR  (HKLM\...\Steam App 269170) (Version:  - Cherry Pop Games)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisite installer (HKLM-x32\...\{5909A89E-C97F-407C-AE2B-47BDED86BF5D}) (Version: 15.0.0005 - Nero AG) Hidden
Prey (HKLM\...\Steam App 480490) (Version:  - Arkane Studios)
proDAD Mercalli NLE 4.0 (64bit) (HKLM\...\proDAD-MercalliPlugins-4.0) (Version: 4.0.467.1 - proDAD GmbH)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project CARS (HKLM\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PS4 Remote Play (HKLM-x32\...\{079C8DC3-767F-46CF-B871-14D21FCC2890}) (Version: 2.0.0.02211 - Sony Interactive Entertainment Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (HKLM\...\{ABFED5A0-7D10-4617-A816-DD2D3B85706D}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (HKLM\...\{E970CE81-6F26-4274-8E4E-5AFC000FB888}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (HKLM\...\{401FADAA-1C16-4721-9F02-19067E1A1CA8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Quantum Break (HKLM\...\Steam App 474960) (Version:  - Remedy Entertainment)
Quell 4D (HKLM\...\Steam App 534230) (Version:  - Rubycone)
Quest 5.6.1 (HKLM-x32\...\Quest_is1) (Version: 5.6.1 - Alex Warren)
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Raw Data (HKLM\...\Steam App 436320) (Version:  - Survios)
Realms of the Haunting (HKLM-x32\...\Realms of the Haunting_is1) (Version:  - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Rec Room (HKLM\...\Steam App 471710) (Version:  - Against Gravity)
Redneck Rampage Collection (HKLM-x32\...\1207658674_is1) (Version: 2.1.0.12 - GOG.com)
Redout (HKLM\...\Steam App 517710) (Version:  - 34BigThings srl)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-388E-4359-A6DB-DA1000048401}) (Version: 1.0.0004.132 - CAPCOM U.S.A, INC) Hidden
Return to Castle Wolfenstein (HKLM-x32\...\1441704976_is1) (Version: 2.0.0.2 - GOG.com)
Revive Dashboard (HKLM-x32\...\Revive) (Version:  - )
Rez Infinite (HKLM\...\Steam App 636450) (Version:  - Monstars Inc.)
Rick and Morty: Virtual Rick-ality (HKLM\...\Steam App 469610) (Version:  - Owlchemy Labs)
Rise of the Tomb Raider (HKLM-x32\...\Steam App 391220) (Version:  - Crystal Dynamics)
Rising Storm 2: Vietnam (HKLM\...\Steam App 418460) (Version:  - Antimatter Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
Roslyn Language Services - x86 (HKLM-x32\...\{6A7F37C9-1E37-3A9A-93D4-09BBEB4BD343}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Saints Row: The Third (HKLM\...\Steam App 55230) (Version:  - Volition)
Secret World Legends (HKLM\...\Steam App 215280) (Version:  - Funcom)
Serious Sam VR: The First Encounter (HKLM\...\Steam App 552450) (Version:  - Croteam VR)
Shadow Warrior 2 (HKLM\...\Steam App 324800) (Version:  - Flying Wild Hog)
SHOUTcast DNAS (remove only) (HKLM-x32\...\SCDNAS) (Version:  - )
Sin (HKLM-x32\...\Sin) (Version:  - )
Sin Gold (HKLM-x32\...\GOGPACKSINGOLD_is1) (Version: 2.0.0.9 - GOG.com)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimDX Redistributable (June 2010) (HKLM-x32\...\{354D00E0-C7C9-4BC1-BC12-08C4977AA827}) (Version: 2.0.10.43 - SlimDX Group)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Soldier of Fortune - Community Edition 6.1 (HKLM-x32\...\Soldier of Fortune - Community Edition 6.1) (Version:  - )
Sonic Mania (HKLM\...\Steam App 584400) (Version:  - Christian Whitehead)
Soundscape VR (HKLM\...\Steam App 636930) (Version:  - Groove Science)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version:  - )
Space Hulk: Deathwing (HKLM\...\Steam App 298900) (Version:  - Streum On Studio)
Spirits of Xanadu (HKLM-x32\...\Steam App 312230) (Version:  - Good Morning, Commander)
Spotify (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
STAR WARS™ Battlefront™ II Closed Alpha (HKLM-x32\...\{d32f9b53-3a06-4720-bc64-c56f0fe8256a}) (Version: 1.0.0.0 - Electronic Arts)
STASIS (HKLM\...\Steam App 380150) (Version:  - THE BROTHERHOOD)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SteamDolls VR Demo (HKLM\...\Steam App 528690) (Version:  - The Shady Gentlemen)
SteamWorld Dig (HKLM-x32\...\{F81E6BA3-5772-4435-B635-D71E90130052}) (Version: 1.10.0.0 - Image & Form)
STRAFE® (HKLM\...\Steam App 442780) (Version:  - Pixel Titans)
Strife: Veteran Edition (HKLM-x32\...\Steam App 317040) (Version:  - Rogue Entertainment)
SUPERHOT VR (HKLM\...\Steam App 617830) (Version:  - SUPERHOT Team)
SVRVIVE: The Deus Helix (HKLM\...\Steam App 509540) (Version:  - SVRVIVE Studios)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
System Shock - Enhanced Edition (HKLM-x32\...\1439995156_is1) (Version: 2.1.0.4 - GOG.com)
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Tales from the Borderlands (HKLM\...\Steam App 330830) (Version:  - Telltale Games)
Team Explorer for Microsoft Visual Studio 2015 (HKLM-x32\...\{48992F68-BEE6-35D8-89AC-6A81406F1096}) (Version: 14.0.24712 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Terminator Future Shock + SkyNET version 1.0 (HKLM-x32\...\{AC9D63E6-A090-49E3-95CA-9CAA6706AEAF}_is1) (Version: 1.0 - Bethesda Softworks)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Brookhaven Experiment (HKLM\...\Steam App 440630) (Version:  - Phosphor Games)
The Chronicles of Riddick - Assault on Dark Athena (HKLM-x32\...\GOGPACKRIDDICK_is1) (Version: 2.0.0.10 - GOG.com)
The Gallery - Episode 1: Call of the Starseed (HKLM\...\Steam App 270130) (Version:  - Cloudhead Games ltd.)
The Klub 17 (HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\Klub-7) (Version: 7.5.0 - Team WRK17)
The Lab (HKLM\...\Steam App 450390) (Version:  - Valve)
The Solus Project (HKLM\...\Steam App 313630) (Version:  - Hourences)
The Suffering (HKLM-x32\...\1268478205_is1) (Version: 1.0.1 - GOG.com)
The Unwelcomed (HKLM\...\Steam App 504560) (Version:  - The Unwelcomed Studios)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
theBlu (HKLM\...\Steam App 451520) (Version:  - Wevr, Inc.)
TheWaveVR (HKLM\...\Steam App 453000) (Version:  - TheWaveVR)
Thief 3 Sneaky Upgrade SDB (HKLM\...\{61271900-d6b0-4da5-801b-7127a8713df1}.sdb) (Version:  - )
Thief 3 Sneaky Upgrade version 1.1.5.2 (HKLM-x32\...\{6787B847-DE1D-4B75-AF7F-9F0B0FF9E59E}_is1) (Version: 1.1.5.2 - )
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
Titanfall™ 2 (HKLM-x32\...\{4BD80373-FEE7-45B6-8249-6E8E98717405}) (Version: 1.0.1.0 - Electronic Arts, Inc.)
Tormentum - Dark Sorrow (HKLM\...\Steam App 335000) (Version:  - OhNoo Studio)
TrackMania² Canyon (HKLM\...\Steam App 228760) (Version:  - Nadeo)
Trapcode Suite 64-bit (HKLM\...\{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant) Hidden
Trapcode Suite 64-bit (HKLM-x32\...\InstallShield_{460D83C4-15D5-4C0E-9B7D-2204F196A010}) (Version: 12.1.3 - Red Giant)
TypeScript Power Tool (HKLM-x32\...\{7FBEE165-A653-4B2A-A93A-4643794E22A8}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{D7C8A95B-B1EE-43B1-837D-C73D1321FEBA}) (Version: 1.7.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.4.0 (HKLM-x32\...\{33e2204a-4ec6-4458-895a-47e2a404d990}) (Version: 1.7.24720.0 - Microsoft Corporation)
Tyrian 2000 (HKLM-x32\...\1207658901_is1) (Version: 2.1.0.13 - GOG.com)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ulead MediaStudio Pro 8.0 (HKLM-x32\...\{A6E71574-2126-4E95-816E-32B2411C94BA}) (Version: 8.0 - Ulead Systems, Inc.)
Ultima Underworld 2 (HKLM-x32\...\1207662473_is1) (Version: 2.1.0.20 - GOG.com)
Ultimate Booster Experience (HKLM\...\Steam App 499620) (Version:  - GexagonVR)
Uninvited: MacVenture Series (HKLM\...\Steam App 343810) (Version:  - Zojoi)
Unknown Pharaoh (HKLM\...\Steam App 576100) (Version:  - 4 Fun Studio)
Unreal Gold (HKLM-x32\...\1207658679_is1) (Version: 2.1.0.6 - GOG.com)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
Vanishing Realms (HKLM\...\Steam App 322770) (Version:  - Indimo Labs LLC)
Vasco da Gama 9 HD Essential (HKLM-x32\...\{132A1B32-8C6A-416C-B7FB-7D4CD54C18DE}) (Version: 9.00.0000 - MotionStudios)
Vertigo (HKLM\...\Steam App 465430) (Version:  - Zach Tsiakalis-Brown)
Virtual Desktop (HKLM\...\Steam App 382110) (Version:  - Guy Godin)
Virtual Desktop Service (HKLM\...\{2F1A2C04-7695-47E1-B69E-B2B5B2038C39}) (Version: 1.5.1 - Guy Godin)
Visual Basic 5.0 (C:\WINDOWS\system32\) #3 (HKLM-x32\...\ST5UNST #3) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #4 (HKLM-x32\...\ST5UNST #4) (Version:  - )
Visual Basic 5.0 (C:\WINDOWS\system32\) #5 (HKLM-x32\...\ST5UNST #5) (Version:  - )
Visual Basic 5.0 (C:\Windows\system32\) (HKLM-x32\...\ST5UNST #2) (Version:  - )
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
Vita 2 (HKLM\...\{39B956AD-00E8-4561-B6CC-7E91BDEDB0AF}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Concert Grand LE (HKLM\...\{0501DF32-8054-41E0-A1D1-B6BEAB54CACF}) (Version: 2.4.0.95 - MAGIX Software GmbH) Hidden
Vita Drum Engine (HKLM\...\{E5494279-4C0C-4220-9B41-A6BC89D6A92E}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Vita Electric Piano (HKLM\...\{D14FE00B-0E75-462A-936A-C9483A20D0D0}) (Version: 1.0.2.0 - MAGIX Software GmbH) Hidden
Vita Power Guitar (HKLM\...\{69F05894-87A2-4E92-A6E3-EE8937D09CC0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VoiceAttack version 1.5.12 (HKLM-x32\...\{D6EDF6DB-029E-4A34-A3A0-D960CB0FCB2A}_is1) (Version: 1.5.12 - VoiceAttack.com)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version:  - VB-Audio Software)
vorpX (HKLM-x32\...\{C136D0CC-9077-4979-801E-6B5A956EED6A}_is1) (Version: 17.1.3.0 - Animation Labs)
VRporize - VR FPS (HKLM\...\Steam App 498970) (Version:  - Mercury Aerospace Industries)
VS Update core components (HKLM-x32\...\{5F7870A1-0586-313E-A9FF-3249DCE9F63A}) (Version: 14.0.24720 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
Waltz of the Wizard (HKLM\...\Steam App 436820) (Version:  - Aldin Dynamics)
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Wheel of Time (HKLM-x32\...\Wheel of Time) (Version:  - )
White Night (HKLM-x32\...\Steam App 301560) (Version:  - OSome Studio)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windlands (HKLM\...\Steam App 428370) (Version:  - Psytec Games Ltd)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - Sony Computer Entertainment Inc. Wireless controller for PLAYSTATION(R)3 Driver Package (01/20/2012 1.4.0.0) (HKLM\...\D5410AE5FA467EF0F19558D5F60C991A79E11B51) (Version: 01/20/2012 1.4.0.0 - Sony Computer Entertainment Inc.)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
Xara 3D Maker 7 (HKLM-x32\...\{19B9DAD6-5E6E-4B80-8EFE-314B5638D6D4}) (Version: 7.0.0.415 - Xara Group Ltd) Hidden
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
Xml Viewer (HKLM-x32\...\{F58E04CD-6E76-43C8-AAF1-482225C2910E}) (Version: 3 - MindFusion Limited)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [Convert] -> {9f95ca1a-e80e-4c0f-acd1-4c9b7900b982} => C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)\Utilities\bin\x64\TxView.dll [2010-06-02] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-22] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext.dll [2013-12-01] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Programme\WinRAR\rarext32.dll [2013-12-01] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {08060686-DA7A-4F81-903F-5EF5846EBC46} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {10FB4821-8293-4FB8-93AC-ED877096D358} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {15CEA677-3D1C-403A-8EE5-9C536AE36655} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3356136B-5DA8-4E2C-94F1-D934C3FFD02A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {33D241F7-FCC1-4696-BA50-24F80B532744} - System32\Tasks\{EA0A359E-2C55-46AC-83DB-0F986B25B53B} => C:\Windows\system32\pcalua.exe -a E:\WMEncoder64.exe -d E:\
Task: {39B3A4D0-967A-4B83-8FAE-BFC9CCF78C7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {3C768F76-478B-4129-836E-66BBD535DF4B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CA1C205-5779-4D65-9B79-03CA693A49ED} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [2017-05-10] (MAGIX Software GmbH)
Task: {3F26B3E2-B93D-49BD-BC7E-5F720B51C994} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {415F7118-E84D-43AD-B678-2809A265ACDD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {52FD4488-82FE-4FC3-A835-7330FDE39B8B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58E0F5EB-6F42-4B37-A50A-952C0182547B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5A2D88F9-D511-4485-A81D-E9539F5865C8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5D12D0DE-7C2D-43EB-88A7-25C081D80C44} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6509C4C3-BDFD-4861-ABD9-95C391A5DA45} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {67D99D18-6635-4D3E-869B-A89F58F4E0BE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-22] (NVIDIA Corporation)
Task: {6ACACBFB-34D5-4E50-99F6-7C2E8F65870B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {6DFFA0FA-204A-4DB6-A32D-36551F60CD88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {71CC4BE9-738E-4546-A312-5370DAC238D2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-03] (Google Inc.)
Task: {72C2654C-0345-4427-92A1-203E5906A350} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7EE287C4-2286-41C0-8590-B925FB2DD061} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8426F389-7EEE-48D3-86F8-A0B7F68C0351} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9502FC37-4BF3-4187-97DB-BB885F817B28} - System32\Tasks\{540C4F0A-AFE9-41B0-8BED-770ADCAFCFDD} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.4.0.102/de/abandoninstall?page=tsMain
Task: {9F4B56CC-50E0-44AF-946B-932FF1BB8876} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {ADEAE2A2-DBBC-4FEA-AE2B-1ACCCCA9F22C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {B265853E-1EB9-4490-8346-026981D861F1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {B7290E7F-96E2-49E1-94BC-17D8FC712ACF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF0E8690-E916-421C-925C-8EF2FB370D68} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-22] (NVIDIA Corporation)
Task: {CCEA5BF9-67E9-44F9-8750-250CB46A4824} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {D61F55A8-B0BB-4781-80FD-8F7B16E7EA4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {E025C148-A5D4-4254-AAA8-1B4360B2374B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-22] (NVIDIA Corporation)
Task: {E6B257D7-040D-4610-AFE5-4256956C9B14} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAE39C83-0CAA-4312-907A-1243969BAB66} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {ED55E21A-57DB-4591-8F95-58F0658945D4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {F2A52317-F2C1-4630-87BC-E12B2FFC7496} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F5132FA3-CAD1-4315-BF63-D7542912C7C7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F75A3443-BF9D-4B1D-BAB0-DA6B05C232BC} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-HOSHI-PC => C:\WINDOWS\ehome\McxTask.exe
Task: {FC7911CA-4CA6-4249-A2B5-D3C065E61A89} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FC8098E2-47F8-48D3-A990-2172097B9ABA} - System32\Tasks\{1B9BAEFE-CA33-481C-8FAF-AF1A3509FC73} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\Battlefield - Bad Company 2\Cleanup.exe" -c uninstall_game -autologging

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\Hoshi\Desktop\Games\InLucysEyes.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\InLucysEyes\InLucysEyes.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\Desktop\Games\TenebrisLake.bat - Verknüpfung.lnk -> D:\Games\Steam\SteamApps\common\Amnesia The Dark Descent\TenebrisLake.bat (Keine Datei)
Shortcut: C:\Users\Hoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-09-12 16:44 - 2017-09-12 18:09 - 000076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-07-19 21:54 - 2017-07-19 21:54 - 000330208 _____ () C:\Program Files\Virtual Desktop\VirtualDesktop.Service.exe
2014-12-26 23:05 - 2011-07-28 18:06 - 000297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-20 06:43 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2016-09-29 23:13 - 2016-09-29 23:13 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-12-26 23:05 - 2011-07-27 12:53 - 000360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-03-15 14:20 - 2013-09-03 17:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\skype.com -> hxxps://apps.skype.com
         

Alt 23.09.2017, 17:02   #15
Hoshi82
 
Windows 10 64bit : Verdacht auf Maleware - Standard

Windows 10 64bit : Verdacht auf Maleware



addition fortsetzung
Code:
ATTFilter
==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2017-09-07 10:11 - 000000027 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hoshi\AppData\Roaming\mozilla\firefox\desktop-hintergrund.bmp
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: LogitechQuickCamRibbon => "D:\Programme\Logitech\Webcam\Logitech WebCam Software\LWS.exe" /hide
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "HTC Store User Content Helper"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1299527896-1211748070-1707534253-1000\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{BA585EE1-A7F9-49C7-88D7-522B7C9DC59D}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{E0DC3C0F-8A5A-4950-B29C-A9CC62B6E5CA}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{702407FC-570B-48B7-B575-F088B82F5FD7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DEEF9EE1-3254-466A-98B9-C6EF05212ACD}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [UDP Query User{19C290C3-9D18-4F16-B042-EFF275DA013C}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [TCP Query User{A632B5B6-D96A-4EA2-A892-8626A8AF81A8}C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe] => (Allow) C:\games\steam\steamapps\common\pavr pre alpha demo\pa_ue4\binaries\win64\pa_ue4-win64-shipping.exe
FirewallRules: [UDP Query User{1E455C75-FB8D-483B-91A4-B8C11BE4C869}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [TCP Query User{813295F7-78FC-4553-AC43-715C5B7879F5}D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\pavlovvr\pavlov\binaries\win64\pavlov-win64-shipping.exe
FirewallRules: [{3C3D2E69-5741-4D9C-8BA6-F881ECC18C21}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AA3B8C49-6083-48B9-AE89-19BC7C9097E3}] => (Allow) C:\Games\Steam\steamapps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{AC96AE27-8529-497D-8B66-FCC05C1371F3}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{A7801E9D-E656-4A15-A6D0-32B372633B3A}] => (Allow) C:\Games\Steam\steamapps\common\Vertigo\Vertigo.exe
FirewallRules: [{F90A37A4-FB13-402B-B550-8F4E250A6235}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{003666E4-1942-464C-8684-9E3839ACA7ED}] => (Allow) C:\Games\Steam\steamapps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{5D395514-FDFF-41A2-9CD5-AEF110564C5E}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{DD6D3136-65A5-46F7-B3F2-9309062D411C}] => (Allow) D:\Games\Steam\SteamApps\common\PavlovVR\Pavlov.exe
FirewallRules: [{6B0A2104-10B4-44D9-83FF-602956979021}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{2EA87923-BA90-4961-B89D-8193B1BA93B7}] => (Allow) D:\Games\Steam\SteamApps\common\Monster Maze VR\MonsterMazeVR.exe
FirewallRules: [{4C28E660-F41C-4E65-BE80-7BCCA081576B}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{97BEA2F2-001B-4D94-A00B-9C1B06EBD466}] => (Allow) D:\Games\Steam\SteamApps\common\Unknown Pharaoh\UnknownPharaoh.exe
FirewallRules: [{E97CCF0D-855F-4E08-91CD-B3B76D5ECE85}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{ADA15F69-55DB-43BD-8F88-F6183D6DCE81}] => (Allow) D:\Games\Steam\SteamApps\common\INSIDE\INSIDE.exe
FirewallRules: [{E0CEF3DC-4FAE-458D-9748-B22736715E69}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [{9813278E-1BE2-419A-BF40-0A0AFC5DE0FC}] => (Allow) D:\Games\Steam\SteamApps\common\Uninvited MacVenture Series\uninvited.exe
FirewallRules: [UDP Query User{1FDBA183-7457-486A-8B59-C110F9C0AA2B}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [TCP Query User{DFF78058-8AF5-447D-9241-DAAD9F1A1678}D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe] => (Allow) D:\games\epic games\unrealtournament\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{4223108D-1598-41A0-9C7D-C98C2C7E8CF0}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{D6FE4E3D-1689-4D1C-8769-66E136EB5BFD}D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{07F2908B-71B8-4032-8FCA-9B9F60CD886D}] => (Allow) OVRServer_x64.exe
FirewallRules: [{68A4192E-0BCE-4E38-B01C-7D04950BB40B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{0F30DC54-5C6A-4862-9E20-9CA261B83F8B}] => (Allow) D:\Games\Steam\SteamApps\common\TheSolusProject\Solus\Binaries\Win64\Solus-Win64-Shipping.exe
FirewallRules: [{4806CE95-7DBE-4F03-9E01-0E8C5E15CE1B}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{9B495424-3E3E-48C7-9734-B427D7AA5148}] => (Allow) D:\Games\Steam\SteamApps\common\SteamDolls_VR_Demo\steamdolls_vr_demo.exe
FirewallRules: [{56D51920-A5CD-4085-B0AE-E21ED31050B7}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{778CDE73-7D13-4DAC-A715-F9998C193F4C}] => (Allow) D:\Games\Steam\SteamApps\common\Lethe - Episode One\Binaries\Win32\UDK.exe
FirewallRules: [{16FBA39D-A8FB-4368-AE02-748CFDC4C0BB}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{8F1A9D38-4640-4CAE-B1B3-6B1659F740EE}] => (Allow) D:\Games\Steam\SteamApps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{DE830C2D-2792-4793-B8C3-03EE4268374A}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{69B2D7B0-0B35-4D67-870F-B80D5DA11976}] => (Allow) D:\Games\Steam\SteamApps\common\Nature Treks VR\Nature Treks VR.exe
FirewallRules: [{C02F1FD2-BE14-4B1D-820D-88F3FB6CADED}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{349FF32B-00CD-4466-BD48-49EC3ECF16E1}] => (Allow) D:\Games\Steam\SteamApps\common\Lockdown Stand Alone\lockdown.exe
FirewallRules: [{67B64759-2152-491A-B7FD-5F2D77A134C5}] => (Allow) OculusClient.exe
FirewallRules: [{B354CDB8-59FB-4AD5-B91B-1FE9E59160DA}] => (Allow) OculusClient.exe
FirewallRules: [{1E2E29D8-EDB5-4745-9273-0E2B44C2BA12}] => (Allow) OculusVR.exe
FirewallRules: [{B3B70576-2AA5-479D-BB33-ED66BF047058}] => (Allow) OculusVR.exe
FirewallRules: [{BD2E0371-BC51-40C5-8AC5-994147DFF03C}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{70CC2275-610A-4F6B-BD23-E5BFA14550B0}] => (Allow) DirectDisplayConfig.exe
FirewallRules: [{A3E91647-CBBA-4C2A-8966-4A9D1953C275}] => (Allow) OVRServer_x64.exe
FirewallRules: [{CFC50AAE-31A2-464D-B8EC-1440BC8AF75F}] => (Allow) OVRServer_x64.exe
FirewallRules: [{5DDA393E-C726-404A-B6BE-C81B852BE85E}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{AE7789AE-2746-4886-8A8C-0A9611145455}] => (Allow) OVRServiceLauncher.exe
FirewallRules: [{C0FA4152-1304-4909-9983-0E0B4DF8231E}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{F0B60581-18FA-4DA4-A857-7074717EFEB2}] => (Allow) D:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{36C15119-7D97-4269-8318-0A54BF0699CE}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{15EFFFD8-2995-4D7A-8A1D-D55F0FBD3F00}] => (Allow) D:\Games\Steam\SteamApps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [UDP Query User{1F46EB63-73BB-49B7-B16A-AAABA83463D3}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [TCP Query User{DF38C388-6EF5-40E2-ABB5-7A7806CB462F}D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\redout\redout\binaries\win64\redout-win64-shipping.exe
FirewallRules: [{2EC97B86-1219-49A0-A7A2-7391D7E3E416}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{4D349B1F-5DAA-4F16-B516-B91CF9D6E1C3}] => (Allow) D:\Games\Steam\SteamApps\common\Redout\redout.exe
FirewallRules: [{333A85DC-E692-4A7C-AC1E-923930542B8D}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{0A0E4521-8BE0-499A-A7CC-2D14A50E7945}] => (Allow) D:\Games\Steam\SteamApps\common\Day of the Tentacle Remastered\Dott.exe
FirewallRules: [{FDAD1FE0-97EC-4D00-97CF-48EB0C58EF09}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{40561B9E-A123-4908-B83A-3C88C57B5391}] => (Allow) D:\Games\Steam\SteamApps\common\Tormentum\Tormentum.exe
FirewallRules: [{CC04E9D0-241D-4D79-A268-A88497F20AD3}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [{2EECEE85-CFEE-4509-9F24-B1B03D3EE827}] => (Allow) D:\Games\Steam\SteamApps\common\Call of Duty - Infinite Warfare\iw7_ship.exe
FirewallRules: [UDP Query User{45EB9ED9-0CAA-453D-B4D9-06B7B2FEBB5C}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [TCP Query User{800CB73E-7CA2-463E-8EE9-3C87FF3734FA}D:\games\tdu2\uplauncher.exe] => (Allow) D:\games\tdu2\uplauncher.exe
FirewallRules: [UDP Query User{50A12DFF-801A-4AF4-9920-7E5B463506CD}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [TCP Query User{54606CA1-DA6B-4AF5-967A-E12F76C20ABC}D:\games\tdu2\testdrive2.exe] => (Allow) D:\games\tdu2\testdrive2.exe
FirewallRules: [{BF733EBD-02BE-4B5C-8C19-2FA8AF6ADEB7}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{B673414B-67A0-4DE7-8BA7-4910EA606C90}] => (Allow) D:\Games\Steam\SteamApps\common\The Lab\TheLab\win64\TheLab.exe
FirewallRules: [{9FC42CE6-3FA4-466E-B7B5-E497154C3240}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{53723693-0DAF-4DE7-9B73-9154E45330ED}] => (Allow) D:\Games\Origin\Games\STAR WARS Battlefront\starwarsbattlefront.exe
FirewallRules: [{DBD75664-BE69-4222-985F-4C52ACDD34DA}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{3FB2591D-93B5-4808-AD14-D34BBF3C9876}] => (Allow) D:\Games\Steam\SteamApps\common\ArizonaSunshine\ArizonaSunshine.exe
FirewallRules: [{291A965C-E12B-4661-B704-83E8743BB52C}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{9E376CE6-426A-4E7E-B116-65B088452225}] => (Allow) D:\Games\Steam\SteamApps\common\FastActionHero\Fast Action Hero.exe
FirewallRules: [{43037CC1-0C70-40A3-8BEA-6392BC9CA3CD}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [{3F8F8D1C-5E0A-4FE8-81D4-0E90A5304A85}] => (Allow) D:\Games\Steam\SteamApps\common\QuantumBreak\dx11\QuantumBreak.exe
FirewallRules: [UDP Query User{2933B71E-AD92-47FB-9833-2943E612033A}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{7C1C116D-BB06-4F08-9FF8-06F1BCAF6231}D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\ghost town mine ride\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{65A88DF4-D55D-4D10-B267-092E4E81595E}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{61AB9D3C-7E2C-498E-B4C0-403D0D38CE33}] => (Allow) D:\Games\Steam\SteamApps\common\Ghost Town Mine Ride\HauntedMineRide.exe
FirewallRules: [{1B64888E-6A42-422E-ADCA-E1AC56995ED7}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{7C71C520-0138-4A51-8DAF-2DC62ACAFFC2}] => (Allow) D:\Games\Steam\SteamApps\common\SVRVIVE\SVRVIVE The Deus Helix.exe
FirewallRules: [{53ED8D1A-8BED-457E-AE41-F08A40127E3C}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{BD6E9A75-9511-45A6-BB74-05CD434D17F6}] => (Allow) D:\Games\Steam\SteamApps\common\Planet Coaster\PlanetCoaster.exe
FirewallRules: [{DE5A1E59-8DB6-4619-AA85-79AC39691117}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{5695F430-0FE8-48C1-A594-CF8C4FD0704A}] => (Allow) D:\Games\Steam\SteamApps\common\EarthVR\Earth.exe
FirewallRules: [{B5DA8A5E-4D4F-4C20-95F3-6B65B41ACD8E}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8A4C7EA8-EA75-4249-8A13-A5DFD9404043}] => (Allow) D:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C96678AE-C5EB-4085-A06B-F142B7C9CF80}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [{0D6113C4-FD38-466D-BA47-3844AB491F38}] => (Allow) D:\Games\Steam\SteamApps\common\Quell 4D\Quell4D.exe
FirewallRules: [UDP Query User{16FB7109-76B1-49E7-AD78-62CAB08F652C}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [TCP Query User{F31A3F18-2596-450D-B0E2-3D2B785BEF25}D:\games\firestorm havok\slvoice.exe] => (Allow) D:\games\firestorm havok\slvoice.exe
FirewallRules: [{5005CEA3-87E3-4E58-9E27-AB3FD75FBC88}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{DE4E352D-3ADD-436E-BAA1-BE95D3987B52}] => (Allow) D:\Games\Steam\SteamApps\common\theBlu\theblu.exe
FirewallRules: [{2E4E90F2-95CF-425D-8541-030B3D462F85}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{477BC455-D26F-420D-B5FB-7C3F96B3A73D}] => (Allow) D:\Games\Steam\SteamApps\common\Shadow Warrior 2\ShadowWarrior2.exe
FirewallRules: [{06865A7F-2F3F-4008-AECF-96E39B11738D}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AA3DC80E-C831-4309-B0F4-A176BFF7030C}] => (Allow) D:\Games\Steam\SteamApps\common\Art of Fight\ArtOfFight.exe
FirewallRules: [{AFFA8C04-DCAA-48EC-AE74-2AD45EF733FF}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{2F642C70-E2AE-4442-8001-EA9124030D71}] => (Allow) D:\Games\Steam\SteamApps\common\Island 359\Island359.exe
FirewallRules: [{4E547210-56DD-436D-AFB6-26132F63F1C3}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [{5AEACF73-9594-4924-9B2E-0EAA5121E625}] => (Allow) D:\Games\Steam\SteamApps\common\NightCry\NightCry.exe
FirewallRules: [UDP Query User{44EAC687-8C54-4322-8240-F8FB63E03101}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{24758668-2959-4BC3-8E2C-3E9E455E6734}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{5D898310-DB54-49ED-830B-05F242D1F421}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0466309B-407F-4D69-91E6-86BEAFE9DBEB}] => (Allow) D:\Programme\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{8AEE8D01-CF01-47AE-AD5D-714D7BE7D820}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{342EA1E1-2E21-4A09-8C9D-95D4D0B61526}] => (Allow) D:\Games\Steam\SteamApps\common\White Night\Bin\Win32\WNight.exe
FirewallRules: [{0F13B3E5-0FC1-4D38-A9EC-6B8004EC0738}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{72B3B364-082E-4265-B78D-10FD766E99DB}] => (Allow) D:\Games\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{2ED621BB-621E-4F5B-9EEE-2445F798F417}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{38EAF7FD-1387-4B2F-B071-A3050E0E7B52}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{41BA33BD-41ED-4667-B5EC-850C760D7EC4}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{96FE98B7-8520-4C4B-889D-95A849A6406C}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{8F614056-23CF-4179-8110-CBF96615B056}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{92DEB061-DDBE-4317-9756-EED6E50B36C1}] => (Allow) D:\Games\Steam\SteamApps\common\Spirits of Xanadu\Spirits of Xanadu.exe
FirewallRules: [{41E6B432-E1F9-4489-B50C-C3CFA89580CB}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{43D853E6-AAA5-4C78-8271-3DE5C476A900}] => (Allow) D:\Games\Steam\SteamApps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{3D4D3D55-258A-4452-8354-59A0C9B95BE9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{CF90FD8C-9D02-4F83-87A8-86DE8BF0703E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{3B74ADF1-6A43-4401-AB32-EF15C1D49194}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{B3EC2834-8773-4B20-A2D9-841BF8179FDF}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{633BF3E0-7616-4F0C-BD34-D7AE38CF71C2}] => (Allow) D:\Programme\Winamp\winamp.exe
FirewallRules: [{F523341D-D024-479A-B1C6-09E174003418}] => (Allow) D:\Programme\MAGIX\Video deluxe 2016 Premium\Videodeluxe.exe
FirewallRules: [{94207D91-6307-48BA-886A-841FBC51410E}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{2F2FD238-9218-4E73-8DA4-6FA41E0506C3}] => (Allow) D:\Games\Steam\SteamApps\common\Layers of Fear\Layers Of Fear.exe
FirewallRules: [{F55B01C6-BA46-4D72-BA01-DC0F62B2D9DE}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [{4656B89B-E5B0-492F-AA56-97C9CB624605}] => (Allow) D:\Games\Steam\SteamApps\common\Penumbra Overture\redist\Penumbra.exe
FirewallRules: [UDP Query User{025F09C2-9AA1-4ADF-A604-9FA5A3FA0A64}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [TCP Query User{4AB9BA08-A5C6-4079-9E58-21E9E7D66539}C:\program files\vlc\vlc.exe] => (Allow) C:\program files\vlc\vlc.exe
FirewallRules: [{BFF87F05-85B8-4FAB-A7BC-80B7D7ACB251}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{41F30114-6E1E-4DC6-A988-5235C132E4D3}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [UDP Query User{09B31CFA-B2D4-4E9C-846A-9E6AE61A437F}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{59421173-7EB5-4508-9C9F-3ED146289E5B}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{32F1DDE8-CC4C-4320-A8A4-1C75F90D4BB4}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [TCP Query User{2B62BCA7-11D4-4AD8-B437-2DE1EAD40A50}D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe] => (Allow) D:\games\steam\steamapps\common\aliens colonial marines\binaries\win32\_acm.exe
FirewallRules: [UDP Query User{241742FE-2949-4E72-81E5-122D323D76F4}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [TCP Query User{009A6B4B-3F84-4965-99B0-AC627E9AB743}D:\programme\shoutcast\sc_serv.exe] => (Allow) D:\programme\shoutcast\sc_serv.exe
FirewallRules: [{410F8931-7BED-4D99-A248-881443D2BA43}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{FAB3AE78-C3C6-4DD4-A657-2D7D3A467C0F}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2013 Singleplayer\hl2.exe
FirewallRules: [{6F7A5C9A-2A1B-4FC7-94F6-93EDAECD75D4}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{17931943-1054-49E9-8E44-15C4ED0E76EC}] => (Allow) D:\Games\Steam\SteamApps\common\Strife\strife-ve.exe
FirewallRules: [{1627D254-2807-47E5-A965-8EF14D291E95}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{372C07F2-7E64-4845-BD0D-18F42729A021}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9EE86F79-EA28-48E7-BDF7-DA3CB5CB0EB2}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{0C0096FD-BC19-4204-9414-C50767846395}] => (Allow) D:\Games\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [UDP Query User{E8CCB980-186C-4786-9D43-AAF5F521C015}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [TCP Query User{7B0BBD21-DD89-4546-A8E6-92CF642CFF29}D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) D:\games\gog games\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{B4BEBBEE-A2AB-4C62-BA1A-3E947E8618D0}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [{F7A90859-ECB9-4126-9CF8-32AEF926581A}] => (Allow) D:\Games\Steam\SteamApps\common\Neverending Nightmares\nightmare.exe
FirewallRules: [UDP Query User{118013CC-E8F7-4503-92F8-BED165808AE7}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [TCP Query User{24A0B1AA-132B-4576-965E-6044AAE7FE03}D:\games\quake hd pack\darkplaces.exe] => (Allow) D:\games\quake hd pack\darkplaces.exe
FirewallRules: [{5561E420-4BC8-44A8-9F33-AA239310F2C3}] => (Allow) LPort=41780
FirewallRules: [{EF206F0E-4EAA-4E2E-97A8-722315EF974A}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{92763FF7-CD31-49A4-AD1D-3C59426CE645}] => (Allow) D:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{339CA568-B0BA-476E-8647-E398FD154305}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6AA3EA4-AE5F-4147-9477-C983C17F78B3}] => (Allow) C:\Users\Hoshi\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A09E3AB7-BA3F-49B3-A93D-F50DEF8265E6}] => (Allow) D:\Programme\Skype\Phone\Skype.exe
FirewallRules: [{F7C0F58A-218F-41E3-B1F3-5E65CC3A3F50}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{8602E317-6CEA-4200-89BA-4F8E48E3414E}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [TCP Query User{9606A9D6-6A6A-40C7-AE58-17B18A3111E1}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [UDP Query User{48C77771-399E-4E63-BA0F-5C9A89A5F366}D:\games\gog games\unreal gold\system\unreal.exe] => (Allow) D:\games\gog games\unreal gold\system\unreal.exe
FirewallRules: [TCP Query User{549B6F9D-C048-4E95-99A2-3A377AAA0748}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{672FCE63-7931-4363-B2E8-7C5890F947CB}D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) D:\games\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{444E3619-2165-4B6B-A277-9CC0BC7B53B0}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{48AAD65B-32EF-4142-931D-684DA033FE0D}] => (Allow) D:\Games\Steam\SteamApps\common\STASIS\Stasis.exe
FirewallRules: [{0302EA2C-2C88-4C68-8BC4-C486414C6275}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{655D0F0E-A538-45A5-83ED-0D949E232624}] => (Allow) D:\Games\Steam\SteamApps\common\Waltz of the Wizard\WaltzOfTheWizard.exe
FirewallRules: [{55CA69B3-FD1A-4886-909A-0C86C229B07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{595038C8-42B8-42A8-9DF8-1D679DCC7DBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8E36AEE6-C7C2-4509-B7D9-1BB0E1F03EB1}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{68BB8839-299B-4D34-A527-FF5F23ED4D04}] => (Allow) D:\Games\Steam\SteamApps\common\VanishingRealms\VanishingRealms.exe
FirewallRules: [{0273119C-7CAF-4396-A5AF-768B82E424E2}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{CACF1BA0-AB61-46E3-A4F6-E3FD55C94A29}] => (Allow) D:\Games\Steam\SteamApps\common\Job Simulator\JobSimulator.exe
FirewallRules: [{B63306D8-F01B-4802-A5E9-6F36E2474501}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{22654D19-A692-4892-84F9-A6C46B8C6DAD}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Virtual Desktop.exe
FirewallRules: [{60339C49-0A25-4CD0-83D0-DEE32E2FDB0B}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{E69CBCFB-4693-4382-AB15-14D323B3B0E1}] => (Allow) D:\Games\Steam\SteamApps\common\Virtual Desktop\Environment Editor.exe
FirewallRules: [{9193D3C6-6FBF-441D-BB2F-0C08BEB4E77C}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [{9DF8030F-3EF7-4A6C-918E-3D3DA0F83D6B}] => (Allow) D:\Games\Steam\SteamApps\common\AChairinaRoom\AChairInARoom_Greenwater.exe
FirewallRules: [TCP Query User{367DB655-BB17-4BC1-AE31-F20ED49E3A88}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [UDP Query User{44C3E241-DED9-4E29-9063-06F33DD095ED}D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe] => (Allow) D:\games\steam\steamapps\common\the lab\robotrepair\bin\win64\vr.exe
FirewallRules: [TCP Query User{D16373C4-962B-46AE-87F9-922D3DA20533}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [UDP Query User{FBF4100B-242E-4171-930C-AF872ABC032A}D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe] => (Allow) D:\games\ctrlaltstudio-viewer-alpha\slvoice.exe
FirewallRules: [TCP Query User{4D2FE12B-90B6-4D54-A289-A724E7B95289}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [UDP Query User{D3B9D8DA-2FFC-48E4-82B4-FB2E4BBDCA12}D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\vrporize\64\windowsnoeditor\vrporize_beta\binaries\win64\vrporize_beta-win64-shipping.exe
FirewallRules: [{ED38B62B-7340-44D8-ACD2-C203EDDA1151}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [{A5F656B5-3F31-4FFC-BCC4-95FAB832FD48}] => (Allow) D:\Games\Steam\SteamApps\common\PoolNationVR\PoolNationVR.exe
FirewallRules: [TCP Query User{927C9C71-D614-4C26-B61A-A882E3817A70}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [UDP Query User{227C1F1C-3189-442E-84DC-6CC2E2E3E94B}D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\poolnationvr\poolnationvr\binaries\win64\vrpooldemo-win64-shipping.exe
FirewallRules: [TCP Query User{9D6AA729-9DA7-4763-89DE-52AF6DFC31EF}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{4D15A1ED-0497-41FE-9D0E-FAD00BF9D30E}E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) E:\titanic honor and glory demo 2\titanic - honor and glory demo 2\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [{AB34BC04-FF41-4337-9BD5-48D5A1B017E4}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{A54CB64D-E750-414A-A14B-A1C2AA0CC560}] => (Allow) D:\Games\Steam\SteamApps\common\Brookhaven\BrookhavenGame.exe
FirewallRules: [{1771F40C-6EE8-4EA8-BFB0-F8C879A7DA49}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [{425D082B-2A4C-4FC6-8E3C-B11A884517AF}] => (Allow) D:\Games\Steam\SteamApps\common\VRporize\64\WindowsNoEditor\VRporize_beta.exe
FirewallRules: [TCP Query User{43996D90-1975-4368-BED9-232501810761}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C8F2DE0C-F2D8-4BFB-B7FA-5725E9CA96E2}C:\users\hoshi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\hoshi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C2B64B6A-1A45-4904-B911-8F4163D80E33}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{628C846B-37A4-43FA-8300-C2ABD8505CE3}] => (Allow) D:\Games\Steam\SteamApps\common\Pierhead Arcade\Arcade.exe
FirewallRules: [{2B306573-B82C-45B6-B744-9BFF24454263}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{02897BD8-93C8-4E39-9236-8581E64CA400}] => (Allow) D:\Games\Steam\SteamApps\common\Overload\Overload.exe
FirewallRules: [{4243E46D-D91C-4899-B34D-2D0D9664912D}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{FAE9A318-685E-4CB8-A119-FC59DD4334CF}] => (Allow) D:\Games\Steam\SteamApps\common\RickAndMortyVR\RickAndMortyVR.exe
FirewallRules: [{DBC819B9-E417-416A-BA9A-674662BF83AB}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{F20DCC84-A9D8-40AA-AFE7-B206053EDF38}] => (Allow) D:\Games\Steam\SteamApps\common\Marvel's Guardians of the Galaxy The Telltale Series\Guardians.exe
FirewallRules: [{6633A870-73F0-4F52-919E-D7A72822C841}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{69BC39B0-41F0-419B-BB20-14A374665975}] => (Allow) D:\Games\Steam\SteamApps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{82729D87-7959-4CA7-AA2F-9E5286114411}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [{C9C8859F-6322-41D1-AD05-B11D9DF4B04E}] => (Allow) D:\Games\Steam\SteamApps\common\Outlast 2\Binaries\Win64\Outlast2.exe
FirewallRules: [TCP Query User{1AA0FBF9-4330-4FF4-85DF-789C47018191}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{473BDA27-3954-4B5C-8221-8377E36B9CD2}B:\cloud imperium games\patcher\cigpatcher.exe] => (Allow) B:\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{B6368D2F-877F-4CE7-86EA-42CD059F4519}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{5EE59C3F-2D0D-4CED-840B-2BA998195FCA}B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) B:\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [{C586A06C-0DA9-4744-80FD-2C40DC65522C}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [{E575F97D-B64E-4E35-B30C-038822ECDED3}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\bin\win32\vrstartup.exe
FirewallRules: [TCP Query User{69BFF41F-D1C1-4691-9FE1-B6DAE78B9AFD}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [UDP Query User{AD1889AD-5410-4C90-BFB2-372B345CE1D2}D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\island 359\island359\binaries\win64\island359_copy-win64-shipping.exe
FirewallRules: [{8A3B0A28-A44F-4C11-8E0D-3B16592AB8B4}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{945066F8-25B0-4FB2-8A01-FB556A39BF1C}] => (Allow) B:\Steam\steamapps\common\Battlezone\Launcher\battlezone.exe
FirewallRules: [{5E4A151B-2E94-4040-B1BB-8202B658D7E5}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{E73C3B66-59DC-4ADE-B5B1-0CCB9E5F15F1}] => (Allow) D:\Games\Steam\SteamApps\common\Axiom Verge\AxiomVerge.exe
FirewallRules: [{C9C602B9-4B3D-4FA5-9D6F-61E42E613097}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{FB9ECD72-CABE-4824-9AAB-E4A6F0E35D84}] => (Allow) B:\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{EEB40E47-F1C4-4656-9C5C-2FEB1392B4DF}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [{9FCEF941-FA77-4150-BE2B-839A321CA27C}] => (Allow) B:\Steam\steamapps\common\Soundscape\Soundscape.exe
FirewallRules: [TCP Query User{62808090-BA71-4AE1-B049-85362774AAF2}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [UDP Query User{A2D3775C-19DD-4124-819B-5F534032CFA0}D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) D:\games\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe
FirewallRules: [{7F75C914-E50D-40B1-BB92-746FC9CCEDD2}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{D59DAF58-5343-49CB-A91C-6C96689546F1}] => (Allow) B:\Steam\steamapps\common\Aeon\Aeon.exe
FirewallRules: [{62528508-75BE-47CA-9277-836908DF1719}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{3D3D0C0E-CC29-4785-BD54-CAF08252381C}] => (Allow) B:\Steam\steamapps\common\SUPERHOT VR\SUPERHOTVR.exe
FirewallRules: [{8DC2D8B5-DB4B-40D1-97AE-6D4D2CDA677E}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{EA82A72A-0783-4376-86DE-66D463A97A0C}] => (Allow) D:\Games\Steam\SteamApps\common\EVERSPACE\RSG\Binaries\Win64\RSG-Win64-Shipping.exe
FirewallRules: [{35D7E367-0ED3-4F47-8441-3A6A3F3561DC}] => (Allow) D:\Programme\Sony\PS4 Remote Play\RemotePlay.exe
FirewallRules: [{6E0600B2-815E-48A0-B4AD-A5EAB1543BDB}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{7AC56B85-1415-4007-8E96-1361E1FABDE3}] => (Allow) B:\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{D95A68C3-537C-40C1-A744-442B4D5879B8}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{EF2BBEFC-1876-4BFA-B930-628D8649EA01}] => (Allow) D:\Games\Steam\SteamApps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe
FirewallRules: [{5C208156-3201-4BFD-9561-FF74F18CE96D}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [{651B32F7-67BE-427E-AED8-2E8B3D3929B7}] => (Allow) B:\Steam\steamapps\common\Karnage Chronicles\KarnageVR.exe
FirewallRules: [TCP Query User{F680A4FB-8640-40DB-AED3-5FF14EB3BE73}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [UDP Query User{9D8568A2-6021-4089-A7E5-B899BE3AA6A2}B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\karnage chronicles\karnagevr\binaries\win64\karnagevr-win64-shipping.exe
FirewallRules: [TCP Query User{5297F42D-5675-4819-B80D-1F8FE92D8792}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [UDP Query User{52D31D87-A22B-4B4E-AFFB-41D5FE61C3E7}D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\brookhaven\brookhavengame\binaries\win64\brookhavengame-win64-shipping.exe
FirewallRules: [TCP Query User{84A070A8-9FCE-4BA1-907C-311A264759F3}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [UDP Query User{B261384C-83D2-4BBA-B1CB-1A09E9C005B8}B:\games\starcraft ii\versions\base53644\sc2_x64.exe] => (Allow) B:\games\starcraft ii\versions\base53644\sc2_x64.exe
FirewallRules: [{149DCA28-7E08-4F6B-9642-4643C987479B}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{BF0B939D-91E1-4C1A-9C14-D46A9ADB71A3}] => (Allow) B:\Steam\steamapps\common\Dead Effect 2 VR\DeadEffect2.exe
FirewallRules: [{70A71F66-CF4A-4F7D-9E11-A0B39DB3DFBD}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [{B87CA62F-C948-4990-81A5-3C8273F90ECF}] => (Allow) B:\Steam\steamapps\common\johnwick\WindowsNoEditor\wick.exe
FirewallRules: [TCP Query User{733AD380-6942-42B0-96A4-4C928D10A842}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [UDP Query User{4FC4F02E-DA30-4A2F-ADC6-2421F3C86C51}B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\johnwick\windowsnoeditor\wick\binaries\win64\wick-win64-shipping.exe
FirewallRules: [{F173D9E2-CFC5-456C-B772-38970156E8B5}] => (Allow) D:\Programme\MAGIX\Video deluxe Premium\2017\Videodeluxe.exe
FirewallRules: [{58565BAD-4103-4768-A22D-6A83399860EE}] => (Allow) D:\Programme\MAGIX\Music Maker\25\MusicMaker.exe
FirewallRules: [{B0F4AF05-3445-4E86-84ED-F9668F3EA52B}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{B6D46762-9437-4F7E-804C-595364ADB56E}] => (Allow) D:\Games\Steam\SteamApps\common\Cloudlands\Cloudlands.exe
FirewallRules: [{DD9EDFC0-4384-42B2-99D5-8C17E4DDD7AC}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{A0600D8F-500A-4A44-89C6-282349CAE307}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1\TheGallery_EP1.exe
FirewallRules: [{536D9FE2-FE06-430D-8696-DC1327D02F34}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{5A496D68-2EF3-43AD-98E3-578B7BA30874}] => (Allow) D:\Games\Steam\SteamApps\common\The Gallery Call of the Starseed\TheGallery_EP1_OVR\TheGallery_EP1.exe
FirewallRules: [{B13220B0-F27B-4818-A76B-284143317672}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [{3543073A-B8AB-453D-A4D3-190625845506}] => (Allow) D:\Games\Origin\STAR WARS Battlefront II Closed Alpha\starwarsbattlefrontii.exe
FirewallRules: [TCP Query User{946362F4-2735-432C-A060-BD80CF30C175}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{36F60D16-C06C-4788-8120-C002ADB1A518}B:\games\overwatch\overwatch.exe] => (Allow) B:\games\overwatch\overwatch.exe
FirewallRules: [{50693B02-4980-454A-A2CD-C8AB00019487}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{D76891D4-8F80-44F1-A92E-A0FE7048C49A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\vive.exe
FirewallRules: [{05C68A71-80C1-403E-9342-74CDFA2EB76A}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{0BCB9B89-43C3-4687-A311-87DCF4725AC3}] => (Allow) D:\Games\Steam\SteamApps\common\Cmoar VR Cinema\oculus.exe
FirewallRules: [{D61C37A6-ACC2-4494-96D8-897F554884E1}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{AC54F4D6-CCD8-4350-81A7-4122051063DB}] => (Allow) D:\Games\Steam\SteamApps\common\Nock Hidden Arrow\Nock.exe
FirewallRules: [{724031A4-8631-4BA6-9B14-5C43D6C27B7A}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [{4F12E286-9A42-491E-BD48-5BE45805DF6F}] => (Allow) D:\Games\Steam\SteamApps\common\GORN\GORN.exe
FirewallRules: [TCP Query User{63EBF6ED-4320-4FD6-8349-76A314057E9B}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [UDP Query User{89DFC2DE-0D85-469A-8D40-ECEB29072155}D:\games\sansar\client\sansarclient.exe] => (Allow) D:\games\sansar\client\sansarclient.exe
FirewallRules: [{F6CFAD45-14D9-4F70-AE82-84915128CE6D}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{EB40392A-35B2-4B49-86CF-EB7327563DF7}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData.exe
FirewallRules: [{B5D68DF0-AF23-431D-B345-C5278F6310D2}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{D12E3BDC-FA1F-4993-B187-17D842A92D49}] => (Allow) B:\Steam\steamapps\common\Raw Data\RawData\Binaries\Win64\RawData-Win64-Shipping.exe
FirewallRules: [{EF42FFA6-F63B-4B18-B056-65AED7E3C817}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{949C85A8-693A-4505-9C65-2483077C2F59}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_Launcher.exe
FirewallRules: [{118F724E-B0C9-484C-AA54-724951D58103}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{639D79C9-CEE6-4D37-9D37-41C7742D6476}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP_DX11.exe
FirewallRules: [{113DDC4D-4A14-41D5-B79D-9286B9A6DE47}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{2EE7EFEE-59FF-4C8D-9838-2B2B9E00270C}] => (Allow) D:\Games\Steam\SteamApps\common\Aliens vs Predator\AvP.exe
FirewallRules: [{5EF4F8B9-60AD-42E1-AB4A-2035E242CEE5}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{C8894B04-9B96-490B-B2F2-A8DA33112482}] => (Allow) D:\Games\Steam\SteamApps\common\Conarium\Conarium.exe
FirewallRules: [{BC6E0C8F-343B-4209-8906-8701893745CD}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [{E9AC4963-ED0F-429D-A657-A4247022DEF2}] => (Allow) D:\Games\Steam\SteamApps\common\Rise of the Tomb Raider\ROTTR.exe
FirewallRules: [TCP Query User{5A22F760-CBCC-4E82-ACA1-F3E13E75C79E}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{97E90E47-6DFE-4D02-B6F7-2D529C9DCF92}B:\games\max payne 3\maxpayne3.exe] => (Allow) B:\games\max payne 3\maxpayne3.exe
FirewallRules: [{6478ACBE-A9BD-4004-99AE-5BC6F47E9A6E}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{78CF89E7-5691-4AD3-ACD0-EA5EF3E3ADB0}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Singleplayer\Binaries\Win32\ShippingPC-AFEARGame.exe
FirewallRules: [{F994B6B6-3EF4-4BBE-AB52-770328BFBED1}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{FC8B8C65-D63E-454C-B8CA-8E5FEC275AC6}] => (Allow) D:\Games\Steam\SteamApps\common\AlienRage\Multiplayer\Binaries\Win32\ARageMP.exe
FirewallRules: [{DA2A7636-FE20-4A55-8405-38F2A9800092}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{EA799577-B0B7-424D-81CE-CDFA03C9E253}] => (Allow) D:\Games\Steam\SteamApps\common\Rising Storm 2\Binaries\Win64\RisingStorm2.exe
FirewallRules: [{2714EDEE-7A10-426D-9FD0-30151409B09B}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{1FEFAA6C-A74C-481F-8428-D872D4DF5A5A}] => (Allow) D:\Games\Steam\SteamApps\common\Serious Sam VR The First Encounter\Bin\x64\SamTFE_VR.exe
FirewallRules: [{943C1A90-26A3-46C8-B75A-6AB5FE4D9C63}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [{07764B6D-4A71-4707-862F-E2FCE2E941CD}] => (Allow) D:\Games\Steam\SteamApps\common\Space Hulk Deathwing\SpaceHulkGame.exe
FirewallRules: [TCP Query User{7E4F6977-CF90-458B-92F3-F84E646B614E}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [UDP Query User{BAD65C73-1242-446C-A7F2-425E8F1CA7C2}D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\space hulk deathwing\spacehulkgame\binaries\win64\spacehulkgame-win64-shipping.exe
FirewallRules: [{789904E8-F71E-46A3-9B7B-76616E723997}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [{060AE121-401D-4ACC-8F5A-B5C264428BDC}] => (Allow) D:\Games\Steam\SteamApps\common\TheWaveVR\TheWaveVR.exe
FirewallRules: [TCP Query User{A10DC358-53EF-4B81-A409-6BE1CDA4CC1B}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [UDP Query User{4DA529DA-158D-45FE-9090-FE15CC0B46D7}D:\games\soldier of fortune\sof.exe] => (Allow) D:\games\soldier of fortune\sof.exe
FirewallRules: [TCP Query User{EB037A9C-4274-40DA-B348-5751821FEE09}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{64F17405-13C2-4CA1-BE0F-B4B4EBA822B8}D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) D:\games\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{039CE7D6-8615-4867-9B7D-5D77171CF046}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D5172F7E-49E6-4DDF-9DA9-AF66C81B5A55}] => (Allow) D:\Games\Steam\SteamApps\common\LethalVR\LethalVR.exe
FirewallRules: [{D2F00B33-3AA8-42D5-9B14-C767CFF32944}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [{AB5457CE-D7FE-4B34-B463-B155F14F96BD}] => (Allow) D:\Games\Steam\SteamApps\common\Dangerous Golf\Orlando.exe
FirewallRules: [TCP Query User{B77F38D4-CF61-44FA-BA53-BA1EFB7D5A95}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [UDP Query User{DE476809-6F31-461C-89B2-CFE16D7151EF}D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\dangerous golf\orlando\binaries\win64\orlando-win64-shipping.exe
FirewallRules: [TCP Query User{70925235-EB3E-41A8-AAEA-F7560E1D8AE9}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [UDP Query User{BB5A0FCE-F704-4643-91FA-E3AEF49E2C0C}D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\lethalvr\lethalvr\binaries\win64\lethalvr-win64-shipping.exe
FirewallRules: [{E3DCA5F5-CFB9-49E6-A6D2-1E04C6C5BE44}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{8AC401C8-0D9E-486D-AD97-16F5B10C104D}] => (Allow) D:\Games\Steam\SteamApps\common\The Unwelcomed\TheUnwelcomed_v1.27.exe
FirewallRules: [{1C79891E-9065-4FC7-BFEB-6D285BEED6DD}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{085103B3-52BB-4322-9116-5F92D990C16D}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(SteamVR)\UltimateBooster.exe
FirewallRules: [{28C28A74-2BF9-4BBA-8801-DBE9B3113DD3}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{9BE9FEF8-B749-421F-AC97-368EC7D7282E}] => (Allow) D:\Games\Steam\SteamApps\common\Ultimate Booster Experience\UltimateBooster(Oculus)\UltimateBooster.exe
FirewallRules: [{5707A4E9-4AB0-4ADC-95A6-8891A2D6147B}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{F4D66E58-5638-4F67-8A31-62AEA5572057}] => (Allow) B:\Steam\steamapps\common\Hellblade\HellbladeGame.exe
FirewallRules: [TCP Query User{8324771A-96C6-4F9B-90DA-195A875C5631}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [UDP Query User{F03EA227-673C-4D1D-A045-93429F4F96CB}B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe] => (Allow) B:\steam\steamapps\common\hellblade\hellbladegame\binaries\win64\hellbladegame-win64-shipping.exe
FirewallRules: [{F98C6DC3-DAF4-4D89-9EC0-32A20474D749}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{DEFC3B7B-4E63-430B-9F73-CED9B3360B00}] => (Allow) B:\Steam\steamapps\common\Rez Infinite\Rez-infinite.exe
FirewallRules: [{B04F755E-73A7-4B19-A716-0B4936931199}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{971CC691-F9C0-4BE8-BDED-8815C6A6245D}] => (Allow) B:\Steam\steamapps\common\Agents of Mayhem\aom\AOM_Release_Final.exe
FirewallRules: [{80DE5553-410B-43C9-8FEF-E43891C78DAF}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{D5BDF78C-85D8-4E56-926C-CC2D7364646A}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{63DFEBFC-390C-40DE-933A-9F2DADAD8AFD}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{57D0E3A8-0AB2-48D7-AB64-E3FC8289ABF8}] => (Allow) B:\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{03B14AAC-85A3-4E1E-AAE6-D67BB763AB8A}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{5534C200-0E52-4CCC-BA98-DF0D25966303}] => (Allow) D:\Games\Steam\SteamApps\common\Full Throttle Remastered\Throttle.exe
FirewallRules: [{319E1CFA-96F9-4765-B13D-2832EBC9F79E}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [{090C80C9-EF2A-4BCC-B274-DA738B85FF47}] => (Allow) D:\Games\Steam\SteamApps\common\Observer\TheObserver.exe
FirewallRules: [TCP Query User{D0852806-9B67-4849-B393-5BCFD73B4217}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [UDP Query User{732894AA-62DA-493F-BA78-A65544A6C539}D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\observer\theobserver\binaries\win64\theobserver-win64-shipping.exe
FirewallRules: [{214564AF-BBA3-4E81-B17D-1F06B5D3AFD0}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{0B95A94E-567C-43B4-B71B-3B85B8188330}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{B33FB518-0761-4C24-8867-F0B7B14F323F}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{B76F326A-FE12-49DD-99D3-B8B83F95A4A2}] => (Allow) D:\Games\Steam\SteamApps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{CF53888A-5C8C-44A9-96E7-8D2A2C391893}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{E602716D-68E2-4725-97C8-C0555B0FF6BE}] => (Allow) D:\Games\Steam\SteamApps\common\Secret World Legends\ClientPatcher.exe
FirewallRules: [{835F90F4-C74A-48E4-BD7B-7B7F3EB26BB1}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DE0ABF26-0839-44EA-9D69-ACA0A016BDA7}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{B8FEEE15-4AA9-48C5-BA8F-0D61F0142CC5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{BCD32AD3-5CF5-4EAA-B4BB-6B822714DD3E}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{2DE48180-C6D5-4C8B-B588-4E81E239B1A5}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{139CD6E0-7156-45DD-80E7-9F30BCC3DAEC}] => (Allow) D:\Games\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{4896923D-EA5C-492C-84A1-6FBE349C275C}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{6EBE3F0D-A166-408B-8DFC-80271D263B06}] => (Allow) D:\Games\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{AA95A789-ABF7-49FA-BC2C-E8105DCD445E}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{DBFA4C21-FBA5-440E-A8AF-C5E9777BABAE}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{56526727-9FF2-4767-8A86-67202932C05A}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F8C628C4-D6B5-414D-889E-EE364CFBC7D7}] => (Allow) D:\Games\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{B2F7A213-0B26-408B-9612-A5BE7520ED6E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{3AE1DE3A-8510-4A06-AA23-71A1A52679DB}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [UDP Query User{313E92A5-5595-4288-A364-63B4C3B819E5}B:\games\destiny 2\destiny2.exe] => (Allow) B:\games\destiny 2\destiny2.exe
FirewallRules: [{34DD1EF5-DC69-4975-B0F4-78E0875E130B}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{67B2ECF1-9635-4060-80A8-E1D5452EA396}] => (Allow) D:\Games\Steam\SteamApps\common\Sonic Mania\SonicMania.exe
FirewallRules: [{7A7CD880-69B3-4C3E-9647-5C3623C65E61}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{12B14AFB-878D-4FDA-A577-802F39490F85}] => (Allow) D:\Games\Steam\SteamApps\common\Comedy Night\Comedy Night.exe
FirewallRules: [{47916F8C-0CAE-45DA-A7B4-985DA7C8F929}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [{9458BBAC-9252-4758-829F-79275BB8B2F9}] => (Allow) D:\Games\Steam\SteamApps\common\Windlands\Windlands_Win_x64.exe
FirewallRules: [TCP Query User{BDFDC57C-8BC9-4E79-B023-615557F08A78}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [UDP Query User{3F3D8A05-33CD-47CF-84C2-F977A40F537D}D:\games\dune 2000\dune 2000\dune2000.exe] => (Allow) D:\games\dune 2000\dune 2000\dune2000.exe
FirewallRules: [{00EC267C-F337-4CA1-AC15-822CA9CCB469}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [{E86DD9EE-B256-4BBB-BE9C-C368494796F7}] => (Allow) D:\Games\Steam\SteamApps\common\PAVR Pre Alpha Demo\PA_UE4.exe
FirewallRules: [TCP Query User{CDF47A81-5308-4252-9667-38D9AB0D8061}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [UDP Query User{6F3E0A19-AC02-489E-89E6-5BF15BCCDDC2}D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe] => (Allow) D:\games\steam\steamapps\common\projectm dream\e1\binaries\win64\e1-win64-shipping.exe
FirewallRules: [{78F1101F-9872-4F30-919B-44FEF97AFA23}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{4A2A88E2-91E7-4949-88FC-A05F0BDAF2F7}] => (Allow) D:\Games\Steam\SteamApps\common\Mindshow\Mindshow.exe
FirewallRules: [{DA1AB053-B838-4905-9B9F-CAF4FFD52AB5}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{23A99FAD-E518-4010-83FE-710A6E211B96}] => (Allow) D:\Games\Steam\SteamApps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{24359B6A-EE2C-4D5C-ABA5-6BF6CAC91504}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2AA6C628-7FB9-4F30-BB92-BDCF89F2181A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0B270495-D3DF-42B2-B552-52B9EE687746}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB7EE3A6-58A2-4ED9-90AD-3136049D6ED4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C89A8AB6-BCD9-4DC5-885F-DB0E8A508471}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{C3C6DF70-4CA9-430C-A8FF-FEEC9584346C}] => (Allow) B:\Games\Battlefield 3\bf3.exe
FirewallRules: [{61C7FA33-4FA8-496A-804E-6F769606FD0A}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{14F4F47C-8305-4C7A-B552-AA5062DF3F14}] => (Allow) B:\Steam\steamapps\common\NoLimits 2\64bit\nolimits2stm.exe
FirewallRules: [{81A6E9C9-CCA8-48DC-A19C-4425F738518E}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{794C269B-691B-4E72-847D-6BEAA1613019}] => (Allow) D:\Games\Steam\SteamApps\common\RecRoom\Recroom_Release.exe
FirewallRules: [{2D1CC264-2E8C-4447-BF39-A770356FF620}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{6286C5FE-F448-4712-9198-65EA02C81ADC}] => (Allow) D:\Games\Steam\SteamApps\common\Vertigo\Vertigo.exe
FirewallRules: [{D2C7216F-2F71-4D31-BBFA-CB24B6010AD4}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{025100DE-0293-4589-A81C-417A0604AB7F}] => (Allow) B:\Steam\steamapps\common\DuckSeason\DuckSeason\DuckSeason.exe
FirewallRules: [{E3A69345-E1C6-435C-962C-6C54065DD035}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{9FE21E23-0DDA-4020-952F-D1EE6C97D97B}] => (Allow) D:\Games\Steam\SteamApps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{5014089B-AA20-40A0-BF72-A740F366A674}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{142D2C28-298C-4B34-B67F-4CCA94E45CE1}] => (Allow) D:\Games\Steam\SteamApps\common\Hellblade\HellbladeGame.exe
FirewallRules: [{7813EC58-1DAF-4FFE-976A-80172154651E}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{CF67956E-6D20-4DE6-9ACB-2A3B6DC3AB41}] => (Allow) B:\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{699458AF-2F8D-48F1-8B2B-BA8454D8236C}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{ABFA37DD-029F-4272-A197-06762C110EB8}B:\steam\steamapps\common\doom\doomx64vk.exe] => (Allow) B:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [TCP Query User{089F274A-3139-40E8-8F03-1BE0BB9EAE7D}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [UDP Query User{2113B080-14B0-4BAE-9C02-A410FE21B061}D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe] => (Allow) D:\games\bethesda.net launcher\games\quakechampions\client\bin\pc\quakechampions.exe
FirewallRules: [{C0292D33-04A7-4511-A144-216679F9FFD4}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{D922841A-A90B-4235-89DF-426FB99D355F}] => (Allow) D:\Games\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [TCP Query User{0800D4EE-74FF-4BFD-8430-5E5ED922607B}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [UDP Query User{CEACACE7-4640-4865-B504-F16A3ED17000}D:\games\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steam\steamapps\common\assettocorsa\acs.exe
FirewallRules: [{9CDAE3DE-33F2-4E84-A6EA-809402CA701B}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{0B4B05AB-250A-412E-9969-0586E560F06E}] => (Allow) D:\Games\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{BC8A2FB2-90B9-47DB-A552-489AE165B13D}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{C3E2BBA9-A4B6-4FC8-9A79-8864D9775545}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{DA2A4F4D-F1E8-462A-B8EA-380E5D196DD2}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{02761161-C56D-453C-85F6-7D6D33393B5D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{D743BB1E-5935-428E-8603-2AFEE37DC980}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{25B1F3B6-3DE9-4F4E-8155-5B40B04FF2DC}] => (Allow) B:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe
FirewallRules: [{FD16AFE9-6DF5-46F2-8870-A99E4CBD85CD}] => (Allow) B:\Steam\steamapps\common\Bullets And More VR\BAM_VR.exe
FirewallRules: [{4C6250CC-10C1-41BF-A1E0-5BDDC0A4A700}] => (Allow) B:\Steam\steamapps\common\Bullets And More VR\BAM_VR.exe
FirewallRules: [{04E0654B-70ED-4D12-B684-4CB7D4993E59}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{1A91F9EF-32FC-4EC3-B532-86A5C8F47DD3}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2.exe
FirewallRules: [{1CD6EC4E-DB42-4E1F-A280-85FAB2B4E910}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{72AD212C-DF93-4D29-9A14-4523C338C1C9}] => (Allow) D:\Games\Origin\Titanfall2\Titanfall2_trial.exe
FirewallRules: [{22DAA0F4-3266-4288-B433-C6A32096969D}] => (Allow) B:\Games\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{4C19C07C-0741-4575-BF05-AF2DCD6A8084}] => (Allow) B:\Games\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{CDB51593-B67F-452D-9637-4F62DCDECFC8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8E2234C0-B8AA-465F-890B-2D5670468E68}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Wiederherstellungspunkte =========================

22-09-2017 06:16:02 Windows Update
22-09-2017 06:16:08 Windows Update
22-09-2017 06:33:10 Malwarebytes Anti-Rootkit Restore Point
22-09-2017 19:04:10 Malwarebytes Anti-Rootkit Restore Point

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/23/2017 04:52:46 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 04:52:45 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 04:47:30 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 04:47:29 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 08:38:47 AM) (Source: MsiInstaller) (EventID: 10021) (User: Hoshi-PC)
Description: Product: Call of Duty(R) - World at War(TM) -- Das Gerät ist nicht bereit.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/23/2017 08:37:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 12.0.0.58851 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ac8

Startzeit: 01d33435bb115919

Beendigungszeit: 4294967295

Anwendungspfad: F:\setup.exe

Berichts-ID: 8c909ca4-6e6c-46bd-af00-f114328ee9e1

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/23/2017 08:33:53 AM) (Source: MsiInstaller) (EventID: 11704) (User: Hoshi-PC)
Description: Product: Call of Duty(R) - World at War(TM) -- Error 1704.An installation for Node.js is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (09/23/2017 07:16:35 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 07:16:34 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/23/2017 07:01:05 AM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0


Systemfehler:
=============
Error: (09/23/2017 04:52:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Firebird Server - DefaultInstance" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Oculus VR Runtime Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WSWNA1100" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Virtual Desktop Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Qualcomm Atheros Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Telemetry Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/23/2017 04:52:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-09-23 16:52:50.045
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:52:50.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:50:29.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:50:29.094
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:50:28.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:50:28.834
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:47:32.489
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:47:32.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:34:34.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-23 16:34:34.429
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
Prozentuale Nutzung des RAM: 15%
Installierter physikalischer RAM: 16314.71 MB
Verfügbarer physikalischer RAM: 13771.2 MB
Summe virtueller Speicher: 32698.71 MB
Verfügbarer virtueller Speicher: 30022.12 MB

==================== Laufwerke ================================

Drive b: (Lokaler Datenträger) (Fixed) (Total:465.76 GB) (Free:118.9 GB) NTFS
Drive c: () (Fixed) (Total:223.03 GB) (Free:107.29 GB) NTFS
Drive d: () (Fixed) (Total:1464.84 GB) (Free:214.67 GB) NTFS
Drive e: () (Fixed) (Total:398.17 GB) (Free:71.49 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 7D0DF0DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D0DF0CB)
Partition 1: (Not Active) - (Size=1464.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=398.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 873A098D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Antwort

Themen zu Windows 10 64bit : Verdacht auf Maleware
administrator, browser, defender, explorer, firefox, google, helper, homepage, installation, maleware, mozilla, mp3, netgear, neustart, nvidia, prozesse, realtek, rundll, services.exe, software, starten, super, svchost.exe, system, windows, öffnet



Ähnliche Themen: Windows 10 64bit : Verdacht auf Maleware


  1. Trojaner Verdacht, Win10 64bit
    Log-Analyse und Auswertung - 07.10.2017 (37)
  2. Rootkit verdacht unter win7 64bit ultimate
    Log-Analyse und Auswertung - 30.11.2015 (35)
  3. Verdacht auf sehr schadende Maleware.. was tun..?
    Log-Analyse und Auswertung - 29.06.2015 (1)
  4. Windows PC mit viel Maleware
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (13)
  5. Verdacht auf Maleware - Internet funktioniert auf Desktop-PC nicht mehr.
    Log-Analyse und Auswertung - 22.09.2014 (3)
  6. Fenster Optionen nicht anklickbar Verdacht auf Maleware
    Log-Analyse und Auswertung - 05.08.2014 (9)
  7. Yahoo Account versendet Spam. Trojaner-Verdacht. Windows 7 64bit
    Log-Analyse und Auswertung - 24.06.2014 (15)
  8. Windows 7 64Bit+ Avast, Win32:Maleware.gen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (22)
  9. Verdacht auf Torpig: Mit MBAM massenweise Maleware u.ä. gefunden nach "Sinkhole-Warnung" des Providers
    Plagegeister aller Art und deren Bekämpfung - 01.12.2013 (9)
  10. Spyhunter 4, Maleware oder Maleware Security Suite?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (5)
  11. Laptop Windows 7 Professional (SP1) 64bit Verdacht auf "eyestye"
    Log-Analyse und Auswertung - 20.11.2012 (11)
  12. Pc verhält sich komisch. Viren/Maleware/Trojaner verdacht
    Log-Analyse und Auswertung - 19.09.2011 (9)
  13. Verdacht auf Rootkit-Verseuchung Windows 7 64bit
    Log-Analyse und Auswertung - 22.08.2011 (4)
  14. Maleware Verdacht: Recovery-Aufforderung mit Meldung "Festplatte beschädigt"
    Mülltonne - 16.06.2011 (1)
  15. Windows Maleware WindowsRecovery
    Log-Analyse und Auswertung - 14.05.2011 (48)
  16. windows fehler oder maleware ?
    Alles rund um Windows - 07.05.2011 (1)
  17. Windows Recovery Maleware
    Log-Analyse und Auswertung - 06.04.2011 (43)

Zum Thema Windows 10 64bit : Verdacht auf Maleware - Hiho, Ich wollte mir heute SUPER(c) runterladen. Ein Videoconverter Tool. Habe bei der Installation alle Haken entfernt von Fremdprogrammen, leider scheint das nicht funktioniert zu habe. Als die erste dubiose - Windows 10 64bit : Verdacht auf Maleware...
Archiv
Du betrachtest: Windows 10 64bit : Verdacht auf Maleware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.