Probleme mit nicht Löschbarer Adware.Elex.ShrtCln

zabasu · 07.11.2017, 21:23

Hallo ich habe seit dem letzten Chrome update probleme erst mit WebGl und jetzt "adware und einer Schadsoftwäre" die ich einfach nicht weg bekomme ich habe bereits mehrfach malewarebyst drüber laufen lassen dennoch taucht es jedesmal erneut auch und bin erlich gesagt mit meinem Latain am ende.
das ist das letzte Scane Protokol was ich habe ich hoffe ihr Könnt Mir helfen

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 07.11.17
Scan-Zeit: 20:27
Protokolldatei: b69dc9d4-c3f1-11e7-b657-bc5ff467c2f4.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2018
Komponentenversion: 1.0.212
Version des Aktualisierungspakets: 1.0.3200
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.674)
CPU: x64
Dateisystem: NTFS
Benutzer: USER-PC\User

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 442358
Erkannte Bedrohungen: 3
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 13 Min., 10 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 3
PUP.Optional.Trovi, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [4984], [454808],1.0.3200
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [2309], [454742],1.0.3200
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [2309], [454747],1.0.3200

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Hoffe ihr Könnt mir Helfen

M-K-D-B · 08.11.2017, 22:23

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Zudem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von FRST.

zabasu · 08.11.2017, 23:28

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01 (ATTENTION: ====> FRST version is 987 days old and could be outdated)
Ran by User (administrator) on USER-PC on 08-11-2017 23:24:58
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available profiles: User & DefaultAppPool)
Platform: Windows 10 Home (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5187648 2017-10-19] (GOG.com)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll File Not Found
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncShell.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net/
SearchScopes: HKLM -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
Toolbar: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
Handler-x32: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-08-20]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-01]
CHR Extension: (Black Rock Shooter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdkbpipldakmkbknanlkamcgohlgfng [2017-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - https://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (No Name) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2014-11-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AJRouter; C:\Windows\System32\AJRouter.dll [24576 2017-03-18] (Microsoft Corporation)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-02] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [431616 2017-09-05] (Microsoft Corporation)
R2 CDPSvc; C:\Windows\System32\CDPSvc.dll [970240 2017-05-20] (Microsoft Corporation)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [872472 2017-09-05] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [923040 2017-09-05] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [583160 2017-09-05] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-28] (BioWare)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [33792 2017-03-18] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [86528 2017-03-18] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [2516480 2017-09-05] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [536064 2017-07-28] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [394240 2017-08-01] (Microsoft Corporation)
S3 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [55296 2017-03-18] (Microsoft Corporation)
R2 DoSvc; C:\Windows\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R2 DoSvc; C:\Windows\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R3 DsSvc; C:\Windows\System32\DsSvc.dll [149504 2017-03-18] (Microsoft Corporation)
R2 DusmSvc; C:\Windows\System32\dusmsvc.dll [304640 2017-09-29] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [149504 2017-05-20] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [301056 2017-05-21] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [600576 2017-07-28] (Microsoft Corporation)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [59800 2017-03-18] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [210432 2017-09-18] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 IpxlatCfgSvc; C:\Windows\System32\IpxlatCfg.dll [64000 2017-03-18] (Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [43520 2017-03-18] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [26624 2017-03-18] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [90624 2017-03-18] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2017-05-21] (Microsoft Corporation)
S3 NaturalAuthentication; C:\Windows\System32\NaturalAuth.dll [723968 2017-03-18] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [261632 2017-03-18] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [491520 2017-09-05] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [1046016 2017-09-05] (Microsoft Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-23] (Overwolf LTD)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [773120 2017-09-05] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [647168 2017-09-29] (Microsoft Corporation)
S3 RmSvc; C:\Windows\System32\RMapi.dll [152576 2017-03-18] (Microsoft Corporation)
R2 SecurityHealthService; C:\Windows\system32\SecurityHealthService.exe [336320 2017-09-30] (Microsoft Corporation)
S3 SEMgrSvc; C:\Windows\system32\SEMgrSvc.dll [1191424 2017-03-18] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [548864 2017-07-07] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [192512 2017-05-20] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [582656 2017-08-01] (Microsoft Corporation)
S3 spectrum; C:\Windows\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [5304496 2017-09-30] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [4215184 2017-09-30] (Microsoft Corporation)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [632832 2017-06-20] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [165888 2017-03-18] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\System32\TokenBroker.dll [1052672 2017-09-29] (Microsoft Corporation)
R3 TokenBroker; C:\Windows\SysWOW64\TokenBroker.dll [798720 2017-09-29] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95744 2017-03-18] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [877568 2017-03-18] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [684032 2017-09-29] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\icsvc.dll [283648 2017-03-18] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [307712 2017-03-18] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [82432 2017-05-21] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [559104 2017-05-21] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [428032 2017-03-18] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\Windows\System32\wfdsconmgrsvc.dll [555008 2017-06-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [699904 2017-09-29] (Microsoft Corporation)
S3 wlpasvc; C:\Windows\System32\lpasvc.dll [1298432 2017-07-28] (Microsoft Corporation)
R2 WpnService; C:\Windows\system32\WpnService.dll [276480 2017-03-18] (Microsoft Corporation)
S3 xbgm; C:\Windows\System32\xbgmsvc.dll [301216 2017-03-18] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [1015296 2017-07-28] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1135104 2017-03-18] (Microsoft Corporation)
S3 XboxGipSvc; C:\Windows\System32\XboxGipSvc.dll [18944 2017-03-18] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1067008 2017-05-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [20480 2017-03-18] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [17920 2017-03-18] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533920 2017-03-18] (QLogic Corporation)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [39424 2017-09-05] (Microsoft Corporation)
S3 CAD; C:\Windows\System32\drivers\CAD.sys [53664 2017-03-18] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [122880 2017-03-18] (Microsoft Corporation)
S2 CDPUserSvc; No ImagePath
R2 CDPUserSvc_edb374; No ImagePath
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [347032 2017-03-18] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104224 2017-03-18] (Chelsio Communications)
S2 CldFlt; C:\Windows\System32\drivers\cldflt.sys [12288 2017-03-18] (Microsoft Corporation)
R2 clreg; C:\Windows\System32\drivers\registry.sys [14336 2017-03-18] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [39840 2017-03-18] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys [40448 2017-03-18] (Microsoft Corporation)
S3 DevicesFlowUserSvc; No ImagePath
S3 DevicesFlowUserSvc_edb374; No ImagePath
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3419040 2017-03-18] (QLogic Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [54272 2017-03-18] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [21504 2017-03-18] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2017-03-18] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [51104 2017-03-18] (Microsoft Corporation)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [74648 2017-03-18] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2017-03-18] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2017-03-18] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [70656 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165376 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [526240 2017-03-18] (Mellanox)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [36864 2017-03-18] (Microsoft Corporation)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [49568 2017-03-18] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [123808 2017-03-18] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [103328 2017-03-18] (Avago Technologies)
S3 mausbhost; C:\Windows\System32\drivers\mausbhost.sys [405408 2017-03-18] (Microsoft Corporation)
S3 mausbip; C:\Windows\System32\drivers\mausbip.sys [51104 2017-03-18] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-07] (Malwarebytes)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59808 2017-03-18] (Avago Technologies)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64416 2017-03-18] (Avago Technologies)
S3 MessagingService; No ImagePath
S3 MessagingService_edb374; No ImagePath
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [842656 2017-03-18] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [50688 2017-03-18] (Microsoft Corporation)
R1 MpKsl1e637588; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA23E698-1D22-4A4E-816F-152273812516}\MpKsl1e637588.sys [58120 2017-11-07] (Microsoft Corporation)
R1 MpKslee94f084; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46DDF9E5-6880-4726-8725-E6CFE2594E86}\MpKslee94f084.sys [58120 2017-11-08] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [177664 2017-05-21] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [108960 2017-03-18] (Mellanox)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [122368 2017-03-18] (Microsoft Corporation)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [118784 2017-05-21] (Microsoft Corporation)
S3 nvdimmn; C:\Windows\System32\drivers\nvdimmn.sys [80896 2017-03-18] (Microsoft Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S2 OneSyncSvc; No ImagePath
R2 OneSyncSvc_edb374; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58784 2017-03-18] (Avago Technologies)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [61848 2017-03-18] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
R3 PimIndexMaintenanceSvc_edb374; No ImagePath
S3 pmem; C:\Windows\System32\drivers\pmem.sys [101376 2017-03-18] (Microsoft Corporation)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [936864 2017-03-18] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [91040 2017-03-18] (Microsoft Corporation)
S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SpatialGraphFilter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [40352 2017-03-20] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [79872 2017-03-18] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [36760 2017-03-18] (Microsoft Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [104960 2017-09-05] (Microsoft Corporation)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [179200 2017-03-18] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [51712 2017-07-28] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2017-03-18] (Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [263584 2017-03-18] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [98712 2017-03-18] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [138656 2017-03-18] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
R3 UnistoreSvc_edb374; No ImagePath
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [29600 2017-03-18] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [59288 2017-03-18] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [28064 2017-03-18] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
R3 UserDataSvc_edb374; No ImagePath
S3 vhf; C:\Windows\System32\drivers\vhf.sys [35328 2017-03-18] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2017-03-18] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16288 2017-03-18] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [142752 2017-06-20] (Microsoft Corporation)
S3 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [72192 2017-03-18] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [757248 2017-06-20] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [70232 2017-03-18] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [18520 2017-03-18] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [32160 2017-03-18] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [217088 2017-03-18] (Microsoft Corporation)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [64920 2017-03-18] (Mellanox)
S2 WpnUserService; No ImagePath
R2 WpnUserService_edb374; No ImagePath
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-04-27] ()
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [277504 2017-05-20] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [46592 2017-03-18] (Microsoft Corporation)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: NaturalAuthentication -> C:\Windows\System32\NaturalAuth.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: xbgm -> C:\Windows\System32\xbgmsvc.dll (Microsoft Corporation)
NETSVC: TokenBroker -> C:\Windows\System32\TokenBroker.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: XboxGipSvc -> C:\Windows\System32\XboxGipSvc.dll (Microsoft Corporation)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2017-11-08 23:24 - 2017-11-08 23:25 - 00038064 _____ () C:\Users\User\Desktop\FRST.txt
2017-11-08 22:51 - 2017-11-08 22:51 - 08261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner_7.0.4.0.exe
2017-10-29 20:54 - 2017-10-29 20:54 - 00000986 _____ () C:\Users\User\Desktop\Neues Textdokument.txt
2017-10-29 01:00 - 2017-10-30 13:20 - 00000000 ____D () C:\Users\User\Desktop\girls
2017-10-11 18:05 - 2017-10-11 18:05 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:00 - 2017-09-30 06:49 - 01004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:00 - 2017-09-30 06:45 - 00511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:00 - 2017-09-30 06:40 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:00 - 2017-09-30 06:40 - 00173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:00 - 2017-09-30 03:29 - 01408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:00 - 2017-09-30 03:29 - 00804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 01292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 00606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 00508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 00480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:00 - 2017-09-30 03:06 - 04471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 05827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 02603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 00750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:00 - 2017-09-30 03:04 - 04215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 00612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 00347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 00182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 06768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 01439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:00 - 2017-09-30 03:02 - 00175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:00 - 2017-09-30 03:01 - 00124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:00 - 2017-09-29 08:45 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:00 - 2017-09-29 08:44 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:00 - 2017-09-29 08:42 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 13844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:00 - 2017-09-29 08:39 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 05721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 01135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:00 - 2017-09-29 08:36 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 00434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 07598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 02340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 01244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:00 - 2017-09-29 08:31 - 03107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:00 - 2017-09-29 08:29 - 01460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 00681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:00 - 2017-09-29 08:24 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:21 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:00 - 2017-09-29 08:20 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:00 - 2017-09-29 06:40 - 00804312 _____ () C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:00 - 2017-09-29 06:40 - 00804312 _____ () C:\WINDOWS\system32\locale.nls
2017-10-11 18:00 - 2017-09-20 16:08 - 00640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 00345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:00 - 2017-09-19 00:09 - 00554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:00 - 2017-09-18 23:20 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:00 - 2017-09-18 23:15 - 00648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 17:59 - 2017-09-30 06:52 - 01595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 01458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 17:59 - 2017-09-30 06:51 - 00661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 01346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 01068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 01024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 17:59 - 2017-09-30 06:49 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 17:59 - 2017-09-30 06:49 - 00135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 08319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 17:59 - 2017-09-30 06:48 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 17:59 - 2017-09-30 06:48 - 02327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 00644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 01194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 17:59 - 2017-09-30 06:44 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 17:59 - 2017-09-30 06:44 - 00181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 07318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 02442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 17:59 - 2017-09-30 06:42 - 04848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 17:59 - 2017-09-30 06:42 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 17:59 - 2017-09-30 06:42 - 00820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 05477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 05304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 02086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 00961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 00651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 00257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 00228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 00724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 00642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 00558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 00408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 00184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 00072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 17:59 - 2017-09-30 06:39 - 21351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 17:59 - 2017-09-30 06:39 - 00203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 07910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 02239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 17:59 - 2017-09-30 06:36 - 02672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 17:59 - 2017-09-30 06:36 - 00057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 17:59 - 2017-09-30 03:10 - 01150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 17:59 - 2017-09-29 08:46 - 23678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 20511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 11888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:36 - 19337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:35 - 03654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 17370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 06255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 03669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 17:59 - 2017-09-29 08:33 - 00658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:33 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 23686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 08333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 17:59 - 2017-09-29 08:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 17:59 - 2017-09-29 08:28 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 12803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 01321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 08213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 02809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 01468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 00772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 08199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 02760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 02503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 01307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 03140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 17:59 - 2017-09-29 08:23 - 02446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 17:59 - 2017-09-29 08:23 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 01460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 01398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 01438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 17:59 - 2017-09-29 08:21 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 01811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 02088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 17:59 - 2017-09-19 00:20 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 17:59 - 2017-09-19 00:20 - 00900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 17:59 - 2017-09-19 00:18 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 17:59 - 2017-09-19 00:17 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 17:59 - 2017-09-19 00:11 - 01018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 17:59 - 2017-09-18 23:26 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 17:59 - 2017-09-18 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 17:59 - 2017-09-18 23:23 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 17:59 - 2017-09-18 23:20 - 00831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2017-11-08 23:25 - 2015-02-22 13:06 - 00000000 ____D () C:\FRST
2017-11-08 23:25 - 2013-10-01 21:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2017-11-08 22:55 - 2015-02-20 23:11 - 00000000 ____D () C:\AdwCleaner
2017-11-08 22:30 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\system32\sru
2017-11-08 20:35 - 2017-05-21 09:53 - 00000000 ____D () C:\WINDOWS\system32\SleepStudy
2017-11-08 20:26 - 2013-12-26 21:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2017-11-08 18:01 - 2017-05-21 10:15 - 00004152 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C722207A-59FA-447E-9A7F-6EE09C1510F3}
2017-11-08 16:31 - 2013-12-16 20:18 - 00000851 _____ () C:\Users\User\Desktop\adressen.txt
2017-11-08 14:04 - 2014-04-17 18:35 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2017-11-08 12:30 - 2014-04-17 18:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2017-11-08 11:30 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\AppReadiness
2017-11-08 11:24 - 2014-05-29 21:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Origin
2017-11-08 11:23 - 2014-05-29 21:38 - 00000000 ____D () C:\ProgramData\Origin
2017-11-08 00:36 - 2016-09-22 06:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2017-11-07 20:30 - 2017-05-21 09:57 - 02398216 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-07 20:30 - 2017-03-20 05:35 - 01053302 _____ () C:\WINDOWS\system32\perfh007.dat
2017-11-07 20:30 - 2017-03-20 05:35 - 00244972 _____ () C:\WINDOWS\system32\perfc007.dat
2017-11-07 20:25 - 2017-10-07 14:37 - 00000275 _____ () C:\WINDOWS\WindowsUpdate.log
2017-11-07 20:24 - 2017-10-05 22:14 - 00252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-07 20:23 - 2017-10-07 14:33 - 00003960 _____ () C:\WINDOWS\PFRO.log
2017-11-07 20:23 - 2017-05-21 10:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2017-11-07 20:23 - 2017-03-18 12:40 - 02097152 _____ () C:\WINDOWS\system32\config\BBI
2017-11-07 20:23 - 2013-10-01 16:45 - 00000000 ____D () C:\Program Files (x86)\Opera
2017-11-07 19:48 - 2015-03-26 14:24 - 00000000 ____D () C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-11-07 00:39 - 2014-11-22 18:17 - 00002264 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-07 00:16 - 2017-07-27 16:17 - 00003358 _____ () C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000
2017-11-07 00:16 - 2016-04-30 07:44 - 00002380 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:16 - 2016-04-30 07:44 - 00000000 ___RD () C:\Users\User\OneDrive
2017-11-06 21:29 - 2017-03-18 21:51 - 00000000 ____D () C:\WINDOWS\CbsTemp
2017-11-05 14:14 - 2017-05-21 10:15 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2017-11-04 09:48 - 2014-05-29 21:38 - 00000000 ____D () C:\Program Files (x86)\Origin
2017-11-03 23:59 - 2014-06-05 19:28 - 00000000 ____D () C:\Users\User\AppData\Local\SniperV2
2017-10-30 14:42 - 2014-01-10 17:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2017-10-27 16:04 - 2013-12-26 21:03 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2017-10-27 15:05 - 2017-06-29 15:13 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2017-10-27 15:05 - 2017-05-21 10:15 - 00003976 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380645316
2017-10-26 12:48 - 2014-07-27 01:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\RenPy
2017-10-26 08:14 - 2017-05-21 10:15 - 00004642 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 08:14 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:14 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2017-10-25 21:31 - 2015-01-21 17:02 - 00000000 ____D () C:\Users\User\AppData\Local\JDownloader v2.0
2017-10-24 00:24 - 2016-06-10 22:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\obs-studio
2017-10-13 14:16 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 08:38 - 2017-05-21 09:53 - 00287376 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 21:26 - 2017-03-18 22:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2017-10-11 21:26 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\ShellExperiences
2017-10-11 21:26 - 2017-03-18 22:03 - 00000000 ____D () C:\WINDOWS\Provisioning
2017-10-11 18:08 - 2013-10-01 09:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2017-10-11 18:05 - 2013-10-01 09:52 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 12:28 - 2017-09-02 12:09 - 00077440 _____ () C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Files in the root of some directories =======

2014-03-23 13:41 - 2014-03-23 13:41 - 0000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\proxy_vole3114531680520956394.dll
C:\Users\User\AppData\Local\Temp\proxy_vole5151724827290583793.dll
C:\Users\User\AppData\Local\Temp\proxy_vole7405669428430379405.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-11-05 15:13

==================== End Of Log ============================

--- --- ---

zabasu · 08.11.2017, 23:30

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by User at 2017-11-08 23:26:04
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Aiseesoft Blu-ray Player 6.2.20 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.20 - Aiseesoft Studio)
Akamai NetSession Interface (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadly Premonition: The Director's Cut (HKLM\...\Steam App 247660) (Version:  - Rising Star Games)
Dementium II HD (HKLM\...\Steam App 217100) (Version:  - Memetic Games)
Devil Daggers (HKLM-x32\...\Steam App 422970) (Version:  - Sorath)
Discord (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
DOOM 3: BFG Edition (HKLM-x32\...\Steam App 208200) (Version:  - id Software)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Final Exam (HKLM-x32\...\Steam App 233190) (Version:  - Mighty Rocket Studio)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.6.7 - Graeme Gott)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HuniePop (HKLM-x32\...\Steam App 339800) (Version:  - HuniePot)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Just Cause 2 (HKLM\...\Steam App 8190) (Version:  - Avalanche Studios)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
Koi-Koi Japan [Hanafuda playing cards] (HKLM-x32\...\Steam App 364930) (Version:  - Zoo Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Metro: Last Light (HKLM\...\Steam App 43160) (Version:  - 4A Games)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.256.0 - Overwolf Ltd.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Path of Exile (HKLM\...\Steam App 238960) (Version:  - Grinding Gear Games)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Plants vs. Zombies: Game of the Year (HKLM\...\Steam App 3590) (Version:  - PopCap Games, Inc.)
Punch Club (HKLM\...\Steam App 394310) (Version:  - Lazy Bear Games)
Rage of Mages (HKLM-x32\...\1459856053_is1) (Version: 2.1.0.3 - GOG.com)
Rage of Mages (HKLM-x32\...\Rage of Mages) (Version:  - )
Ragnarok Restart (HKLM-x32\...\Ragnarok Restart 1.0.2) (Version: 1.0.2 - Gravity Interactive, Inc.)
Ragnarok Restart (x32 Version: 1.0.2 - Gravity Interactive, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
SanctuaryRPG: Black Edition (HKLM-x32\...\Steam App 328760) (Version:  - Black Shell Games)
Shadowgate (HKLM-x32\...\Steam App 294440) (Version:  - Zojoi)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
skate's Thumbnail Tool Version 1.1.2 (HKLM-x32\...\{E68C580F-B6A5-4D47-89EC-307B9096FC10}_is1) (Version: 1.1.2 - skate702.de)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Sniper Elite 4 (HKLM\...\Steam App 312660) (Version:  - Rebellion)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
South Park™: The Stick of Truth™ (HKLM\...\Steam App 213670) (Version:  - Obsidian Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version:  - Born Ready Games Ltd.)
Styx: Master of Shadows (HKLM\...\Steam App 242640) (Version:  - Cyanide Studio)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Games)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Flame in the Flood (HKLM\...\Steam App 318600) (Version:  - The Molasses Flood)
The Forest (HKLM\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Long Dark (HKLM-x32\...\Steam App 305620) (Version:  - Hinterland Studio Inc.)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Tropico 4 (HKLM\...\Steam App 57690) (Version:  - Haemimont Games)
Unity Web Player (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.60 - NCH Software)
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\VisioForge Media Player SDK ActiveX LITE 7.0.0.0) (Version: 7.0.0.0 - VisioForge)
VisioForge Media Player SDK ActiveX LITE (x32 Version: 7.0.0.0 - VisioForge) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Warcraft III) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)
Ziggurat (HKLM\...\Steam App 308420) (Version:  - Milkstone Studios)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{d966ac89-a571-4a5c-bcf0-638a3cdf1b14}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-10-2017 08:58:51 Windows Update
26-10-2017 12:15:27 Geplanter Prüfpunkt
04-11-2017 12:40:13 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-06-18 08:56 - 00000029 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01CB4CD1-683C-4A3B-A2AE-8E74F2ECB8D5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {02CBCC90-3E56-4541-96EC-B200672D50B5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0421080C-701E-4CFA-A903-DF6E69DAD1F9} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {04DCEB08-147F-4B59-88EB-9F3F89DE852C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {0554F263-AE1F-4A38-9456-993516B21680} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {05B9E168-2EA8-421D-80BF-E175B1D21BBF} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {05E2082C-D22E-4C31-BFAB-672A358AD81A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {0798D78D-3F4A-4A6A-ACF6-60ED09897DB7} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2017-09-29] (Microsoft Corporation)
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2017-03-18] (Microsoft Corporation)
Task: {1052FED2-54C5-4DBD-9F21-43D5A8DC030E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {132A5559-4118-4295-A1E1-C141CB2F74F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {13712BBB-D6B4-4478-A584-D32D47296A80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {14EE976F-63B2-4DD4-99DE-1835879794C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {17E7DB1F-9733-4F86-96C4-CE19E31E6578} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2017-03-20] (Microsoft Corporation)
Task: {1B41679F-8512-4E70-8E44-8A344FBCA5D7} - System32\Tasks\{68198F9C-F8D5-440A-A307-2045870E9B9A} => pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings old.exe" -d "D:\Program Files (x86)\epicRO Ragnarok Online"
Task: {1FA9B476-5068-4DF9-A7C0-DE98215EA21A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2098291A-6826-4D8E-90E2-E7C7DE426F36} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2017-03-18] (Microsoft Corporation)
Task: {24365631-D240-4AA7-84FA-1A1FCDD26F31} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2017-03-18] (Microsoft Corporation)
Task: {27E50876-1871-4B02-984F-886A56851431} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {2BA91004-5C9C-40E9-AACB-0860EC22FB15} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\Windows\System32\UNP\UNPCampaignManager.exe [2017-04-02] (Microsoft Corporation)
Task: {2BF954F7-B5F8-4A34-8C72-ED4883865256} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2F3C1B2D-FB8D-4193-8444-231AD0F9BBED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {309921DD-F04E-4995-AA50-9A6470930DC9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\Windows\System32\WiFiTask.exe [2017-03-18] (Microsoft Corporation)
Task: {3515463A-AD78-4987-86A5-060287B7AB95} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-10-23] (Overwolf LTD)
Task: {3754061D-CD83-4496-8AA0-8FE1BA314C47} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3EDAF9A0-CC33-4FD4-B705-9B2F01B8F349} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {3EF7C9D3-8A19-4234-810A-2DDB201C8958} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {427CCE13-B111-4A80-BBB0-6D6F981E965F} - System32\Tasks\{A5DBFEE4-0356-4708-A655-BFA7E35BF624} => pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings.exe" -d "d:\Program Files (x86)\epicRO Ragnarok Online\"
Task: {42C2F5A4-FFDB-490E-BCA5-2D77D72FCC7F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {434DFEB0-9EB6-4FBE-87C5-D9AEAC7B47D7} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {4478F7FB-D260-4CB8-82E0-5CA44CDF79C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {454F65BE-1803-4B69-89CF-C411EF1A93B9} - \SimpleFiles Installer Starter No Task File <==== ATTENTION
Task: {45A7C243-E5D8-41DC-BD37-79945C54A92C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2017-09-29] (Microsoft Corporation)
Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\Windows\System32\WiFiTask.exe [2017-03-18] (Microsoft Corporation)
Task: {4A99F9A9-C239-49AE-B73E-91D2F4614D65} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2017-09-05] (Microsoft Corporation)
Task: {4ECD0BB8-5D22-4A5B-9F91-9217B3D6860C} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {5256B3A6-7B23-454C-AD22-5E2A693BC4C4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {55978C82-CC08-4BBE-8D03-B568E1E8E4E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2017-03-18] (Microsoft Corporation)
Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2017-06-20] (Microsoft Corporation)
Task: {5C43827A-D8C9-495B-AC43-3E0C135AA98D} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {5CEF6C81-6FC0-4ED2-897B-9497DD7E1887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2017-09-29] (Microsoft Corporation)
Task: {5E7042B2-E2DD-4FEA-8B95-A7CCABCE14F9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {60ECA01D-DA53-442F-B332-6A3FC93FF4C4} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {61160297-9C11-42C4-AA85-47CC9FA41C41} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {614FA2BE-B952-489E-80FA-F05D6506B657} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {61C34886-4054-4DD8-A557-3A7B140BEBBF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {64D227A1-CAF2-4F62-893C-CB71B7F5593F} - System32\Tasks\Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
Task: {65342EE4-2ADC-4994-8633-40C4B9E686C5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2017-03-18] (Microsoft Corporation)
Task: {68861600-8DE1-4D43-8F44-847C6947AA70} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {693F02EA-12F7-4661-8730-A5DF1AFD642F} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
Task: {6B14B27A-2145-41DB-9412-B1DF02D5594E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6BD9FDA3-C8EE-4C02-95CB-1B221BF24F79} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged
Task: {6CD42E30-FE69-4192-A847-1B04D7CB40CE} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {7072963F-3763-4E9F-A1F5-DE9703BAE827} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\Windows\system32\dmclient.exe [2017-03-18] (Microsoft Corporation)
Task: {751916EA-7824-4174-B568-FC51A3F7BFE5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {760979B4-03D3-42CA-9AC0-C4FC833C0332} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {786E9D92-5BB1-4399-958E-2550B6CEEFA8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {78F76D6D-0B70-46A9-8DEB-4FCB650A6627} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2017-03-18] (Microsoft Corporation)
Task: {7A3FC220-2DFA-448D-8CDA-5ACC0ACC317F} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {7B63897B-19CB-45F3-BEAA-89A6764C2DC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {7E48EB16-2459-437A-B3B5-DD91866302CC} - System32\Tasks\Microsoft\Windows\EDP\StorageCardEncryption Task
Task: {7EE03738-E972-4883-9315-6B6E0C706337} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {7F54AFB1-F0F6-4B7D-9D89-DC2ABE972AAF} - System32\Tasks\Opera scheduled Autoupdate 1380645316 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {8130F5FA-AF7D-4943-B2BA-060B3A46CDAE} - System32\Tasks\{438FA2C7-F30F-4579-A499-B2964FEB6E44} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {815A867E-3E45-4676-8D3B-AC1448EADFDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {821BF6DC-C0F0-4924-9E22-E698C929C50F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2017-03-18] (Microsoft Corporation)
Task: {83D8EA44-D5EA-48DC-AD74-8BAE0ABD30A4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8478C771-AE7D-47EA-9D79-22DC82C4E3F6} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {859F5A20-194A-4267-96DC-88911E0E4AAA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime No Task File <==== ATTENTION
Task: {8612CAD8-A91C-4A81-A388-BD870CF508D5} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2017-03-18] (Microsoft Corporation)
Task: {89561DE0-9C3D-413B-89DA-3259A1B2D62B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2017-03-18] (Microsoft Corporation)
Task: {89F9EDD9-7C6B-442A-80AE-7C781EA7CEFB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8BD8CDAB-DB90-48FD-9680-5746409A4010} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {91B9F5D3-9FAA-4AAB-826B-643DBBC07D03} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {92239EC1-43A8-4025-AA14-8B1580E460E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {9BFBFF63-27D1-4C7C-ADFA-AE5B98B90F78} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {9DC56D08-3AB7-4DFE-B855-BCD9E0834276} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {A2C46270-F47C-450E-8B97-13B79197B209} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {A7C47B99-02A2-4657-9EF8-D376516D8CB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {ACF7262F-C3C8-483E-AABA-9E4D387D857E} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\Windows\system32\ClipRenew.exe [2017-03-20] (Microsoft Corporation)
Task: {AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {AF8C81AB-2CD9-4042-89CE-DACC4CBEE0F0} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2017-03-18] (Microsoft Corporation)
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B55CF8D6-4BF9-4075-BC29-60C0CC07BD2C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2017-03-18] (Microsoft Corporation)
Task: {B8179BE3-5C4C-4C8F-9E97-CD59B7126835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {B921E180-BDB8-492E-B516-9E26427AE714} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {BADCD9F0-BE48-420C-A2A8-84136226659D} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2017-03-18] (Microsoft Corporation)
Task: {BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d No Task File <==== ATTENTION
Task: {BF5E2522-FE1D-4E8C-9FA9-E1B27B81D2DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\Windows\system32\ProvTool.exe [2017-03-18] (Microsoft Corporation)
Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {C8AB61DD-2103-4930-9F3A-DA77A548F877} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2017-03-18] (Microsoft Corporation)
Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2017-03-18] (Microsoft Corporation)
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime No Task File <==== ATTENTION
Task: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2017-06-20] (Microsoft Corporation)
Task: {D603657B-A4C5-4DD5-AB65-50C5B5C8B92D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DB881C0E-C3BE-4699-AA40-CA7398035898} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => C:\Windows\system32\usoclient.exe [2017-03-18] (Microsoft Corporation)
Task: {DE82B7E1-A074-4B4B-96F8-B77C47A4381E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {DEC8126C-17DA-4FAD-A5F2-57CB2B91A8B0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E0E54520-18CA-4D7E-963B-A5AA232C6777} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2017-03-18] (Microsoft Corporation)
Task: {E147EE8B-ED10-4204-8072-E7972459DE32} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {E9782F00-75DC-4FE7-AE22-D1AC0649ECAB} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2017-03-18] (Microsoft Corporation)
Task: {EB76E6C0-98F0-4599-96D2-2E4F5E002B9D} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {EC11A6F7-343D-49E9-A974-A3716157F2C1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2017-06-20] (Microsoft Corporation)
Task: {EDFDCDC2-3F60-4BC2-ACE9-FA32929FA671} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F191C630-1ACC-4331-9C15-E924A011A9C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F48B140D-10F9-4075-AE54-49020F4C3DCD} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {F6112400-8A8F-4A0B-B5DA-75DC52204405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2017-03-18] (Microsoft Corporation)
Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2017-09-05] (Microsoft Corporation)
Task: {FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-05-29 10:28 - 2015-05-29 10:28 - 00048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-09-02 12:09 - 2017-10-10 12:28 - 02289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-21 09:57 - 2017-05-01 21:51 - 00133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-07 09:44 - 2017-11-07 09:44 - 00087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-07 09:44 - 2017-11-07 09:44 - 00206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-04 09:48 - 2017-11-02 07:51 - 00021848 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-09-07 17:12 - 2017-09-07 17:12 - 00069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 00021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-05 09:16 - 2017-10-05 09:17 - 48839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 02523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 00352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 00164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 00675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 02836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 20559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 02705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 03128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 08:20 - 2017-08-29 08:20 - 03553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 00118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 01380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 00367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-11-08 11:26 - 2017-11-08 11:26 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.exe
2017-11-08 11:26 - 2017-11-08 11:26 - 06290944 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Office.Sway.LightweightClient.UWP.dll
2017-10-31 11:08 - 2017-10-31 11:08 - 02361528 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Sway_18.1711.50601.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2013-10-01 15:05 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-31 17:25 - 2016-05-02 07:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-21 13:18 - 2017-09-09 20:25 - 00688416 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 15:17 - 2017-10-31 04:22 - 02546976 _____ () D:\Program Files (x86)\Steam\video.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 04969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 00491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 00332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 02549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 00442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 00485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 01195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 01563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2013-09-21 09:35 - 2017-10-31 04:22 - 00901408 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 10:59 - 2016-07-04 23:17 - 00266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-11-04 09:47 - 2017-11-01 07:30 - 00015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2017-11-04 09:47 - 2017-11-01 07:30 - 03090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-05-29 21:40 - 2016-06-10 14:21 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 01993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00507968 _____ () D:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 01076800 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 53018112 _____ () D:\Program Files (x86)\GOG Galaxy\libcef.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 01854528 _____ () D:\Program Files (x86)\GOG Galaxy\PocoData.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 01589312 _____ () D:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00393280 _____ () D:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00307776 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00330816 _____ () D:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2017-06-21 21:52 - 2017-10-19 17:33 - 00130112 _____ () D:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00104000 _____ () D:\Program Files (x86)\GOG Galaxy\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00520768 _____ () D:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00272448 _____ () D:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00425536 _____ () D:\Program Files (x86)\GOG Galaxy\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00680000 _____ () D:\Program Files (x86)\GOG Galaxy\sqlite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00157760 _____ () D:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 00152128 _____ () D:\Program Files (x86)\GOG Galaxy\expat.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 01589312 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00330816 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoJSON.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00507968 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00104000 _____ () C:\ProgramData\GOG.com\Galaxy\redists\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00425536 _____ () C:\ProgramData\GOG.com\Galaxy\redists\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00520768 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 00152128 _____ () C:\ProgramData\GOG.com\Galaxy\redists\expat.dll
2017-06-09 06:22 - 2017-09-07 03:04 - 00678400 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-14 14:24 - 2017-08-16 23:28 - 73130272 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-01-20 16:13 - 2015-09-25 00:52 - 00119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 01893880 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-12 22:00 - 2017-08-12 22:00 - 01577976 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-09 08:19 - 2017-08-08 14:13 - 01938424 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 00095736 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 01738752 _____ () D:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 00078848 _____ () D:\Program Files (x86)\GOG Galaxy\libegl.dll
2017-08-12 22:00 - 2017-10-06 10:48 - 09722360 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-12 22:00 - 2017-11-07 20:29 - 01471992 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-08 11:24 - 2017-11-08 11:24 - 00148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\25EA.tmp.node
2017-08-12 22:00 - 2017-08-12 22:00 - 02658296 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-12 22:00 - 2017-08-12 22:00 - 02673656 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-07-11 10:32 - 2017-08-16 23:29 - 01936672 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libglesv2.dll
2017-07-11 10:32 - 2017-08-16 23:29 - 00113952 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\swiftshader\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Xbox 360 Accessories:Win32App_1
AlternateDataStreams: C:\Program Files\paint.net:Win32App_1
AlternateDataStreams: C:\Program Files\TeamSpeak 3 Client:Win32App_1
AlternateDataStreams: C:\Program Files\UNP:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Battlelog Web Plugins:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\DVDVideoSoft:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Lame For Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OpenOffice 4:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Opera:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Overwolf:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\skate's Thumbnail Tool:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Windows Live:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1
AlternateDataStreams: C:\Users\User\AppData\Local\JDownloader v2.0:Win32App_1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Desktop\black-rock-shooter11.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== Accounts: =============================

Administrator (S-1-5-21-2440112941-538450990-2588341026-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2440112941-538450990-2588341026-503 - Limited - Disabled)
Gast (S-1-5-21-2440112941-538450990-2588341026-501 - Limited - Disabled)
User (S-1-5-21-2440112941-538450990-2588341026-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2017 00:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 00:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 00:36:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2017 08:22:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/06/2017 06:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wow-64.exe, Version 7.3.2.25383 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1784

Startzeit: 01d3572705fec3f2

Beendigungszeit: 4294967295

Anwendungspfad: D:\Program Files (x86)\World of Warcraft\Wow-64.exe

Berichts-ID: fd5e60e0-aec4-48f7-8502-a3b2bedb5612

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (11/03/2017 08:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x23d4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_MapsBroker0
Pfad der fehlerhaften Anwendung: svchost.exe_MapsBroker1
Pfad des fehlerhaften Moduls: svchost.exe_MapsBroker2
Berichtskennung: svchost.exe_MapsBroker3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_MapsBroker4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_MapsBroker5

Error: (11/01/2017 01:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: USER-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/31/2017 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2be0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_MapsBroker0
Pfad der fehlerhaften Anwendung: svchost.exe_MapsBroker1
Pfad des fehlerhaften Moduls: svchost.exe_MapsBroker2
Berichtskennung: svchost.exe_MapsBroker3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_MapsBroker4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_MapsBroker5

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


System errors:
=============
Error: (11/08/2017 11:20:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/08/2017 11:20:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/08/2017 00:36:44 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: microsoft.windowscommunicationsapps_17.8700.40485.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (11/08/2017 00:36:44 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mca

Error: (11/08/2017 00:36:43 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca

Error: (11/07/2017 08:31:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Manager für heruntergeladene Karten" wurde nicht richtig gestartet.

Error: (11/07/2017 08:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/07/2017 08:29:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/07/2017 08:29:28 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (11/07/2017 08:24:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (11/08/2017 00:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141

Error: (11/08/2017 00:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (11/08/2017 00:36:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Microsoft.WindowsStore_8wekyb3d8bbwe!App-2144927141

Error: (11/07/2017 08:22:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

Error: (11/06/2017 06:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow-64.exe7.3.2.25383178401d3572705fec3f24294967295D:\Program Files (x86)\World of Warcraft\Wow-64.exefd5e60e0-aec4-48f7-8502-a3b2bedb5612

Error: (11/03/2017 08:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_MapsBroker10.0.15063.002799ef5unknown0.0.0.0000000008400000e000000000000000023d401d35472830fa356C:\WINDOWS\System32\svchost.exeunknown0cec459e-07fe-4a87-8388-94a009887aed

Error: (11/01/2017 01:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: USER-PC)
Description: Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App

Error: (10/31/2017 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_MapsBroker10.0.15063.002799ef5unknown0.0.0.0000000008400000e00000000000000002be001d3522d4d2cc634C:\WINDOWS\System32\svchost.exeunknownd3ad92b3-a270-4aba-88ee-b351169a6b70

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4


CodeIntegrity Errors:
===================================
  Date: 2017-06-24 20:48:50.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:58.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:22.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:45:33.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16265.62 MB
Available physical RAM: 12560.97 MB
Total Pagefile: 32649.62 MB
Available Pagefile: 28030.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:487.84 GB) (Free:362.17 GB) NTFS
Drive d: () (Fixed) (Total:1374.51 GB) (Free:716.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0CD429A7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Vielen dank das sie Mir Helfen und sich dem Problem annehmen

M-K-D-B · 09.11.2017, 17:06

Servus,

deine Version von FRST ist total veraltet. Bitte erneut starten. Normalerweise sollte es sich updaten. Dann nochmal einen Suchlauf durchführen.

Wenn nicht, von hier die aktuellste Version laden.

zabasu · 09.11.2017, 19:30

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
durchgeführt von User (Administrator) auf USER-PC (09-11-2017 19:26:38)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5187648 2017-10-19] (GOG.com)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => Keine Datei
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-08] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8b0d2022-b991-4718-93be-7a02131a75f6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startseite24.net/
SearchScopes: HKLM -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
Toolbar: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Keine Datei
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-06] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=","hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175"
CHR DefaultSearchKeyword: Default -> hxxps://www.google.de/webhp?hl=de
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-09]
CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Black Rock Shooter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdkbpipldakmkbknanlkamcgohlgfng [2017-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> ist aktiviert.
OPR Extension: (Radio Canyon) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2015-06-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-02] () [Datei ist nicht signiert]
S3 DAUpdaterSvc; D:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-28] (BioWare)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-23] (Overwolf LTD)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-07] (Malwarebytes)
R1 MpKsl1e637588; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA23E698-1D22-4A4E-816F-152273812516}\MpKsl1e637588.sys [58120 2017-11-07] (Microsoft Corporation)
R1 MpKsle3a53a2c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{414735E4-83A4-4E0B-8E8E-8F2C53B93554}\MpKsle3a53a2c.sys [58120 2017-11-09] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-04-27] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-09 19:26 - 2017-11-09 19:27 - 000021470 _____ C:\Users\User\Desktop\FRST.txt
2017-11-09 19:25 - 2017-11-09 19:25 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-11-08 22:51 - 2017-11-08 22:51 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner_7.0.4.0.exe
2017-10-29 20:54 - 2017-10-29 20:54 - 000000986 _____ C:\Users\User\Desktop\Neues Textdokument.txt
2017-10-29 01:00 - 2017-10-30 13:20 - 000000000 ____D C:\Users\User\Desktop\girls
2017-10-11 18:05 - 2017-10-11 18:05 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:00 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:00 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:00 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:00 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:00 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:00 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:00 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:00 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:00 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:00 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:00 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:00 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:00 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:00 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:00 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:00 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:00 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:00 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:00 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:00 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:00 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:00 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:00 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:00 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:00 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 17:59 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 17:59 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 17:59 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 17:59 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 17:59 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 17:59 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 17:59 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 17:59 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 17:59 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 17:59 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 17:59 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 17:59 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 17:59 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 17:59 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 17:59 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 17:59 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 17:59 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 17:59 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 17:59 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 17:59 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 17:59 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 17:59 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 17:59 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 17:59 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 17:59 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 17:59 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 17:59 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 17:59 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 17:59 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 17:59 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 17:59 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 17:59 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-09 19:26 - 2015-02-22 13:06 - 000000000 ____D C:\FRST
2017-11-09 19:23 - 2013-10-01 21:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-11-09 18:24 - 2017-05-21 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-09 17:46 - 2017-05-21 10:15 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C722207A-59FA-447E-9A7F-6EE09C1510F3}
2017-11-09 11:47 - 2014-04-17 18:35 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-11-09 10:27 - 2014-04-17 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-09 10:07 - 2014-05-29 21:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2017-11-09 10:06 - 2014-05-29 21:38 - 000000000 ____D C:\ProgramData\Origin
2017-11-09 10:01 - 2016-04-30 07:35 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-11-08 23:51 - 2016-09-22 06:47 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-08 23:26 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-08 22:55 - 2015-02-20 23:11 - 000000000 ____D C:\AdwCleaner
2017-11-08 20:26 - 2013-12-26 21:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-11-08 16:31 - 2013-12-16 20:18 - 000000851 _____ C:\Users\User\Desktop\adressen.txt
2017-11-08 11:30 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-08 11:30 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-07 20:30 - 2017-05-21 09:57 - 002398216 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-07 20:30 - 2017-03-20 05:35 - 001053302 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-07 20:30 - 2017-03-20 05:35 - 000244972 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-07 20:24 - 2017-10-05 22:14 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-07 20:23 - 2017-05-21 10:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-07 20:23 - 2017-03-18 12:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-11-07 20:23 - 2013-10-01 16:45 - 000000000 ____D C:\Program Files (x86)\Opera
2017-11-07 19:48 - 2015-03-26 14:24 - 000000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-11-07 00:39 - 2014-11-22 18:17 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-07 00:16 - 2017-07-27 16:17 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000
2017-11-07 00:16 - 2016-04-30 07:44 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:16 - 2016-04-30 07:44 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-06 21:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 14:14 - 2017-05-21 10:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-11-04 09:48 - 2014-05-29 21:38 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-03 23:59 - 2014-06-05 19:28 - 000000000 ____D C:\Users\User\AppData\Local\SniperV2
2017-10-30 14:42 - 2014-01-10 17:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity
2017-10-27 16:04 - 2013-12-26 21:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-10-27 15:05 - 2017-06-29 15:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2017-10-27 15:05 - 2017-05-21 10:15 - 000003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380645316
2017-10-26 12:48 - 2014-07-27 01:10 - 000000000 ____D C:\Users\User\AppData\Roaming\RenPy
2017-10-26 08:14 - 2017-05-21 10:15 - 000004642 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 21:31 - 2015-01-21 17:02 - 000000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2017-10-24 00:24 - 2016-06-10 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-10-13 14:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 08:44 - 2016-02-13 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 08:38 - 2017-05-21 09:53 - 000287376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 21:26 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 21:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:08 - 2013-10-01 09:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:05 - 2013-10-01 09:52 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-10 12:28 - 2017-09-02 12:09 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-23 13:41 - 2014-03-23 13:41 - 000000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG

Einige Dateien in TEMP:
====================
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole3114531680520956394.dll
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole5151724827290583793.dll
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole7405669428430379405.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-05 15:13

==================== Ende von FRST.txt ============================

Entschuldigung

zabasu · 09.11.2017, 19:30

Code:

ATTFilter

usätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von User (09-11-2017 19:27:45)
Gestartet von C:\Users\User\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-21 09:23:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2440112941-538450990-2588341026-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2440112941-538450990-2588341026-503 - Limited - Disabled)
Gast (S-1-5-21-2440112941-538450990-2588341026-501 - Limited - Disabled)
User (S-1-5-21-2440112941-538450990-2588341026-1000 - Administrator - Enabled) => C:\Users\User

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Aiseesoft Blu-ray Player 6.2.20 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.20 - Aiseesoft Studio)
Akamai NetSession Interface (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.6.7 - Graeme Gott)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.256.0 - Overwolf Ltd.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Rage of Mages (HKLM-x32\...\1459856053_is1) (Version: 2.1.0.3 - GOG.com)
Rage of Mages (HKLM-x32\...\Rage of Mages) (Version:  - )
Ragnarok Restart (HKLM-x32\...\{06A73F7C-3719-4664-89DC-21FB0B3D7C9D}) (Version: 1.0.2 - Gravity Interactive, Inc.) Hidden
Ragnarok Restart (HKLM-x32\...\Ragnarok Restart 1.0.2) (Version: 1.0.2 - Gravity Interactive, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
skate's Thumbnail Tool Version 1.1.2 (HKLM-x32\...\{E68C580F-B6A5-4D47-89EC-307B9096FC10}_is1) (Version: 1.1.2 - skate702.de)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.60 - NCH Software)
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\{A7A1153A-3CA3-4366-B37D-291522538794}) (Version: 7.0.0.0 - VisioForge) Hidden
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\VisioForge Media Player SDK ActiveX LITE 7.0.0.0) (Version: 7.0.0.0 - VisioForge)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Warcraft III) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{d966ac89-a571-4a5c-bcf0-638a3cdf1b14}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02CBCC90-3E56-4541-96EC-B200672D50B5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {04DCEB08-147F-4B59-88EB-9F3F89DE852C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {132A5559-4118-4295-A1E1-C141CB2F74F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {13712BBB-D6B4-4478-A584-D32D47296A80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {14EE976F-63B2-4DD4-99DE-1835879794C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {1B41679F-8512-4E70-8E44-8A344FBCA5D7} - System32\Tasks\{68198F9C-F8D5-440A-A307-2045870E9B9A} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings old.exe" -d "D:\Program Files (x86)\epicRO Ragnarok Online"
Task: {1FA9B476-5068-4DF9-A7C0-DE98215EA21A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2098291A-6826-4D8E-90E2-E7C7DE426F36} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BF954F7-B5F8-4A34-8C72-ED4883865256} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F3C1B2D-FB8D-4193-8444-231AD0F9BBED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {309921DD-F04E-4995-AA50-9A6470930DC9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3515463A-AD78-4987-86A5-060287B7AB95} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-10-23] (Overwolf LTD)
Task: {3754061D-CD83-4496-8AA0-8FE1BA314C47} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3EF7C9D3-8A19-4234-810A-2DDB201C8958} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {427CCE13-B111-4A80-BBB0-6D6F981E965F} - System32\Tasks\{A5DBFEE4-0356-4708-A655-BFA7E35BF624} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings.exe" -d "d:\Program Files (x86)\epicRO Ragnarok Online\"
Task: {4478F7FB-D260-4CB8-82E0-5CA44CDF79C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {454F65BE-1803-4B69-89CF-C411EF1A93B9} - \SimpleFiles Installer Starter -> Keine Datei <==== ACHTUNG
Task: {5256B3A6-7B23-454C-AD22-5E2A693BC4C4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {55978C82-CC08-4BBE-8D03-B568E1E8E4E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CEF6C81-6FC0-4ED2-897B-9497DD7E1887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {61160297-9C11-42C4-AA85-47CC9FA41C41} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61C34886-4054-4DD8-A557-3A7B140BEBBF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65342EE4-2ADC-4994-8633-40C4B9E686C5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {751916EA-7824-4174-B568-FC51A3F7BFE5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {760979B4-03D3-42CA-9AC0-C4FC833C0332} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B63897B-19CB-45F3-BEAA-89A6764C2DC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {7F54AFB1-F0F6-4B7D-9D89-DC2ABE972AAF} - System32\Tasks\Opera scheduled Autoupdate 1380645316 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {8130F5FA-AF7D-4943-B2BA-060B3A46CDAE} - System32\Tasks\{438FA2C7-F30F-4579-A499-B2964FEB6E44} => C:\WINDOWS\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {815A867E-3E45-4676-8D3B-AC1448EADFDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {821BF6DC-C0F0-4924-9E22-E698C929C50F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {83D8EA44-D5EA-48DC-AD74-8BAE0ABD30A4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {859F5A20-194A-4267-96DC-88911E0E4AAA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {8612CAD8-A91C-4A81-A388-BD870CF508D5} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {89F9EDD9-7C6B-442A-80AE-7C781EA7CEFB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BD8CDAB-DB90-48FD-9680-5746409A4010} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {92239EC1-43A8-4025-AA14-8B1580E460E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A7C47B99-02A2-4657-9EF8-D376516D8CB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B55CF8D6-4BF9-4075-BC29-60C0CC07BD2C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8179BE3-5C4C-4C8F-9E97-CD59B7126835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BF5E2522-FE1D-4E8C-9FA9-E1B27B81D2DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {D603657B-A4C5-4DD5-AB65-50C5B5C8B92D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DB881C0E-C3BE-4699-AA40-CA7398035898} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE82B7E1-A074-4B4B-96F8-B77C47A4381E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC8126C-17DA-4FAD-A5F2-57CB2B91A8B0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E0E54520-18CA-4D7E-963B-A5AA232C6777} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E147EE8B-ED10-4204-8072-E7972459DE32} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {EDFDCDC2-3F60-4BC2-ACE9-FA32929FA671} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F191C630-1ACC-4331-9C15-E924A011A9C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6112400-8A8F-4A0B-B5DA-75DC52204405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\User\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-29 10:28 - 2015-05-29 10:28 - 000048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-09-02 12:09 - 2017-10-10 12:28 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-21 09:57 - 2017-05-01 21:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-07 09:44 - 2017-11-07 09:44 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-07 09:44 - 2017-11-07 09:44 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-04 09:48 - 2017-11-02 07:51 - 000021848 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-09-07 17:12 - 2017-09-07 17:12 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-05 09:16 - 2017-10-05 09:17 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 08:20 - 2017-08-29 08:20 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-05 09:16 - 2017-10-05 09:17 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-05 09:16 - 2017-10-05 09:16 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2013-10-01 15:05 - 2012-06-25 09:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-03-31 17:25 - 2016-05-02 07:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-21 13:18 - 2017-09-09 20:25 - 000688416 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 15:17 - 2017-10-31 04:22 - 002546976 _____ () D:\Program Files (x86)\Steam\video.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 004969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 002549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 001195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 001563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2013-09-21 09:35 - 2017-10-31 04:22 - 000901408 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 10:59 - 2016-07-04 23:17 - 000266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-11-04 09:47 - 2017-11-01 07:30 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2017-11-04 09:47 - 2017-11-01 07:30 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-05-29 21:40 - 2016-06-10 14:21 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000507968 _____ () D:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 053018112 _____ () D:\Program Files (x86)\GOG Galaxy\libcef.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001076800 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001854528 _____ () D:\Program Files (x86)\GOG Galaxy\PocoData.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000393280 _____ () D:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001589312 _____ () D:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000307776 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000330816 _____ () D:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2017-06-21 21:52 - 2017-10-19 17:33 - 000130112 _____ () D:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000104000 _____ () D:\Program Files (x86)\GOG Galaxy\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000520768 _____ () D:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000272448 _____ () D:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000680000 _____ () D:\Program Files (x86)\GOG Galaxy\sqlite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000425536 _____ () D:\Program Files (x86)\GOG Galaxy\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000157760 _____ () D:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000152128 _____ () D:\Program Files (x86)\GOG Galaxy\expat.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 001589312 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000330816 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoJSON.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000507968 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000104000 _____ () C:\ProgramData\GOG.com\Galaxy\redists\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000425536 _____ () C:\ProgramData\GOG.com\Galaxy\redists\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000520768 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000152128 _____ () C:\ProgramData\GOG.com\Galaxy\redists\expat.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 001738752 _____ () D:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 000078848 _____ () D:\Program Files (x86)\GOG Galaxy\libegl.dll
2017-06-09 06:22 - 2017-09-07 03:04 - 000678400 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-14 14:24 - 2017-08-16 23:28 - 073130272 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-01-20 16:13 - 2015-09-25 00:52 - 000119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-12 22:00 - 2017-08-12 22:00 - 001577976 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-09 08:19 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-12 22:00 - 2017-10-06 10:48 - 009722360 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-12 22:00 - 2017-11-07 20:29 - 001471992 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-09 10:08 - 2017-11-09 10:08 - 000148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\4BD6.tmp.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002658296 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002673656 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-06-18 08:56 - 000000029 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Desktop\black-rock-shooter11.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{9C3706ED-64EE-462D-AAC4-745260CD6FBB}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C169F269-54EE-4253-AF5D-4B55C15F1775}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{695FAF78-0DBE-45B8-A05F-E1B4BAA59FCE}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{09B5A604-B7E3-4625-B7A6-CFED54329A9C}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D892EF5A-DCC7-4FB0-A4E0-74D8A766440C}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{B3FB41F1-79B3-413C-B008-0001AAE7FBD3}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{E3C4DEBD-FD96-4789-A362-859D9FD41B64}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{31812AB7-9EB1-4B6D-855C-B28552F64977}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{0BBA4094-B486-4BD8-BD46-7C0A8517B2B4}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{33751D31-A83B-43A3-9DE2-808B05A1B520}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{2ADDDE45-FFED-4DF4-B5B9-728AB583858F}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{9D7F081C-EB2E-4288-B03A-8395972D4B75}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [UDP Query User{923B508F-9F5D-4736-B953-3F24F729A1D6}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F5659E42-B74A-494A-A8AF-A9541DFAF5AD}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8D1EEDE-AC10-488C-A308-7A3D95633109}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9422F32-ED23-4E77-95BE-1C8233C30CFA}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9095436E-783B-47EF-86BC-8870FE9245E3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0D545466-2DB6-43A5-B930-F5FF09CBD54F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{3E98866F-EB4C-4254-A94D-4A240BCB0810}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [TCP Query User{C77808E2-8F06-4C7B-9D6A-89E709CC510E}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [{034B23A9-B7F7-41BC-AAD2-C3EAF9995FC6}] => (Allow) D:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [UDP Query User{F9497AD2-3548-45B8-B03D-AC8BDDAF00BB}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{63CB44E6-8816-4F9E-BEC8-F43B341F13FE}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4B60DBDC-8500-4884-A6D6-85CA309AF5E8}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{C9D014AE-64A9-407E-8C50-9B0B4B956CDD}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{454C40F0-077B-4441-86C6-5CEA893D16D4}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2694FD4-2DDF-4A8F-9612-485E47DB2A68}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CE534BD4-C74C-4126-A126-F096C261E9B4}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83F87CDE-9639-48A9-9D2C-29F06783669B}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{96A0F636-1016-47B0-9613-0838C573627C}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [TCP Query User{FE7968CC-68BD-4058-BA5E-DC6CE5390C53}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [{00C61FF4-17AB-42E3-AF35-4E125D337D5C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{FEAC0CEF-CCF3-481B-983C-289FC5D90A06}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [UDP Query User{22C8D6D8-21AC-48A7-B237-F110416F8C62}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [TCP Query User{D9BC6E22-9F8B-48C4-AD56-84EDC163AF26}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [{138D4B24-E374-408F-B77C-CAB04725CB4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{2E74C4B3-E1DB-4017-A634-089C73E3BCC5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{C5005979-5EB3-4275-BA81-941B5BCA303D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{9549E5A5-22C2-4148-B904-EFA25A3A1EDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A93E3F9B-68D2-4AC5-9E6E-753A5893817E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{946AF9B7-81E4-405F-BC10-879736EA5FC2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{F67FF78E-10CC-4937-84C3-79D4E637771B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B6E043D3-CCEC-4261-8EA2-ABD080F46CAA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{DB413EC0-A14F-4E83-B401-3584D74AC9DB}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{06670257-4FD9-4B83-B20C-8BD10B937C8D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{3F4F719E-7FB6-42BE-AFB1-41F9A3F67E0C}D:\program files (x86)\tom clancy's the division\thedivision.exe] => (Allow) D:\program files (x86)\tom clancy's the division\thedivision.exe
FirewallRules: [UDP Query User{56062B46-5268-47A5-8E3C-2F707B84A363}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{5150902E-AE6C-46A5-8A2F-EA4D374487E6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{AC698FB7-8262-4B5F-AE3C-EA35071684B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{105A53C0-E656-4632-8371-77B9CAA10444}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{DE45B7B9-33A9-46F3-B80C-186992B98BFF}] => (Allow) LPort=1900
FirewallRules: [{51700128-C169-4AF0-ABB3-6019B2234BEB}] => (Allow) LPort=2869
FirewallRules: [{F87F89FA-B567-48B1-B68A-49BFE0EC8F02}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{DF780692-03C9-4FAE-A9F6-55D3D1FACBC8}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{80C4801A-B800-4EE1-B75A-68B715969375}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AE71D734-B4B0-493F-8148-113142CAC814}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD1244D8-3CEF-4F9A-A4F2-59E3D4E6DBE9}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{B310F864-AB7F-46F8-8033-12DBB4ABDB84}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{4E5588DC-8A03-452C-A814-28A50BA283A0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{6FAA8E9A-1BFA-4B80-BF68-1CA0467272B3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8E53D14C-173C-469E-A7C0-FC634251035E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{F9C45902-1EE0-4ACC-ADA9-5742294F28B0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{199F447F-5289-4187-8331-07E5E48F8C9D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{978218B0-6367-4C89-A1BA-236419747157}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{7834845B-A3B9-4A8E-BA47-C5CCF350686C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{939B4E88-BE25-40B1-91AD-DCDE2EAD1C68}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{BAED523B-EF2C-4F7E-A3AC-36B6F2FFEE4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5582C2C5-8E66-48AB-8CFD-4E6865417117}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{A9599D5A-FCF6-4A13-8047-5EEC6C9DA6DF}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [UDP Query User{413A1624-EA4A-4FD1-A1C4-ECC6CC7A5A21}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EB1682A1-C4BA-4C3A-946F-1C32B10ED1CC}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{43F29742-2B27-404F-A374-478205BA4294}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{80330737-BF6C-42C7-848C-A6732C78481D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{556DC0B1-24E8-44A0-978E-2F284096707A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{81D69276-A640-4E1A-8132-9679BD381CD7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{BB290AEC-5AE9-4F47-8473-60B0DECD026D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EBD8D74F-07DA-492A-9CD8-44E4DFC293E8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{04C52C4F-CBE2-41E7-BCEC-1588F0F9E24A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{6BED1BD7-EA9E-4F1D-99D9-13AC8309FF08}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{C701686D-4ADA-4FBD-B698-6CD754F24116}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{56823176-FF81-41C2-B366-A2AC4CD39181}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [UDP Query User{931E706C-0C8F-450A-B2A1-6CFDFDA9A1D7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{426C2B60-F3F7-4DA9-A811-0DA28546F717}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [{9286A25F-2705-4B5E-906A-A99D35B85F6C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{0A1E6997-17D3-4747-8106-B50C0B323E1C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [UDP Query User{4898D512-B876-4D84-A582-19FD92816FB4}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{BD67A5BD-BEE6-4F4F-A79A-859EA844729E}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{9FD52067-AF88-41C9-89A8-1CE183DA83A5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{2BCD56F3-0687-451D-ABA0-C2A00E081366}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{C437CE87-A71C-43E7-BA62-1BDFCFAD7F0F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6BCF7699-632C-464D-B5D6-6A280DEE14A9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [UDP Query User{EBDBC056-CADE-4223-A181-F5FDDB377A56}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [TCP Query User{927370DD-8BA9-44E7-AA86-47CA6629B42B}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [{95F8A3D2-3A8C-4EDA-A729-55A671CCAEEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27EF9A32-7213-41A4-98AD-AF9DA32C3C31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94E71186-8933-4C9D-A6C3-098CCDB59886}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{769D1814-4C10-4D99-9087-0DEF9A84DD42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9BA40C0A-53A8-458E-847C-F469DCE30002}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{854A45F9-FC3B-4D9C-AF2A-ACC6E1D2F077}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EDDB763B-D7EB-4B44-BBC1-4B6F068D1B86}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DCC82C4C-AA14-464F-8CEF-374219504A06}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{C458D6A8-9D64-4EE2-B89C-444F1D57F5D2}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{61043D88-EAA3-4BC0-8920-FF23913988AB}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{12EF483D-954A-469D-BB1A-65E18C8405B6}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{A66B7710-C51E-41A7-B65D-8461ED7E7970}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F3A2F987-9BF7-4B4D-AE65-FCC310AD82C2}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BDEB1C7A-0B1A-4F15-9995-0F56C7D56F55}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{0BE4DEDB-B609-4A08-8EDA-F7C04CC842AE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{76EEA0D2-F8F5-40AD-A054-638833F75E30}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6964DBF8-F8B3-4340-845E-EDBDFAEEBAE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [UDP Query User{E2089537-DCE3-4B3A-B332-2411C7E09E4F}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{54417066-6F8B-4E28-9F85-0A8AE3DC904B}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{747312C0-8EB8-46FB-A656-9F6E599C02A7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{542C020A-49A2-4625-BD62-3CBD888348E5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{08276856-D54A-4A66-826F-3638EF6D426D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{BAABEEDD-8579-417C-BA51-4484FD07839B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{8E3969EA-7101-4BF6-9A28-2160C0BC1960}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{1CC35AF9-409B-45AB-B49D-876C224E1DCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{93103BC1-8D21-4350-8CE9-614D06E84813}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{11E424AA-383D-4F30-B683-AC91ADBFE99E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{45530EF2-BAF3-465E-BC26-F25EA0E19DEF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{88687C5A-DD19-4770-A83E-0091679FAD8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F5B0530A-D302-4EA1-80B1-8F675B79CF4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{0B5E41A6-6AE2-4D7C-9A64-895CD624EC2B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{C2F978F6-405C-4E18-8B6D-61C8E10E54FB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{EEED312C-DCD7-454F-95D7-4A1D141A726C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [UDP Query User{594CAB67-D8D5-41F9-A38E-8F11CEE19BFF}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AC383127-6714-4741-A6FF-004A6D97234E}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{6C075229-B17F-44DE-8514-F9DF46E544E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{91B46C84-3D73-4E76-B72F-CD08C8A723F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{CD532599-7D0F-448B-8A61-D1418120D8F8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F22BE907-5B04-4446-982C-BAC0ABC16FE9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [UDP Query User{37599D5F-4EC8-4C2B-9488-B0E5014E5641}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{EA09F9AC-D798-41B7-B9BC-2B91C7F88470}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{F8B17FBB-BB43-4D85-9FEC-EEB58A81DEF6}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{D2026B4C-FF8B-4202-877A-6957857CE548}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{59D3C52C-6E46-4914-8591-5CBD1DC43B59}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2454A699-F7D7-4B06-8507-CDA10141C753}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C01D681C-5515-4BEA-8DD1-470D6655263F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9FC3B04-A8B6-4EEC-B236-2C5A66660648}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{59FFA24C-9527-4277-906D-49DBAC599876}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{F991024D-E179-4712-AA82-955673652A2A}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{9EE4FF07-A56D-41DA-BAC1-587AD0863EE5}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{9576ED4F-F3D3-421B-851A-EA8CAC010DDC}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{3657D514-73CC-4A6E-BCB1-AD0FA2CED502}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{4294FE41-DAC7-4F44-9479-F36D4DBBBB92}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{6B4F058A-BB38-4242-A5E8-736F19C93D69}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{E31B9522-9A84-4C23-9F9D-B4E9296DAF9D}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8F7157CF-58CD-4E5F-93E8-F684C99B46A6}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{EA6743E4-2DDA-4596-A24C-3EBCA2CD2934}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [{51392C51-B819-4F17-B588-2F0A59CF28F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{7EDDB216-22CD-4ACE-B4CA-91DBA8065109}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{36ACE851-6FA1-43E8-8830-87489602CFAD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{9E6072B1-243E-4607-8261-9DC2D35B2BCD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{57EDBD12-6444-406F-BBF2-EC710541211D}] => (Allow) C:\Users\User\AppData\Local\Temp\Rar$EXa0.548\[Amateur]_Familienbande_Familienschande_Inzest_in_Deutschland.exe
FirewallRules: [{6D308241-C1BA-409F-A4BE-2CF026FEE559}] => (Allow) C:\Users\User\AppData\Local\Temp\Rar$EXa0.548\[Amateur]_Familienbande_Familienschande_Inzest_in_Deutschland.exe
FirewallRules: [{904B7528-A15C-4B24-AF16-ECAA0B3D6D87}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{553021BC-6E9F-48B2-A48A-8BFC8793293B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8E1309DC-E711-4624-BC14-06BA827F255F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{8A738709-8F43-43DB-8B41-6B8B9D659C7B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{165F9B7F-1ABD-4B75-B0B9-C9D3AF1C6C8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8D6F5A2F-AB87-4474-AE8C-268EC317D082}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{882DDA1E-1797-4C8D-B7B1-7EC046C09CAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{178DB507-8C05-4B91-8D43-23F07A3F3E90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{66BB3191-9E45-47E4-B23F-9689763D1D89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{53322157-5BF7-4A59-B7DF-ECE2AA2B096D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{957B20E6-213F-4900-AE9C-2595E0FC7A73}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{003B164E-96F1-44C9-8AC6-7DC763E9B37C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{4114852A-0504-41D6-B4A4-F10874A1E1E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{7AA3C5D5-F9C4-4D2E-9E7F-30DF30E2298E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{3103D173-19BB-498B-BDB8-3BD93246371B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{7EAFF071-4732-4473-8434-937E416A33A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{0808623D-B568-4C2F-AB90-13C1A2A0BC79}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A2FC59C2-FE72-4DB0-BE84-C71FA67B049A}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [UDP Query User{0091A712-7316-4BB0-9567-DB4ED2CCAE2C}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [TCP Query User{88049ACA-17DC-4E8A-AD9A-22FCCEDB0F95}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [{025A0A9B-CF16-490D-968A-4A519CEB05F5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{F69A8511-49F8-4A64-B903-7803F62542EC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{88875109-6458-4D10-B5EC-6160942533D9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{3620D27E-0A5A-4992-94EA-28819E585337}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{4D49B0DE-78A4-4E2F-B86B-5C71B42A547F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4F6891C3-C4C1-4CB9-82AB-9DC2CC7744D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E60FB92B-7B1F-4FB0-9983-294FF306D5A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{534E9AFB-53DB-4C19-9B69-B5CF03AF2621}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9CF1C447-1F74-4224-94F9-56A8E2ACAA4E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E8DAA218-AB25-4A30-AF5A-B302D723FA5D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4E71A770-D637-4760-A672-924728F821D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{AB63AA2B-26BD-45B0-9CE2-0EA165118980}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{750D3D6A-9E69-4503-907F-8B84766719FF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{E513D3E1-8315-4D72-8112-4AE52E864B11}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8395B346-8251-44CB-9F47-19A2B8F991CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{6BF77B84-E27E-49BB-85EC-084F50C01152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [UDP Query User{D9F21994-9087-4CC1-91A7-A6AC6AC21FDA}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [TCP Query User{932DC11C-3578-4829-BB58-8DEA4451F3E8}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [{E4982598-1B17-4F9A-92B0-A97DFA0D8969}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{9882AE9D-8ACA-43EE-937C-B30A97B1EA9D}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{FCBB5751-DA21-442D-B3F4-C75C850443C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{E15BF8A3-61B5-4087-B52E-54CB23DCEC8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [UDP Query User{D44A29A5-9682-4184-A12A-D3848E3AF54E}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{C1F79FFE-5A29-4E9C-806A-C6E4A4AD2CF8}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{D65358B1-3C3A-438A-9C02-00A69955A4B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{4FACA89F-8360-4559-B593-8A8A62C42B60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{8B80574B-D3B4-40EB-A2CC-E6452A82A57A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6576F812-EA0D-4CB7-9E29-4CD61F768913}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{8A0128E7-BEE7-49AA-849D-0941E41787A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{F2D08121-F09E-4AC9-A506-88954C015B67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{084858FE-CC1D-40CA-B216-8FE0863B5B6E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{A1584557-3DED-4262-9F18-FD7091440DC1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{F53B7EA0-4176-48E3-850C-98F0F0847608}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6D22702-F493-4DFF-8ECF-93A49B9E6085}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{821ED095-7918-4383-9C9B-3915F555E351}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{D21781BC-68D4-46AB-A324-723D1B113E51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3E4B4413-0E46-487B-A73F-3B64D9973610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{50366807-F292-4728-B4AB-D2B736B3FB8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{F0B26C7D-DD07-4E19-AF87-EA42C8020751}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{8C009CE1-24F0-4D66-9B0C-9CDE44195540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{2CB35982-ABC3-4C35-B315-5255C97FC7E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{815BCFC8-E68A-4AB2-8F37-AFDA9D949400}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{8C05F04B-5060-4223-B4F0-042CBCB79BFD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{3D3714CC-B944-44E7-B32E-EA7312DF3D60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{F49BFD88-F42C-4A40-B397-353E74AF8A47}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{50BE5F13-37EF-4D97-A843-F28155D3AED2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{FA437E49-3A80-41B3-8BF6-AEBEAA632A96}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{E36A9235-3F7B-4191-A219-DE1D9D3D82DF}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{7115B09D-2CF2-44B4-9F57-E07CE944DA17}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{3270C909-24F9-454F-879D-071F39726FEB}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{33B47877-541D-4D49-9703-0C2ACEAA6341}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C3FA100E-4D78-4917-A4A7-7B0C17BDB5EC}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{9CC92D98-1198-4B0E-BD70-D69CAB1455A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C7D65CDC-049A-4B8B-8D9B-2BD612D447CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [UDP Query User{73ADE978-E53A-4D29-B42B-B438899D69CE}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{9B247D3D-34B7-40C7-A55F-D06AE3146EC6}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{D5747574-B0EF-4CB4-A72F-5872AF0C6E66}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{CEE98252-4B0B-4997-8FDB-0F2A0B9BD5E1}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{B11634B5-9E9A-4DEE-9DF2-22E2ABAE0262}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{F576C934-C549-43F4-8FA3-B067C82C7CF9}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{03D6DC67-94B5-47D2-AD34-D30049E9F8B9}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D7F1840C-9B7D-4D0E-9EE7-A78E3F68B3FB}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C8BC0C11-AE31-42D1-BB26-36DA31E28D28}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{22E68F23-B492-4A4D-BB53-97AC0DB4FB59}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4D0B3C9-5AFE-4BB9-B045-1F1A47351BDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{1DFE8043-002E-4D3D-9C3E-D5A8B4FD9FAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{89FA64F9-1D72-4512-AE62-B7934BB05DAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{786712AE-7193-427A-9544-BE17BBCC815C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{38ACF4AB-823C-47E8-9F52-C1D2550ED9C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{6AA642D3-8A2F-44C3-9C55-D1B41879EE0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [UDP Query User{2B4DA5C7-000C-44FD-979B-92910B76DA8C}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EFD73655-1356-427C-ACAB-4303F05BC13B}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA44E897-2477-4A25-AC54-0700CEB5A6FA}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [{34B4BEB7-2827-4563-A860-C855B1CE9BBC}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [UDP Query User{62A688BB-FFE0-4D92-8A68-26BEC4C29FA2}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32715F2F-269E-4E66-A9D3-C1584F472706}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ED885F51-9EB9-4A3A-8A4E-883D26282E15}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{4DF4EC7A-9581-4ABC-B604-A876303A17E2}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{9506B136-4877-4406-8E96-A2E078EE26F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{14FD270A-F503-49FF-B521-9A1847FD8785}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{731D2B39-4F01-4189-89B8-A7F89F1A0E7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{ADC968AB-A931-4E44-81F0-DB55F92D4BEC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [UDP Query User{819060AB-12D9-4783-BEC5-2151A70FDFF3}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{F2AE7830-9CED-4379-A3D9-928CD3E24032}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{D1461A24-2E2B-4341-81DB-96908BE9B6B2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{14BA0501-516D-44F7-8F3C-D85C7AE9B1EF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{75118281-45CA-4C42-A3D4-0C3EE99C7F75}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EBA31B81-FE0B-40C3-ABAE-E67F79C68CA4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9F978D43-9118-4B38-99D6-9AF98CACCB15}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FF5D4631-DE06-44EE-8D02-1ED34F9F378D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{00A99602-0225-4E25-AF4B-5653BAF25F46}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{2D0F026A-A3C2-4462-B799-01BDDA5316F2}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{51EE29B1-FB68-4566-9B21-ED3E8FE69D9A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{2689F466-8710-4E34-92AD-467ED36F1EDD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [UDP Query User{9F411DDB-07ED-401D-B11A-561345B36BD3}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{B5FDD4EC-BD26-42D5-87A8-A4DEACBF824A}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{DE7D2B3D-A8B3-4B5B-B5C8-CB3D5A4F2779}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{9C8DAB59-7C8B-4723-B666-2E281B66E04B}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [{32F81BF7-6DD4-4973-BECE-BF8D5614BB8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{98ADE586-69AD-4CE7-98D5-AB605A07E65F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{56B8E014-F687-4992-89E4-E01B71F8A251}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{0915F978-1854-485F-A388-9C4F2A67FDA2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4059C563-9EF6-471B-8209-7C28947F6233}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F71FF282-E052-4C44-B7DB-BD381D8C3423}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{2D1DA045-E6F3-4E61-8B58-09A2B4D127B7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{886AD962-8153-4159-87CD-B62FDC2082C1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7A80EFAC-6237-4B15-BAF5-BE64147FDAB0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [{77972C1E-E53F-4BED-8729-A28881C6A6DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [UDP Query User{2E61565B-6990-4A59-AE0E-F6C62FDC1DE2}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{C8BB4F09-9EBD-4E1D-8936-B3E50C6E4D14}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{90D6DEB5-8542-451E-A9BD-2D2286A3D021}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{EBB68814-2F91-4013-8070-5C95AF8607A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{9750FC29-0CA8-486F-95A9-36C4511641BE}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{F29253DD-845B-4919-998C-A17C61A6C79F}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [{187B787F-EE9D-4C6F-96C3-32A8F562C51A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F2CFB36F-C2CC-4D5A-8DD7-BE70E93E3E33}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2381088C-CD17-47C4-AC5F-E1506F86ECCC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{221BFBEA-B5BC-45D2-A5C5-403E609A2881}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{1F811F5D-1A1E-4A01-A9B9-8BB8E9473BA3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{0358047A-3434-4402-B322-0FACD892A43C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80AB33F4-0E65-4A46-B32E-8E9EBE45DD3C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A952EF7-3588-466C-8A42-73B02A5AA105}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{FF71BAD1-507C-4A03-BCCC-5CC8F25A1C81}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{ACD0D2F6-E2E9-480A-9880-8EBDA343F9CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BD06E472-490F-4FE3-8DA8-6E92828236CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{90A76F71-FE1A-4BA6-BFAD-47833C7C8DD0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{611FC127-1D6D-4C24-9311-8CB9698A04D7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{6900030B-CA52-4002-85A0-F6D062934084}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{44BD211B-77B4-4D2A-9D02-4FCC0BFB0802}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{2007D810-87C9-4BE4-B4B3-464DFC37D3DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{2DE4FE91-3DE7-4BEE-B526-1B9E3E49A63D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{3AED1BF5-E810-4E51-9364-80407CA23461}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{ECB390C3-738D-4B22-B16C-26DC851F99D4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{7DC90B57-3390-4F05-900C-95684DF0C086}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{5C498397-C8AF-4CCA-BED1-C4860DD31D4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [TCP Query User{B2D2A1CF-D1BD-4928-A88D-CD89D25643D4}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{15165249-D612-4401-A12E-73006BD53D38}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{940A0DFB-D5B1-4853-8569-567CE94CFFB5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{72B4EC1E-53D4-49A2-B225-06F326413486}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{3988B9CA-DB40-4984-9ACF-CC92E48F2A75}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ABAA0DC2-1BE5-4550-BA80-D39A001006CF}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F454F959-DF9D-432C-A534-F47BD03F9D59}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D0D77C75-CD16-4342-9568-80C3B1B7A4BE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A48B48B0-9FD3-4E9D-9ACA-2E14733C0628}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{50D307DD-113C-493A-B5B8-E51DD3ED25FA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3EEFD00B-71C6-4632-83D8-A7590B7CBD16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{49AA4E96-2322-487C-80C6-FB3DE7AF5B7E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [TCP Query User{AE788611-7C47-462A-AC76-0A9E97D4300A}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D0574057-5293-4840-B837-0657D8A426AB}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3E7801EE-AD3D-4DCB-8FEE-10B28323BB7F}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{98EBC094-13DD-4CB7-BBF5-DB7CBC61C8B6}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{2DFCF6C9-A0B8-4489-9FEC-C73FFB47C816}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CA458EE1-B8AA-409A-945E-3D788C7900BE}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{302AD794-90E7-49AF-97F3-A539E626F4AC}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93C87B87-B5FE-4FA4-BAB9-06285C9845D1}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{41301FF2-2E70-41CB-9FD7-C0E969324E8A}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{26585C94-4295-4072-A5F8-E6F019C6EA4E}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{B5A9F877-151D-44C0-A1B7-DDB235AD06B1}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D591AA06-5DAC-4F2F-920F-D4714E1AE010}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{A6ADFFDB-186B-407C-A274-8895B7A7447E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B4997078-67CC-42A8-A054-E3D59D343788}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{3C5B5F81-7BD4-4DA5-98AA-C080B1811000}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6B2D9AC0-303D-424C-96A1-A4091C3D5FFF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{861C0C3B-1165-404E-9DF3-EA2A6CE86666}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B1B7202E-5CE9-4968-A76C-8384B960BCB7}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [{AFB2D075-0560-4276-B353-4C5A192287BD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [{217356E9-0E31-4916-8330-56D5A50E2400}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [TCP Query User{D87974C5-6960-4B99-835C-A84A8C5F151D}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CC484CF4-EDCF-4429-935F-74DDE4322EFE}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD5F9239-E1B6-471D-B3F3-DE2BC7F72536}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95EE92CB-F7A8-4702-B84C-5EAD4A3D39DB}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{524D1693-9E29-4F9F-A543-E366FA4EB9DE}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2F6426D7-F430-41C5-9E01-7CE671E1616F}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3FC9D089-BE27-4E4A-B682-CBF0BCAFC580}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98F45318-DDB7-4588-A7BC-E42AFF540DD5}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83DFFEEC-DDAA-48A6-9680-E945178BDE7F}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EEEC02B6-8AB2-47AB-88FA-A91084E78635}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{54C45AB9-0BBB-4FAC-AFB4-6CD753996C00}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DA3CAC01-AAF5-47C5-9790-1356B48EEEAA}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [{6A2CCD77-FEA5-4CBD-B450-972D5DB031AD}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.50\opera.exe
FirewallRules: [TCP Query User{86FFF1AE-9B60-4BB2-A523-5FBA74A3E2D5}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E42A70EB-A988-45AF-984F-95B3C7B0617F}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [{B8417AE4-B69E-4608-A025-609146443F52}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe
FirewallRules: [{8930B2DD-7435-4E49-8B42-0041509F95CC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{5F28FC13-12B8-4311-B491-2E1B151AD43B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{095C0C30-718A-40E1-9C91-7BAF35A4C77F}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B4F82A47-2FA5-4CFB-8216-6C2116E279BE}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [{EFA43A2F-4D6A-4937-9D2B-586804D5F557}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

18-10-2017 08:58:51 Windows Update
26-10-2017 12:15:27 Geplanter Prüfpunkt
04-11-2017 12:40:13 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2017 08:22:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/06/2017 06:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wow-64.exe, Version 7.3.2.25383 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1784

Startzeit: 01d3572705fec3f2

Beendigungszeit: 4294967295

Anwendungspfad: D:\Program Files (x86)\World of Warcraft\Wow-64.exe

Berichts-ID: fd5e60e0-aec4-48f7-8502-a3b2bedb5612

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (11/03/2017 08:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x23d4
Startzeit der fehlerhaften Anwendung: 0x01d35472830fa356
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 0cec459e-07fe-4a87-8388-94a009887aed
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/01/2017 01:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: USER-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/31/2017 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2be0
Startzeit der fehlerhaften Anwendung: 0x01d3522d4d2cc634
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: d3ad92b3-a270-4aba-88ee-b351169a6b70
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.


Systemfehler:
=============
Error: (11/09/2017 10:03:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/09/2017 10:03:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/08/2017 11:20:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/08/2017 11:20:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/08/2017 12:36:44 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: Der Server "microsoft.windowscommunicationsapps_17.8700.40485.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/08/2017 12:36:44 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: Der Server "Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI.AppX8z5q44mt1b9k6x2nkjj0bkr2e1ac0dxy.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/08/2017 12:36:43 AM) (Source: DCOM) (EventID: 10010) (User: USER-PC)
Description: Der Server "Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe!App.AppX8h0bdkbb5frkt9s09fvshhbvqnntmvm1.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2017 08:31:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Manager für heruntergeladene Karten" wurde nicht richtig gestartet.

Error: (11/07/2017 08:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/07/2017 08:29:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.


CodeIntegrity:
===================================
  Date: 2017-06-24 20:48:50.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:58.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:22.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:45:33.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 16265.62 MB
Verfügbarer physikalischer RAM: 8967.56 MB
Summe virtueller Speicher: 32649.62 MB
Verfügbarer virtueller Speicher: 23353.19 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:487.84 GB) (Free:362.05 GB) NTFS
Drive d: () (Fixed) (Total:1374.51 GB) (Free:716.93 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0CD429A7)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 10.11.2017, 21:16

Servus,

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- IE Richtlinien
- [I]Chrome Richtlinien[/I
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die zwei neuen Logdateien von FRST.

zabasu · 10.11.2017, 22:40

Code:

ATTFilter

# AdwCleaner 7.0.4.0 - Logfile created on Fri Nov 10 21:12:53 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\UltimateShoppingSearch
Deleted: C:\ProgramData\Avg_Update_0814tb
Deleted: C:\ProgramData\Avg_Update_1114tb
Deleted: C:\Users\User\AppData\Local\03000200-1424452320-0500-0006-000700080009
Deleted: C:\Users\User\AppData\Local\28050


***** [ Files ] *****

Deleted: C:\\user.js
Deleted: C:\Windows\SysNative\drivers\SPPD.sys
Deleted: C:\END


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [http:\\www.startseite24.net\]
Deleted: [Key] - HKLM\SOFTWARE\SpeedBit
Deleted: [Key] - HKLM\SOFTWARE\AIM Toolbar
Deleted: [Key] - HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Kromtech
Deleted: [Key] - HKCU\Software\Kromtech
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{99DCF141-03F9-4363-8D79-640FA646DEED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0EE6D408-6ED5-40C6-8C42-A041D5DE9AB0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{13A42355-1F94-4459-B19E-F60B2C607C77}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{293DD661-C540-4AC4-9B4C-42E68369CE1B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2EC58BDB-0694-4D54-80DD-A8F2AA0427A1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{313B508D-596D-4BDF-B0B5-E41F224E184A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3AF4400F-CDC5-4F2D-B3F1-74348E5D5CCC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{422E1393-7A4C-44FF-A7E1-8B9D146E0666}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4807D6D8-ADC8-41AF-AB9D-AE1086D1E62F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6E1CD171-29C1-4D56-A223-E31C57A0A25A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{70E96298-17FC-4020-A7CF-6F81ED8CF3AB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{84A81B7E-B8CD-4891-BEA0-548D65E9610A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{867DF9A9-D013-4A1A-B685-DFF65D225ED4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{889074FC-1456-4CE8-88F7-154264DC275F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{91F4CF02-F675-4E6A-B4E8-C13DF09B9B1B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A902A36E-0C79-4BD7-B561-9C058BD60210}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{AB778974-218E-4734-90F0-731BE7E50E77}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ADE6A9C0-12B3-457D-9A86-548FA87E04DB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B7C67027-15EB-489F-A9EA-286076CF7540}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{CDB98856-BEA3-4073-AF57-23A3583AE9E4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{CDED8922-BB3D-4E3A-9C2C-89B1C927F48B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D79CBD8E-D857-4D05-B3AD-26F722CF5B6E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7EA7058-B19B-4A27-B50A-87A1B8FC5F30}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted: [Key] - HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application\x-vnd.ssliveupdate.oneclickctrl.9
Deleted: [Key] - HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application\x-vnd.ssliveupdate.update3webcontrol.3
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\mseff32.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F}
Deleted: [Key] - HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Key] - HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Key] - HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Key] - HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Key] - HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Key] - HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57EDBD12-6444-406F-BBF2-EC710541211D}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6D308241-C1BA-409F-A4BE-2CF026FEE559}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb0a73a4-1207-4331-a902-6eeb6c42b46b}
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb0a73a4-1207-4331-a902-6eeb6c42b46b}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
Startpage deleted: hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175
Startpage deleted: hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175


*************************

::Tracing keys deleted
::Winsock settings cleared
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [11884 B] - [2015/2/20 22:26:17]
C:/AdwCleaner/AdwCleaner[S1].txt - [1614 B] - [2015/2/21 14:37:39]
C:/AdwCleaner/AdwCleaner[S2].txt - [2853 B] - [2015/2/21 22:4:57]
C:/AdwCleaner/AdwCleaner[S3].txt - [1561 B] - [2015/2/23 14:54:19]
C:/AdwCleaner/AdwCleaner[S4].txt - [11616 B] - [2017/11/10 21:11:38]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 10.11.17
Scan-Zeit: 22:23
Protokolldatei: 6d7db963-c65d-11e7-8160-bc5ff467c2f4.json
Administrator: Ja

-Softwaredaten-
Version: 3.2.2.2018
Komponentenversion: 1.0.212
Version des Aktualisierungspakets: 1.0.3225
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.674)
CPU: x64
Dateisystem: NTFS
Benutzer: USER-PC\User

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 443116
Erkannte Bedrohungen: 3
In die Quarantäne verschobene Bedrohungen: 0
(keine bösartigen Elemente erkannt)
Abgelaufene Zeit: 8 Min., 47 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 3
PUP.Optional.Trovi, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [4983], [454808],1.0.3225
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [2308], [454747],1.0.3225
Adware.Elex.ShrtCln, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Entfernung fehlgeschlagen, [2308], [454742],1.0.3225

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
durchgeführt von User (Administrator) auf USER-PC (10-11-2017 22:37:57)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5187648 2017-10-19] (GOG.com)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => Keine Datei
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-08] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8b0d2022-b991-4718-93be-7a02131a75f6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
Toolbar: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Keine Datei
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-06] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=","hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxps://encrypted.google.com"
CHR DefaultSearchKeyword: Default -> hxxps://www.google.de/webhp?hl=de
CHR Session Restore: Default -> ist aktiviert.
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-10]
CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Black Rock Shooter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdkbpipldakmkbknanlkamcgohlgfng [2017-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> ist aktiviert.
OPR Extension: (Radio Canyon) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2015-06-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-02] () [Datei ist nicht signiert]
S3 DAUpdaterSvc; D:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-28] (BioWare)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-23] (Overwolf LTD)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-10] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-04-27] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-10 22:37 - 2017-11-10 22:38 - 000020392 _____ C:\Users\User\Desktop\FRST.txt
2017-11-10 22:29 - 2017-11-10 22:36 - 000001806 _____ C:\Users\User\Desktop\mbam.txt.txt
2017-11-09 19:25 - 2017-11-09 19:25 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-11-08 22:51 - 2017-11-08 22:51 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner_7.0.4.0.exe
2017-10-29 20:54 - 2017-10-29 20:54 - 000000986 _____ C:\Users\User\Desktop\Neues Textdokument.txt
2017-10-29 01:00 - 2017-10-30 13:20 - 000000000 ____D C:\Users\User\Desktop\girls
2017-10-11 18:05 - 2017-10-11 18:05 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:00 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:00 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:00 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:00 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:00 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:00 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:00 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:00 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:00 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:00 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:00 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:00 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:00 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:00 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:00 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:00 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:00 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:00 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:00 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:00 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:00 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:00 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:00 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:00 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:00 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:00 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:00 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:00 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:00 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:00 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:00 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:00 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:00 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:00 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:00 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:00 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:00 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:00 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:00 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:00 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:00 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:00 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:00 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:00 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:00 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 17:59 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 17:59 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 17:59 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 17:59 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 17:59 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 17:59 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 17:59 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 17:59 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 17:59 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 17:59 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 17:59 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 17:59 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 17:59 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 17:59 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 17:59 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 17:59 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 17:59 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 17:59 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 17:59 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 17:59 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 17:59 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 17:59 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 17:59 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 17:59 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 17:59 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 17:59 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 17:59 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 17:59 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 17:59 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 17:59 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 17:59 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 17:59 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 17:59 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 17:59 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 17:59 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 17:59 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 17:59 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 17:59 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 17:59 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 17:59 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 17:59 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 17:59 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 17:59 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 17:59 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 17:59 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 17:59 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 17:59 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 17:59 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 17:59 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 17:59 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 17:59 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 17:59 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 17:59 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 17:59 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 17:59 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 17:59 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 17:59 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 17:59 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 17:59 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 17:59 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 17:59 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 17:59 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-10 22:37 - 2015-02-22 13:06 - 000000000 ____D C:\FRST
2017-11-10 22:33 - 2013-12-26 21:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-11-10 22:22 - 2014-05-29 21:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2017-11-10 22:22 - 2013-10-01 21:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-11-10 22:21 - 2014-05-29 21:38 - 000000000 ____D C:\ProgramData\Origin
2017-11-10 22:20 - 2017-05-21 09:57 - 002427406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 22:20 - 2017-03-20 05:35 - 001068990 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-10 22:20 - 2017-03-20 05:35 - 000249490 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-10 22:14 - 2017-10-05 22:14 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-10 22:14 - 2016-04-30 07:35 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-11-10 22:13 - 2017-05-21 10:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-10 22:13 - 2017-03-18 12:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-11-10 22:13 - 2016-09-22 06:47 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-10 22:11 - 2015-02-20 23:11 - 000000000 ____D C:\AdwCleaner
2017-11-10 21:51 - 2017-05-21 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-10 18:27 - 2017-05-21 10:15 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C722207A-59FA-447E-9A7F-6EE09C1510F3}
2017-11-10 14:30 - 2014-04-17 18:35 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-11-10 10:26 - 2014-04-17 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-10 09:52 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-10 09:52 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-08 23:26 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-08 16:31 - 2013-12-16 20:18 - 000000851 _____ C:\Users\User\Desktop\adressen.txt
2017-11-07 20:23 - 2013-10-01 16:45 - 000000000 ____D C:\Program Files (x86)\Opera
2017-11-07 19:48 - 2015-03-26 14:24 - 000000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-11-07 00:39 - 2014-11-22 18:17 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-07 00:16 - 2017-07-27 16:17 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000
2017-11-07 00:16 - 2016-04-30 07:44 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:16 - 2016-04-30 07:44 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-06 21:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 14:14 - 2017-05-21 10:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-11-04 09:48 - 2014-05-29 21:38 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-03 23:59 - 2014-06-05 19:28 - 000000000 ____D C:\Users\User\AppData\Local\SniperV2
2017-10-30 14:42 - 2014-01-10 17:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity
2017-10-27 16:04 - 2013-12-26 21:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-10-27 15:05 - 2017-06-29 15:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2017-10-27 15:05 - 2017-05-21 10:15 - 000003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380645316
2017-10-26 12:48 - 2014-07-27 01:10 - 000000000 ____D C:\Users\User\AppData\Roaming\RenPy
2017-10-26 08:14 - 2017-05-21 10:15 - 000004642 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 21:31 - 2015-01-21 17:02 - 000000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2017-10-24 00:24 - 2016-06-10 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-10-13 14:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 08:44 - 2016-02-13 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 08:38 - 2017-05-21 09:53 - 000287376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 21:26 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 21:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 21:26 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:08 - 2013-10-01 09:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:05 - 2013-10-01 09:52 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-23 13:41 - 2014-03-23 13:41 - 000000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG

Einige Dateien in TEMP:
====================
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole3114531680520956394.dll
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole5151724827290583793.dll
2017-10-25 21:30 - 2017-10-25 21:30 - 000040448 ____N () C:\Users\User\AppData\Local\Temp\proxy_vole7405669428430379405.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-05 15:13

==================== Ende von FRST.txt ============================

zabasu · 10.11.2017, 22:41

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von User (10-11-2017 22:38:51)
Gestartet von C:\Users\User\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-21 09:23:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2440112941-538450990-2588341026-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2440112941-538450990-2588341026-503 - Limited - Disabled)
Gast (S-1-5-21-2440112941-538450990-2588341026-501 - Limited - Disabled)
User (S-1-5-21-2440112941-538450990-2588341026-1000 - Administrator - Enabled) => C:\Users\User

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Aiseesoft Blu-ray Player 6.2.20 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.20 - Aiseesoft Studio)
Akamai NetSession Interface (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.6.7 - Graeme Gott)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 48.0.2685.52 (HKLM-x32\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.256.0 - Overwolf Ltd.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Rage of Mages (HKLM-x32\...\1459856053_is1) (Version: 2.1.0.3 - GOG.com)
Rage of Mages (HKLM-x32\...\Rage of Mages) (Version:  - )
Ragnarok Restart (HKLM-x32\...\{06A73F7C-3719-4664-89DC-21FB0B3D7C9D}) (Version: 1.0.2 - Gravity Interactive, Inc.) Hidden
Ragnarok Restart (HKLM-x32\...\Ragnarok Restart 1.0.2) (Version: 1.0.2 - Gravity Interactive, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
skate's Thumbnail Tool Version 1.1.2 (HKLM-x32\...\{E68C580F-B6A5-4D47-89EC-307B9096FC10}_is1) (Version: 1.1.2 - skate702.de)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.60 - NCH Software)
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\{A7A1153A-3CA3-4366-B37D-291522538794}) (Version: 7.0.0.0 - VisioForge) Hidden
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\VisioForge Media Player SDK ActiveX LITE 7.0.0.0) (Version: 7.0.0.0 - VisioForge)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Warcraft III) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{d966ac89-a571-4a5c-bcf0-638a3cdf1b14}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02CBCC90-3E56-4541-96EC-B200672D50B5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {04DCEB08-147F-4B59-88EB-9F3F89DE852C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {132A5559-4118-4295-A1E1-C141CB2F74F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {13712BBB-D6B4-4478-A584-D32D47296A80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {14EE976F-63B2-4DD4-99DE-1835879794C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {1B41679F-8512-4E70-8E44-8A344FBCA5D7} - System32\Tasks\{68198F9C-F8D5-440A-A307-2045870E9B9A} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings old.exe" -d "D:\Program Files (x86)\epicRO Ragnarok Online"
Task: {1FA9B476-5068-4DF9-A7C0-DE98215EA21A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2098291A-6826-4D8E-90E2-E7C7DE426F36} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BF954F7-B5F8-4A34-8C72-ED4883865256} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F3C1B2D-FB8D-4193-8444-231AD0F9BBED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {309921DD-F04E-4995-AA50-9A6470930DC9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3515463A-AD78-4987-86A5-060287B7AB95} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-10-23] (Overwolf LTD)
Task: {3754061D-CD83-4496-8AA0-8FE1BA314C47} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3EF7C9D3-8A19-4234-810A-2DDB201C8958} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {427CCE13-B111-4A80-BBB0-6D6F981E965F} - System32\Tasks\{A5DBFEE4-0356-4708-A655-BFA7E35BF624} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings.exe" -d "d:\Program Files (x86)\epicRO Ragnarok Online\"
Task: {4478F7FB-D260-4CB8-82E0-5CA44CDF79C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {454F65BE-1803-4B69-89CF-C411EF1A93B9} - \SimpleFiles Installer Starter -> Keine Datei <==== ACHTUNG
Task: {5256B3A6-7B23-454C-AD22-5E2A693BC4C4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {55978C82-CC08-4BBE-8D03-B568E1E8E4E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CEF6C81-6FC0-4ED2-897B-9497DD7E1887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {61160297-9C11-42C4-AA85-47CC9FA41C41} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61C34886-4054-4DD8-A557-3A7B140BEBBF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65342EE4-2ADC-4994-8633-40C4B9E686C5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {751916EA-7824-4174-B568-FC51A3F7BFE5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {760979B4-03D3-42CA-9AC0-C4FC833C0332} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7B63897B-19CB-45F3-BEAA-89A6764C2DC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {7F54AFB1-F0F6-4B7D-9D89-DC2ABE972AAF} - System32\Tasks\Opera scheduled Autoupdate 1380645316 => C:\Program Files (x86)\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {8130F5FA-AF7D-4943-B2BA-060B3A46CDAE} - System32\Tasks\{438FA2C7-F30F-4579-A499-B2964FEB6E44} => C:\WINDOWS\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {815A867E-3E45-4676-8D3B-AC1448EADFDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {821BF6DC-C0F0-4924-9E22-E698C929C50F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {83D8EA44-D5EA-48DC-AD74-8BAE0ABD30A4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {859F5A20-194A-4267-96DC-88911E0E4AAA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {8612CAD8-A91C-4A81-A388-BD870CF508D5} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {89F9EDD9-7C6B-442A-80AE-7C781EA7CEFB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BD8CDAB-DB90-48FD-9680-5746409A4010} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {92239EC1-43A8-4025-AA14-8B1580E460E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A7C47B99-02A2-4657-9EF8-D376516D8CB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B55CF8D6-4BF9-4075-BC29-60C0CC07BD2C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B8179BE3-5C4C-4C8F-9E97-CD59B7126835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {BF5E2522-FE1D-4E8C-9FA9-E1B27B81D2DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {D603657B-A4C5-4DD5-AB65-50C5B5C8B92D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DB881C0E-C3BE-4699-AA40-CA7398035898} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE82B7E1-A074-4B4B-96F8-B77C47A4381E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC8126C-17DA-4FAD-A5F2-57CB2B91A8B0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E0E54520-18CA-4D7E-963B-A5AA232C6777} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E147EE8B-ED10-4204-8072-E7972459DE32} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {EDFDCDC2-3F60-4BC2-ACE9-FA32929FA671} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F191C630-1ACC-4331-9C15-E924A011A9C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6112400-8A8F-4A0B-B5DA-75DC52204405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\User\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-29 10:28 - 2015-05-29 10:28 - 000048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-09-02 12:09 - 2017-10-10 12:28 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-07 09:44 - 2017-11-07 09:44 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-07 09:44 - 2017-11-07 09:44 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-04 09:48 - 2017-11-02 07:51 - 000021848 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-09-07 17:12 - 2017-09-07 17:12 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-04-25 14:12 - 2017-08-17 13:34 - 000173848 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2017-01-12 15:24 - 2017-07-24 22:22 - 000019736 _____ () C:\Program Files\TeamSpeak 3 Client\libEGL.DLL
2017-01-12 15:24 - 2017-07-24 22:22 - 001980696 _____ () C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll
2016-04-25 14:12 - 2017-08-17 13:34 - 000124696 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2016-04-25 14:12 - 2017-08-17 13:34 - 000149784 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2017-03-25 10:45 - 2017-07-24 22:23 - 000345880 _____ () C:\Users\User\AppData\Roaming\TS3Client\plugins\clientquery_plugin_win64.dll
2017-02-15 17:15 - 2017-07-24 22:23 - 000157696 _____ () C:\Users\User\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2015-03-31 17:25 - 2016-05-02 07:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-04 09:47 - 2017-11-01 07:30 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2017-11-04 09:47 - 2017-11-01 07:30 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-05-29 21:40 - 2016-06-10 14:21 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000507968 _____ () D:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001076800 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 053018112 _____ () D:\Program Files (x86)\GOG Galaxy\libcef.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001854528 _____ () D:\Program Files (x86)\GOG Galaxy\PocoData.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000393280 _____ () D:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000307776 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001589312 _____ () D:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000330816 _____ () D:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2017-06-21 21:52 - 2017-10-19 17:33 - 000130112 _____ () D:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000104000 _____ () D:\Program Files (x86)\GOG Galaxy\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000520768 _____ () D:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000272448 _____ () D:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000680000 _____ () D:\Program Files (x86)\GOG Galaxy\sqlite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000157760 _____ () D:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000425536 _____ () D:\Program Files (x86)\GOG Galaxy\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000152128 _____ () D:\Program Files (x86)\GOG Galaxy\expat.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000330816 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoJSON.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 001589312 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000507968 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000104000 _____ () C:\ProgramData\GOG.com\Galaxy\redists\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000425536 _____ () C:\ProgramData\GOG.com\Galaxy\redists\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000520768 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000152128 _____ () C:\ProgramData\GOG.com\Galaxy\redists\expat.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 001738752 _____ () D:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 000078848 _____ () D:\Program Files (x86)\GOG Galaxy\libegl.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-12 22:00 - 2017-08-12 22:00 - 001577976 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-09 08:19 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-12 22:00 - 2017-10-06 10:48 - 009722360 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-12 22:00 - 2017-11-07 20:29 - 001471992 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-10 22:22 - 2017-11-10 22:22 - 000148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\152.tmp.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002658296 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002673656 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2013-10-01 15:05 - 2012-06-25 09:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-06-18 08:56 - 000000029 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Desktop\black-rock-shooter11.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{9C3706ED-64EE-462D-AAC4-745260CD6FBB}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C169F269-54EE-4253-AF5D-4B55C15F1775}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{695FAF78-0DBE-45B8-A05F-E1B4BAA59FCE}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{09B5A604-B7E3-4625-B7A6-CFED54329A9C}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D892EF5A-DCC7-4FB0-A4E0-74D8A766440C}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{B3FB41F1-79B3-413C-B008-0001AAE7FBD3}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{E3C4DEBD-FD96-4789-A362-859D9FD41B64}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{31812AB7-9EB1-4B6D-855C-B28552F64977}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{0BBA4094-B486-4BD8-BD46-7C0A8517B2B4}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{33751D31-A83B-43A3-9DE2-808B05A1B520}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{2ADDDE45-FFED-4DF4-B5B9-728AB583858F}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{9D7F081C-EB2E-4288-B03A-8395972D4B75}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [UDP Query User{923B508F-9F5D-4736-B953-3F24F729A1D6}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F5659E42-B74A-494A-A8AF-A9541DFAF5AD}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8D1EEDE-AC10-488C-A308-7A3D95633109}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9422F32-ED23-4E77-95BE-1C8233C30CFA}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9095436E-783B-47EF-86BC-8870FE9245E3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0D545466-2DB6-43A5-B930-F5FF09CBD54F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{3E98866F-EB4C-4254-A94D-4A240BCB0810}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [TCP Query User{C77808E2-8F06-4C7B-9D6A-89E709CC510E}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [{034B23A9-B7F7-41BC-AAD2-C3EAF9995FC6}] => (Allow) D:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [UDP Query User{F9497AD2-3548-45B8-B03D-AC8BDDAF00BB}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{63CB44E6-8816-4F9E-BEC8-F43B341F13FE}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4B60DBDC-8500-4884-A6D6-85CA309AF5E8}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{C9D014AE-64A9-407E-8C50-9B0B4B956CDD}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{454C40F0-077B-4441-86C6-5CEA893D16D4}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2694FD4-2DDF-4A8F-9612-485E47DB2A68}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CE534BD4-C74C-4126-A126-F096C261E9B4}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83F87CDE-9639-48A9-9D2C-29F06783669B}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{96A0F636-1016-47B0-9613-0838C573627C}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [TCP Query User{FE7968CC-68BD-4058-BA5E-DC6CE5390C53}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [{00C61FF4-17AB-42E3-AF35-4E125D337D5C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{FEAC0CEF-CCF3-481B-983C-289FC5D90A06}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [UDP Query User{22C8D6D8-21AC-48A7-B237-F110416F8C62}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [TCP Query User{D9BC6E22-9F8B-48C4-AD56-84EDC163AF26}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [{138D4B24-E374-408F-B77C-CAB04725CB4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{2E74C4B3-E1DB-4017-A634-089C73E3BCC5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{C5005979-5EB3-4275-BA81-941B5BCA303D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{9549E5A5-22C2-4148-B904-EFA25A3A1EDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A93E3F9B-68D2-4AC5-9E6E-753A5893817E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{946AF9B7-81E4-405F-BC10-879736EA5FC2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{F67FF78E-10CC-4937-84C3-79D4E637771B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B6E043D3-CCEC-4261-8EA2-ABD080F46CAA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{DB413EC0-A14F-4E83-B401-3584D74AC9DB}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{06670257-4FD9-4B83-B20C-8BD10B937C8D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{3F4F719E-7FB6-42BE-AFB1-41F9A3F67E0C}D:\program files (x86)\tom clancy's the division\thedivision.exe] => (Allow) D:\program files (x86)\tom clancy's the division\thedivision.exe
FirewallRules: [UDP Query User{56062B46-5268-47A5-8E3C-2F707B84A363}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{5150902E-AE6C-46A5-8A2F-EA4D374487E6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{AC698FB7-8262-4B5F-AE3C-EA35071684B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{105A53C0-E656-4632-8371-77B9CAA10444}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{DE45B7B9-33A9-46F3-B80C-186992B98BFF}] => (Allow) LPort=1900
FirewallRules: [{51700128-C169-4AF0-ABB3-6019B2234BEB}] => (Allow) LPort=2869
FirewallRules: [{F87F89FA-B567-48B1-B68A-49BFE0EC8F02}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{DF780692-03C9-4FAE-A9F6-55D3D1FACBC8}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{80C4801A-B800-4EE1-B75A-68B715969375}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AE71D734-B4B0-493F-8148-113142CAC814}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD1244D8-3CEF-4F9A-A4F2-59E3D4E6DBE9}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{B310F864-AB7F-46F8-8033-12DBB4ABDB84}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{4E5588DC-8A03-452C-A814-28A50BA283A0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{6FAA8E9A-1BFA-4B80-BF68-1CA0467272B3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8E53D14C-173C-469E-A7C0-FC634251035E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{F9C45902-1EE0-4ACC-ADA9-5742294F28B0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{199F447F-5289-4187-8331-07E5E48F8C9D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{978218B0-6367-4C89-A1BA-236419747157}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{7834845B-A3B9-4A8E-BA47-C5CCF350686C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{939B4E88-BE25-40B1-91AD-DCDE2EAD1C68}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{BAED523B-EF2C-4F7E-A3AC-36B6F2FFEE4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5582C2C5-8E66-48AB-8CFD-4E6865417117}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{A9599D5A-FCF6-4A13-8047-5EEC6C9DA6DF}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [UDP Query User{413A1624-EA4A-4FD1-A1C4-ECC6CC7A5A21}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EB1682A1-C4BA-4C3A-946F-1C32B10ED1CC}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{43F29742-2B27-404F-A374-478205BA4294}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{80330737-BF6C-42C7-848C-A6732C78481D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{556DC0B1-24E8-44A0-978E-2F284096707A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{81D69276-A640-4E1A-8132-9679BD381CD7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{BB290AEC-5AE9-4F47-8473-60B0DECD026D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EBD8D74F-07DA-492A-9CD8-44E4DFC293E8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{04C52C4F-CBE2-41E7-BCEC-1588F0F9E24A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{6BED1BD7-EA9E-4F1D-99D9-13AC8309FF08}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{C701686D-4ADA-4FBD-B698-6CD754F24116}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{56823176-FF81-41C2-B366-A2AC4CD39181}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [UDP Query User{931E706C-0C8F-450A-B2A1-6CFDFDA9A1D7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{426C2B60-F3F7-4DA9-A811-0DA28546F717}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [{9286A25F-2705-4B5E-906A-A99D35B85F6C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{0A1E6997-17D3-4747-8106-B50C0B323E1C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [UDP Query User{4898D512-B876-4D84-A582-19FD92816FB4}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{BD67A5BD-BEE6-4F4F-A79A-859EA844729E}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{9FD52067-AF88-41C9-89A8-1CE183DA83A5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{2BCD56F3-0687-451D-ABA0-C2A00E081366}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{C437CE87-A71C-43E7-BA62-1BDFCFAD7F0F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6BCF7699-632C-464D-B5D6-6A280DEE14A9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [UDP Query User{EBDBC056-CADE-4223-A181-F5FDDB377A56}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [TCP Query User{927370DD-8BA9-44E7-AA86-47CA6629B42B}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [{95F8A3D2-3A8C-4EDA-A729-55A671CCAEEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27EF9A32-7213-41A4-98AD-AF9DA32C3C31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94E71186-8933-4C9D-A6C3-098CCDB59886}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{769D1814-4C10-4D99-9087-0DEF9A84DD42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9BA40C0A-53A8-458E-847C-F469DCE30002}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{854A45F9-FC3B-4D9C-AF2A-ACC6E1D2F077}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EDDB763B-D7EB-4B44-BBC1-4B6F068D1B86}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DCC82C4C-AA14-464F-8CEF-374219504A06}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{C458D6A8-9D64-4EE2-B89C-444F1D57F5D2}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{61043D88-EAA3-4BC0-8920-FF23913988AB}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{12EF483D-954A-469D-BB1A-65E18C8405B6}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{A66B7710-C51E-41A7-B65D-8461ED7E7970}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F3A2F987-9BF7-4B4D-AE65-FCC310AD82C2}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BDEB1C7A-0B1A-4F15-9995-0F56C7D56F55}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{0BE4DEDB-B609-4A08-8EDA-F7C04CC842AE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{76EEA0D2-F8F5-40AD-A054-638833F75E30}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6964DBF8-F8B3-4340-845E-EDBDFAEEBAE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [UDP Query User{E2089537-DCE3-4B3A-B332-2411C7E09E4F}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{54417066-6F8B-4E28-9F85-0A8AE3DC904B}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{747312C0-8EB8-46FB-A656-9F6E599C02A7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{542C020A-49A2-4625-BD62-3CBD888348E5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{08276856-D54A-4A66-826F-3638EF6D426D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{BAABEEDD-8579-417C-BA51-4484FD07839B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{8E3969EA-7101-4BF6-9A28-2160C0BC1960}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{1CC35AF9-409B-45AB-B49D-876C224E1DCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{93103BC1-8D21-4350-8CE9-614D06E84813}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{11E424AA-383D-4F30-B683-AC91ADBFE99E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{45530EF2-BAF3-465E-BC26-F25EA0E19DEF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{88687C5A-DD19-4770-A83E-0091679FAD8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F5B0530A-D302-4EA1-80B1-8F675B79CF4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{0B5E41A6-6AE2-4D7C-9A64-895CD624EC2B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{C2F978F6-405C-4E18-8B6D-61C8E10E54FB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{EEED312C-DCD7-454F-95D7-4A1D141A726C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [UDP Query User{594CAB67-D8D5-41F9-A38E-8F11CEE19BFF}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AC383127-6714-4741-A6FF-004A6D97234E}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{6C075229-B17F-44DE-8514-F9DF46E544E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{91B46C84-3D73-4E76-B72F-CD08C8A723F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{CD532599-7D0F-448B-8A61-D1418120D8F8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F22BE907-5B04-4446-982C-BAC0ABC16FE9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [UDP Query User{37599D5F-4EC8-4C2B-9488-B0E5014E5641}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{EA09F9AC-D798-41B7-B9BC-2B91C7F88470}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{F8B17FBB-BB43-4D85-9FEC-EEB58A81DEF6}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{D2026B4C-FF8B-4202-877A-6957857CE548}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{59D3C52C-6E46-4914-8591-5CBD1DC43B59}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2454A699-F7D7-4B06-8507-CDA10141C753}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C01D681C-5515-4BEA-8DD1-470D6655263F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9FC3B04-A8B6-4EEC-B236-2C5A66660648}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{59FFA24C-9527-4277-906D-49DBAC599876}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{F991024D-E179-4712-AA82-955673652A2A}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{9EE4FF07-A56D-41DA-BAC1-587AD0863EE5}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{9576ED4F-F3D3-421B-851A-EA8CAC010DDC}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{3657D514-73CC-4A6E-BCB1-AD0FA2CED502}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{4294FE41-DAC7-4F44-9479-F36D4DBBBB92}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{6B4F058A-BB38-4242-A5E8-736F19C93D69}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{E31B9522-9A84-4C23-9F9D-B4E9296DAF9D}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8F7157CF-58CD-4E5F-93E8-F684C99B46A6}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{EA6743E4-2DDA-4596-A24C-3EBCA2CD2934}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [{51392C51-B819-4F17-B588-2F0A59CF28F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{7EDDB216-22CD-4ACE-B4CA-91DBA8065109}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{36ACE851-6FA1-43E8-8830-87489602CFAD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{9E6072B1-243E-4607-8261-9DC2D35B2BCD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{904B7528-A15C-4B24-AF16-ECAA0B3D6D87}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{553021BC-6E9F-48B2-A48A-8BFC8793293B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8E1309DC-E711-4624-BC14-06BA827F255F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{8A738709-8F43-43DB-8B41-6B8B9D659C7B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{165F9B7F-1ABD-4B75-B0B9-C9D3AF1C6C8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8D6F5A2F-AB87-4474-AE8C-268EC317D082}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{882DDA1E-1797-4C8D-B7B1-7EC046C09CAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{178DB507-8C05-4B91-8D43-23F07A3F3E90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{66BB3191-9E45-47E4-B23F-9689763D1D89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{53322157-5BF7-4A59-B7DF-ECE2AA2B096D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{957B20E6-213F-4900-AE9C-2595E0FC7A73}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{003B164E-96F1-44C9-8AC6-7DC763E9B37C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{4114852A-0504-41D6-B4A4-F10874A1E1E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{7AA3C5D5-F9C4-4D2E-9E7F-30DF30E2298E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{3103D173-19BB-498B-BDB8-3BD93246371B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{7EAFF071-4732-4473-8434-937E416A33A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{0808623D-B568-4C2F-AB90-13C1A2A0BC79}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A2FC59C2-FE72-4DB0-BE84-C71FA67B049A}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [UDP Query User{0091A712-7316-4BB0-9567-DB4ED2CCAE2C}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [TCP Query User{88049ACA-17DC-4E8A-AD9A-22FCCEDB0F95}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [{025A0A9B-CF16-490D-968A-4A519CEB05F5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{F69A8511-49F8-4A64-B903-7803F62542EC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{88875109-6458-4D10-B5EC-6160942533D9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{3620D27E-0A5A-4992-94EA-28819E585337}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{4D49B0DE-78A4-4E2F-B86B-5C71B42A547F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4F6891C3-C4C1-4CB9-82AB-9DC2CC7744D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E60FB92B-7B1F-4FB0-9983-294FF306D5A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{534E9AFB-53DB-4C19-9B69-B5CF03AF2621}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9CF1C447-1F74-4224-94F9-56A8E2ACAA4E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E8DAA218-AB25-4A30-AF5A-B302D723FA5D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4E71A770-D637-4760-A672-924728F821D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{AB63AA2B-26BD-45B0-9CE2-0EA165118980}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{750D3D6A-9E69-4503-907F-8B84766719FF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{E513D3E1-8315-4D72-8112-4AE52E864B11}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8395B346-8251-44CB-9F47-19A2B8F991CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{6BF77B84-E27E-49BB-85EC-084F50C01152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [UDP Query User{D9F21994-9087-4CC1-91A7-A6AC6AC21FDA}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [TCP Query User{932DC11C-3578-4829-BB58-8DEA4451F3E8}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [{E4982598-1B17-4F9A-92B0-A97DFA0D8969}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{9882AE9D-8ACA-43EE-937C-B30A97B1EA9D}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{FCBB5751-DA21-442D-B3F4-C75C850443C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{E15BF8A3-61B5-4087-B52E-54CB23DCEC8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [UDP Query User{D44A29A5-9682-4184-A12A-D3848E3AF54E}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{C1F79FFE-5A29-4E9C-806A-C6E4A4AD2CF8}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{D65358B1-3C3A-438A-9C02-00A69955A4B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{4FACA89F-8360-4559-B593-8A8A62C42B60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{8B80574B-D3B4-40EB-A2CC-E6452A82A57A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6576F812-EA0D-4CB7-9E29-4CD61F768913}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{8A0128E7-BEE7-49AA-849D-0941E41787A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{F2D08121-F09E-4AC9-A506-88954C015B67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{084858FE-CC1D-40CA-B216-8FE0863B5B6E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{A1584557-3DED-4262-9F18-FD7091440DC1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{F53B7EA0-4176-48E3-850C-98F0F0847608}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6D22702-F493-4DFF-8ECF-93A49B9E6085}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{821ED095-7918-4383-9C9B-3915F555E351}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{D21781BC-68D4-46AB-A324-723D1B113E51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3E4B4413-0E46-487B-A73F-3B64D9973610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{50366807-F292-4728-B4AB-D2B736B3FB8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{F0B26C7D-DD07-4E19-AF87-EA42C8020751}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{8C009CE1-24F0-4D66-9B0C-9CDE44195540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{2CB35982-ABC3-4C35-B315-5255C97FC7E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{815BCFC8-E68A-4AB2-8F37-AFDA9D949400}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{8C05F04B-5060-4223-B4F0-042CBCB79BFD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{3D3714CC-B944-44E7-B32E-EA7312DF3D60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{F49BFD88-F42C-4A40-B397-353E74AF8A47}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{50BE5F13-37EF-4D97-A843-F28155D3AED2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{FA437E49-3A80-41B3-8BF6-AEBEAA632A96}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{E36A9235-3F7B-4191-A219-DE1D9D3D82DF}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{7115B09D-2CF2-44B4-9F57-E07CE944DA17}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{3270C909-24F9-454F-879D-071F39726FEB}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{33B47877-541D-4D49-9703-0C2ACEAA6341}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C3FA100E-4D78-4917-A4A7-7B0C17BDB5EC}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{9CC92D98-1198-4B0E-BD70-D69CAB1455A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C7D65CDC-049A-4B8B-8D9B-2BD612D447CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [UDP Query User{73ADE978-E53A-4D29-B42B-B438899D69CE}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{9B247D3D-34B7-40C7-A55F-D06AE3146EC6}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{D5747574-B0EF-4CB4-A72F-5872AF0C6E66}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{CEE98252-4B0B-4997-8FDB-0F2A0B9BD5E1}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{B11634B5-9E9A-4DEE-9DF2-22E2ABAE0262}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{F576C934-C549-43F4-8FA3-B067C82C7CF9}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{03D6DC67-94B5-47D2-AD34-D30049E9F8B9}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D7F1840C-9B7D-4D0E-9EE7-A78E3F68B3FB}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C8BC0C11-AE31-42D1-BB26-36DA31E28D28}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{22E68F23-B492-4A4D-BB53-97AC0DB4FB59}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4D0B3C9-5AFE-4BB9-B045-1F1A47351BDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{1DFE8043-002E-4D3D-9C3E-D5A8B4FD9FAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{89FA64F9-1D72-4512-AE62-B7934BB05DAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{786712AE-7193-427A-9544-BE17BBCC815C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{38ACF4AB-823C-47E8-9F52-C1D2550ED9C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{6AA642D3-8A2F-44C3-9C55-D1B41879EE0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [UDP Query User{2B4DA5C7-000C-44FD-979B-92910B76DA8C}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EFD73655-1356-427C-ACAB-4303F05BC13B}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA44E897-2477-4A25-AC54-0700CEB5A6FA}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [{34B4BEB7-2827-4563-A860-C855B1CE9BBC}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [UDP Query User{62A688BB-FFE0-4D92-8A68-26BEC4C29FA2}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32715F2F-269E-4E66-A9D3-C1584F472706}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ED885F51-9EB9-4A3A-8A4E-883D26282E15}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{4DF4EC7A-9581-4ABC-B604-A876303A17E2}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{9506B136-4877-4406-8E96-A2E078EE26F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{14FD270A-F503-49FF-B521-9A1847FD8785}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{731D2B39-4F01-4189-89B8-A7F89F1A0E7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{ADC968AB-A931-4E44-81F0-DB55F92D4BEC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [UDP Query User{819060AB-12D9-4783-BEC5-2151A70FDFF3}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{F2AE7830-9CED-4379-A3D9-928CD3E24032}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{D1461A24-2E2B-4341-81DB-96908BE9B6B2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{14BA0501-516D-44F7-8F3C-D85C7AE9B1EF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{75118281-45CA-4C42-A3D4-0C3EE99C7F75}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EBA31B81-FE0B-40C3-ABAE-E67F79C68CA4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9F978D43-9118-4B38-99D6-9AF98CACCB15}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FF5D4631-DE06-44EE-8D02-1ED34F9F378D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{00A99602-0225-4E25-AF4B-5653BAF25F46}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{2D0F026A-A3C2-4462-B799-01BDDA5316F2}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{51EE29B1-FB68-4566-9B21-ED3E8FE69D9A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{2689F466-8710-4E34-92AD-467ED36F1EDD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [UDP Query User{9F411DDB-07ED-401D-B11A-561345B36BD3}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{B5FDD4EC-BD26-42D5-87A8-A4DEACBF824A}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{DE7D2B3D-A8B3-4B5B-B5C8-CB3D5A4F2779}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{9C8DAB59-7C8B-4723-B666-2E281B66E04B}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [{32F81BF7-6DD4-4973-BECE-BF8D5614BB8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{98ADE586-69AD-4CE7-98D5-AB605A07E65F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{56B8E014-F687-4992-89E4-E01B71F8A251}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{0915F978-1854-485F-A388-9C4F2A67FDA2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4059C563-9EF6-471B-8209-7C28947F6233}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F71FF282-E052-4C44-B7DB-BD381D8C3423}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{2D1DA045-E6F3-4E61-8B58-09A2B4D127B7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{886AD962-8153-4159-87CD-B62FDC2082C1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7A80EFAC-6237-4B15-BAF5-BE64147FDAB0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [{77972C1E-E53F-4BED-8729-A28881C6A6DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [UDP Query User{2E61565B-6990-4A59-AE0E-F6C62FDC1DE2}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{C8BB4F09-9EBD-4E1D-8936-B3E50C6E4D14}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{90D6DEB5-8542-451E-A9BD-2D2286A3D021}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{EBB68814-2F91-4013-8070-5C95AF8607A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{9750FC29-0CA8-486F-95A9-36C4511641BE}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{F29253DD-845B-4919-998C-A17C61A6C79F}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [{187B787F-EE9D-4C6F-96C3-32A8F562C51A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F2CFB36F-C2CC-4D5A-8DD7-BE70E93E3E33}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2381088C-CD17-47C4-AC5F-E1506F86ECCC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{221BFBEA-B5BC-45D2-A5C5-403E609A2881}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{1F811F5D-1A1E-4A01-A9B9-8BB8E9473BA3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{0358047A-3434-4402-B322-0FACD892A43C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80AB33F4-0E65-4A46-B32E-8E9EBE45DD3C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A952EF7-3588-466C-8A42-73B02A5AA105}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{FF71BAD1-507C-4A03-BCCC-5CC8F25A1C81}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{ACD0D2F6-E2E9-480A-9880-8EBDA343F9CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BD06E472-490F-4FE3-8DA8-6E92828236CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{90A76F71-FE1A-4BA6-BFAD-47833C7C8DD0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{611FC127-1D6D-4C24-9311-8CB9698A04D7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{6900030B-CA52-4002-85A0-F6D062934084}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{44BD211B-77B4-4D2A-9D02-4FCC0BFB0802}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{2007D810-87C9-4BE4-B4B3-464DFC37D3DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{2DE4FE91-3DE7-4BEE-B526-1B9E3E49A63D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{3AED1BF5-E810-4E51-9364-80407CA23461}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{ECB390C3-738D-4B22-B16C-26DC851F99D4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{7DC90B57-3390-4F05-900C-95684DF0C086}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{5C498397-C8AF-4CCA-BED1-C4860DD31D4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [TCP Query User{B2D2A1CF-D1BD-4928-A88D-CD89D25643D4}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{15165249-D612-4401-A12E-73006BD53D38}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{940A0DFB-D5B1-4853-8569-567CE94CFFB5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{72B4EC1E-53D4-49A2-B225-06F326413486}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{3988B9CA-DB40-4984-9ACF-CC92E48F2A75}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ABAA0DC2-1BE5-4550-BA80-D39A001006CF}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F454F959-DF9D-432C-A534-F47BD03F9D59}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D0D77C75-CD16-4342-9568-80C3B1B7A4BE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A48B48B0-9FD3-4E9D-9ACA-2E14733C0628}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{50D307DD-113C-493A-B5B8-E51DD3ED25FA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3EEFD00B-71C6-4632-83D8-A7590B7CBD16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{49AA4E96-2322-487C-80C6-FB3DE7AF5B7E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [TCP Query User{AE788611-7C47-462A-AC76-0A9E97D4300A}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D0574057-5293-4840-B837-0657D8A426AB}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3E7801EE-AD3D-4DCB-8FEE-10B28323BB7F}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{98EBC094-13DD-4CB7-BBF5-DB7CBC61C8B6}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{2DFCF6C9-A0B8-4489-9FEC-C73FFB47C816}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CA458EE1-B8AA-409A-945E-3D788C7900BE}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{302AD794-90E7-49AF-97F3-A539E626F4AC}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93C87B87-B5FE-4FA4-BAB9-06285C9845D1}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{41301FF2-2E70-41CB-9FD7-C0E969324E8A}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{26585C94-4295-4072-A5F8-E6F019C6EA4E}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{B5A9F877-151D-44C0-A1B7-DDB235AD06B1}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D591AA06-5DAC-4F2F-920F-D4714E1AE010}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{A6ADFFDB-186B-407C-A274-8895B7A7447E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B4997078-67CC-42A8-A054-E3D59D343788}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{3C5B5F81-7BD4-4DA5-98AA-C080B1811000}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6B2D9AC0-303D-424C-96A1-A4091C3D5FFF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{861C0C3B-1165-404E-9DF3-EA2A6CE86666}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B1B7202E-5CE9-4968-A76C-8384B960BCB7}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [{AFB2D075-0560-4276-B353-4C5A192287BD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [{217356E9-0E31-4916-8330-56D5A50E2400}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [TCP Query User{D87974C5-6960-4B99-835C-A84A8C5F151D}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CC484CF4-EDCF-4429-935F-74DDE4322EFE}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD5F9239-E1B6-471D-B3F3-DE2BC7F72536}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95EE92CB-F7A8-4702-B84C-5EAD4A3D39DB}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{524D1693-9E29-4F9F-A543-E366FA4EB9DE}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2F6426D7-F430-41C5-9E01-7CE671E1616F}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3FC9D089-BE27-4E4A-B682-CBF0BCAFC580}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98F45318-DDB7-4588-A7BC-E42AFF540DD5}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83DFFEEC-DDAA-48A6-9680-E945178BDE7F}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EEEC02B6-8AB2-47AB-88FA-A91084E78635}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{54C45AB9-0BBB-4FAC-AFB4-6CD753996C00}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DA3CAC01-AAF5-47C5-9790-1356B48EEEAA}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [{6A2CCD77-FEA5-4CBD-B450-972D5DB031AD}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.50\opera.exe
FirewallRules: [TCP Query User{86FFF1AE-9B60-4BB2-A523-5FBA74A3E2D5}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E42A70EB-A988-45AF-984F-95B3C7B0617F}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [{B8417AE4-B69E-4608-A025-609146443F52}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe
FirewallRules: [TCP Query User{095C0C30-718A-40E1-9C91-7BAF35A4C77F}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B4F82A47-2FA5-4CFB-8216-6C2116E279BE}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [{EFA43A2F-4D6A-4937-9D2B-586804D5F557}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{98D338AE-81A9-4AAF-8110-EDE7AE6B5475}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{F4841FF0-B3C0-43A1-85DD-F32E6A30A1D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe

==================== Wiederherstellungspunkte =========================

26-10-2017 12:15:27 Geplanter Prüfpunkt
04-11-2017 12:40:13 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2017 08:22:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/06/2017 06:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wow-64.exe, Version 7.3.2.25383 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1784

Startzeit: 01d3572705fec3f2

Beendigungszeit: 4294967295

Anwendungspfad: D:\Program Files (x86)\World of Warcraft\Wow-64.exe

Berichts-ID: fd5e60e0-aec4-48f7-8502-a3b2bedb5612

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (11/03/2017 08:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x23d4
Startzeit der fehlerhaften Anwendung: 0x01d35472830fa356
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 0cec459e-07fe-4a87-8388-94a009887aed
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/01/2017 01:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: USER-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/31/2017 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2be0
Startzeit der fehlerhaften Anwendung: 0x01d3522d4d2cc634
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: d3ad92b3-a270-4aba-88ee-b351169a6b70
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.


Systemfehler:
=============
Error: (11/10/2017 10:21:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/10/2017 10:20:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (11/10/2017 10:18:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet.

Error: (11/10/2017 10:18:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/10/2017 10:18:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/10/2017 10:14:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetMsmqActivator" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/10/2017 10:14:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetMsmqActivator erreicht.

Error: (11/10/2017 10:14:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NetPipeActivator" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/10/2017 10:14:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NetPipeActivator erreicht.

Error: (11/10/2017 10:14:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


CodeIntegrity:
===================================
  Date: 2017-06-24 20:48:50.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:58.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:22.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:45:33.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16265.62 MB
Verfügbarer physikalischer RAM: 11188.26 MB
Summe virtueller Speicher: 32649.62 MB
Verfügbarer virtueller Speicher: 27151.73 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:487.84 GB) (Free:365.27 GB) NTFS
Drive d: () (Fixed) (Total:1374.51 GB) (Free:716.42 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0CD429A7)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 11.11.2017, 11:55

Servus,

Schritt 1

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
Toolbar: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Keine Datei
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=","hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxps://encrypted.google.com"
CHR DefaultSearchKeyword: Default -> hxxps://www.google.de/webhp?hl=de
Task: {13712BBB-D6B4-4478-A584-D32D47296A80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {454F65BE-1803-4B69-89CF-C411EF1A93B9} - \SimpleFiles Installer Starter -> Keine Datei <==== ACHTUNG
Task: {7B63897B-19CB-45F3-BEAA-89A6764C2DC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {815A867E-3E45-4676-8D3B-AC1448EADFDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {859F5A20-194A-4267-96DC-88911E0E4AAA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {92239EC1-43A8-4025-AA14-8B1580E460E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A7C47B99-02A2-4657-9EF8-D376516D8CB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B8179BE3-5C4C-4C8F-9E97-CD59B7126835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {E147EE8B-ED10-4204-8072-E7972459DE32} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Bitte setze deine Brower wie folgt zurück:

IE :::
Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

EDGE :::
Edge zurücksetzen

FF :::
Firefox zurücksetzen

CHR:::
Chrome zurücksetzen

OPR::
Opera zurücksetzen

Schritt 3

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:

Code:

ATTFilter

SearchAll: UltimateShoppingSearch;Avg_Update_;startseite24.net;AIM Toolbar;trovi.com;istart.webssearches

Klicke auf den Button Datei-Suche.
FRST beginnt mit dem Suchlauf. Dieser kann einige Zeit dauern, bitte gedulde dich!
Am Ende wird eine Textdatei Search.txt erstellt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix (fixlog.txt),
die Logdatei des FRST-Suchlaufs, (Search.txt)
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

zabasu · 11.11.2017, 16:17

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von User (11-11-2017 15:42:43) Run:4
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> DefaultScope {FBCFA1DD-82AD-473A-A9F9-EB5BAAAFF907} URL = 
Toolbar: HKU\S-1-5-21-2440112941-538450990-2588341026-1000 -> Kein Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} -  Keine Datei
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=","hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxps://encrypted.google.com"
CHR DefaultSearchKeyword: Default -> hxxps://www.google.de/webhp?hl=de
Task: {13712BBB-D6B4-4478-A584-D32D47296A80} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {454F65BE-1803-4B69-89CF-C411EF1A93B9} - \SimpleFiles Installer Starter -> Keine Datei <==== ACHTUNG
Task: {7B63897B-19CB-45F3-BEAA-89A6764C2DC4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {815A867E-3E45-4676-8D3B-AC1448EADFDF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {859F5A20-194A-4267-96DC-88911E0E4AAA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {92239EC1-43A8-4025-AA14-8B1580E460E4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {A7C47B99-02A2-4657-9EF8-D376516D8CB9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {B8179BE3-5C4C-4C8F-9E97-CD59B7126835} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {E147EE8B-ED10-4204-8072-E7972459DE32} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:D24294C1 [147]
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => Wert erfolgreich entfernt
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => Schlüssel nicht gefunden. 
Chrome HomePage => erfolgreich entfernt
Chrome StartupUrls => erfolgreich entfernt
Chrome DefaultSearchKeyword => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13712BBB-D6B4-4478-A584-D32D47296A80} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13712BBB-D6B4-4478-A584-D32D47296A80} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{454F65BE-1803-4B69-89CF-C411EF1A93B9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{454F65BE-1803-4B69-89CF-C411EF1A93B9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SimpleFiles Installer Starter => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B63897B-19CB-45F3-BEAA-89A6764C2DC4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B63897B-19CB-45F3-BEAA-89A6764C2DC4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{815A867E-3E45-4676-8D3B-AC1448EADFDF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{815A867E-3E45-4676-8D3B-AC1448EADFDF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{859F5A20-194A-4267-96DC-88911E0E4AAA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{859F5A20-194A-4267-96DC-88911E0E4AAA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92239EC1-43A8-4025-AA14-8B1580E460E4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92239EC1-43A8-4025-AA14-8B1580E460E4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C4CE040-7A7E-4ACC-AF07-7C7B2162457A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7C47B99-02A2-4657-9EF8-D376516D8CB9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C47B99-02A2-4657-9EF8-D376516D8CB9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD8FD6C2-C8B5-42B0-84C4-28FF10563B10} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8179BE3-5C4C-4C8F-9E97-CD59B7126835} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8179BE3-5C4C-4C8F-9E97-CD59B7126835} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE585427-85E9-4FAB-AB46-AFE1C48E5A0C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D48F8894-D4CD-4BA3-8FFA-D2A3544BF685} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E147EE8B-ED10-4204-8072-E7972459DE32} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E147EE8B-ED10-4204-8072-E7972459DE32} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC0C313F-91E3-40FB-A1F2-3D439CF0DE7C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
C:\ProgramData\TEMP => ":373E1720" ADS erfolgreich entfernt.
C:\ProgramData\TEMP => ":D24294C1" ADS erfolgreich entfernt.

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Program Files

18.06.2017  19:29    <DIR>          .
18.06.2017  19:29    <DIR>          ..
04.11.2013  19:13    <DIR>          Canon
27.09.2017  08:50    <DIR>          CCleaner
21.05.2017  10:01    <DIR>          Common Files
30.04.2016  07:10    <DIR>          DVD Maker
21.05.2017  10:01    <DIR>          Intel
13.09.2017  00:28    <DIR>          Internet Explorer
18.06.2017  19:29    <DIR>          Malwarebytes
21.05.2017  10:01    <DIR>          Microsoft Games
15.01.2015  18:02    <DIR>          Microsoft Xbox 360 Accessories
21.05.2017  10:44    <DIR>          MSBuild
01.06.2017  14:00    <DIR>          NVIDIA Corporation
04.02.2017  23:05    <DIR>          paint.net
21.05.2017  09:56    <DIR>          Realtek
21.05.2017  10:44    <DIR>          Reference Assemblies
17.08.2017  13:34    <DIR>          TeamSpeak 3 Client
12.05.2017  09:56    <DIR>          UNP
13.07.2017  00:45    <DIR>          Windows Defender
13.09.2017  00:28    <DIR>          Windows Mail
20.03.2017  05:36    <DIR>          Windows Media Player
18.03.2017  22:03    <DIR>          Windows Multimedia Platform
21.05.2017  10:23    <DIR>          Windows NT
13.09.2017  00:28    <DIR>          Windows Photo Viewer
18.03.2017  22:03    <DIR>          Windows Portable Devices
18.03.2017  22:03    <DIR>          Windows Security
18.03.2017  22:03    <DIR>          WindowsPowerShell
16.11.2013  19:22    <DIR>          WinRAR
               0 Datei(en),              0 Bytes
              28 Verzeichnis(se), 391.586.889.728 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Program Files (x86)

10.11.2017  22:12    <DIR>          .
10.11.2017  22:12    <DIR>          ..
03.04.2017  09:52    <DIR>          AbiWord
02.11.2015  16:31    <DIR>          Adobe
12.05.2016  15:39    <DIR>          AGEIA Technologies
01.10.2013  17:43    <DIR>          Aiseesoft Studio
28.11.2015  12:29    <DIR>          ASUS
10.01.2014  17:52    <DIR>          Audacity
03.04.2017  09:51    <DIR>          AVG
26.02.2015  16:07    <DIR>          b10a0213-acef-4521-99fa-0d6aa48db07e
11.11.2017  15:29    <DIR>          Battle.net
01.06.2014  14:38    <DIR>          Battlelog Web Plugins
04.11.2013  19:21    <DIR>          Canon
12.09.2017  06:46    <DIR>          Common Files
23.03.2014  13:46    <DIR>          DesktopAnimated
02.10.2013  21:36    <DIR>          Dotjosh Studios
05.01.2015  21:04    <DIR>          DVDVideoSoft
01.10.2013  17:42    <DIR>          EaseUS
27.02.2015  18:49    <DIR>          Emsisoft Anti-Malware
09.09.2017  12:20    <DIR>          FocusWriter
05.01.2015  21:04    <DIR>          Free Codec Pack
02.11.2016  17:11    <DIR>          Google
30.04.2016  07:10    <DIR>          Intel
13.09.2017  00:28    <DIR>          Internet Explorer
03.02.2014  21:42    <DIR>          Lame For Audacity
01.04.2017  23:20    <DIR>          McAfee
15.10.2014  23:11    <DIR>          Microsoft ASP.NET
03.10.2013  17:15    <DIR>          Microsoft Games for Windows - LIVE
05.05.2015  11:00    <DIR>          Microsoft Office
14.10.2016  11:44    <DIR>          Microsoft SQL Server Compact Edition
06.04.2014  19:42    <DIR>          Microsoft XNA
18.03.2017  22:03    <DIR>          Microsoft.NET
02.10.2013  21:35    <DIR>          Mozilla Firefox
21.05.2017  10:44    <DIR>          MSBuild
16.04.2015  14:30    <DIR>          MSECache
05.05.2017  12:26    <DIR>          NCH Software
07.09.2016  22:34    <DIR>          NCWest
01.06.2017  13:59    <DIR>          NVIDIA Corporation
13.10.2016  11:19    <DIR>          obs-studio
10.10.2013  19:37    <DIR>          OpenAL
21.08.2017  19:56    <DIR>          OpenOffice 4
21.08.2017  19:51    <DIR>          OpenOffice 4.1.3 (de) Installation Files
07.11.2017  20:23    <DIR>          Opera
04.11.2017  09:48    <DIR>          Origin
06.02.2016  14:41    <DIR>          Origin Games
27.10.2017  16:04    <DIR>          Overwolf
01.10.2013  15:02    <DIR>          Realtek
21.05.2017  10:44    <DIR>          Reference Assemblies
08.05.2017  19:26    <DIR>          skate's Thumbnail Tool
12.09.2017  06:46    <DIR>          Skype
28.11.2015  12:30    <DIR>          SplitmediaLabs
22.02.2015  12:22    <DIR>          Spybot - Search & Destroy 2
13.12.2014  18:55    <DIR>          Steam
01.10.2013  17:16    <DIR>          Teamspeak2_RC2
22.11.2014  18:25    <DIR>          TeamViewer
26.03.2015  14:23    <DIR>          Ubisoft
08.05.2017  19:27    <DIR>          VisioForge
01.06.2017  13:59    <DIR>          VulkanRT
01.10.2013  20:22    <DIR>          Winamp
01.10.2013  20:22    <DIR>          Winamp Detect
13.07.2017  00:45    <DIR>          Windows Defender
14.10.2016  11:44    <DIR>          Windows Live
13.09.2017  00:28    <DIR>          Windows Mail
20.03.2017  05:36    <DIR>          Windows Media Player
18.03.2017  22:03    <DIR>          Windows Multimedia Platform
18.03.2017  22:03    <DIR>          Windows NT
13.09.2017  00:28    <DIR>          Windows Photo Viewer
18.03.2017  22:03    <DIR>          Windows Portable Devices
18.03.2017  22:03    <DIR>          WindowsPowerShell
               0 Datei(en),              0 Bytes
              69 Verzeichnis(se), 391.586.885.632 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\ProgramData

02.11.2015  16:31    <DIR>          Adobe
12.02.2014  06:39    <DIR>          Aeria Games
01.10.2013  17:43    <DIR>          Aiseesoft Studio
03.04.2017  09:51    <DIR>          Avg
18.04.2014  12:40    <DIR>          AVG2014
17.02.2016  21:15    <DIR>          Battle.net
19.12.2013  17:23    <DIR>          Blizzard
01.10.2015  15:56    <DIR>          Blizzard Entertainment
14.07.2016  22:07    <DIR>          BlueStacksSetup
02.10.2013  21:53    <DIR>          Bohemia Interactive Studio
17.09.2017  17:26    <DIR>          CanonIJPLM
08.05.2017  19:27    <DIR>          Caphyon
16.07.2016  12:47    <DIR>          Comms
01.06.2014  14:34    <DIR>          EA Core
01.06.2014  17:25    <DIR>          EA Logs
01.06.2014  14:34    <DIR>          Electronic Arts
26.01.2017  21:16    <DIR>          For Honor
23.03.2017  06:38    <DIR>          GOG.com
03.05.2014  17:18    <DIR>          Intel
03.05.2014  16:17    <DIR>          Intel(R) Update Manager
01.11.2013  15:50    <DIR>          Licenses
04.11.2013  18:52    <DIR>          LogMeIn
18.06.2017  19:29    <DIR>          Malwarebytes
30.03.2017  11:50    <DIR>          McAfee
18.04.2014  12:40    <DIR>          MFAData
21.05.2017  10:29    <DIR>          Microsoft OneDrive
05.05.2017  12:26    <DIR>          NCH Software
09.05.2014  15:19    <DIR>          Norton
09.05.2014  15:19    <DIR>          NortonInstaller
11.11.2017  15:42    <DIR>          NVIDIA
01.06.2017  14:00    <DIR>          NVIDIA Corporation
11.11.2017  08:55    <DIR>          Origin
30.04.2016  17:55    <DIR>          Overwolf
27.06.2017  21:54    <DIR>          Package Cache
31.10.2013  13:17    <DIR>          PopCap Games
21.05.2017  10:04    <DIR>          regid.1991-06.com.microsoft
30.01.2015  17:14    <DIR>          Riot Games
12.09.2017  06:46    <DIR>          Skype
18.03.2017  22:03    <DIR>          SoftwareDistribution
28.08.2017  00:04    <DIR>          Solid State Networks
28.11.2015  12:30    <DIR>          SplitMediaLabs
21.02.2015  23:22    <DIR>          Spybot - Search & Destroy
31.10.2013  09:53    <DIR>          Steam
22.02.2015  18:53    <DIR>          TEMP
01.10.2013  20:23    <DIR>          TuneUp Software
21.05.2017  10:04    <DIR>          USOPrivate
21.05.2017  10:04    <DIR>          USOShared
20.03.2017  05:37    <DIR>          WindowsHolographicDevices
               0 Datei(en),              0 Bytes
              48 Verzeichnis(se), 391.586.877.440 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Users\User\AppData\Roaming

10.07.2017  19:38    <DIR>          .
10.07.2017  19:38    <DIR>          ..
03.04.2017  09:52    <DIR>          AbiSuite
30.04.2015  14:48    <DIR>          Adobe
12.02.2014  06:16    <DIR>          Aeria Games & Entertainment
30.10.2017  14:42    <DIR>          Audacity
03.10.2013  10:01    <DIR>          AVG2014
17.02.2016  21:15    <DIR>          Battle.net
29.05.2015  23:50    <DIR>          Bioshock2Steam
18.09.2016  00:38    <DIR>          BioshockHD
24.12.2013  23:31    <DIR>          Crazy Viking Studios
19.12.2013  19:14    <DIR>          Curse Advertising
09.02.2017  21:31    <DIR>          DarknessII
14.09.2015  06:58    <DIR>          DarkSoulsII
06.09.2016  14:50    <DIR>          Day 1 Studios
06.03.2016  09:03    <DIR>          DevilDaggers
08.09.2017  17:50    <DIR>          discord
26.07.2014  20:58    <DIR>          Doublefine
05.01.2015  21:06    <DIR>          DVDVideoSoft
20.02.2015  17:09    <DIR>          EasyVpn
13.09.2016  08:28    <DIR>          EpicBattleFantasy3
29.12.2015  10:59    <DIR>          Frontier Developments
27.04.2017  07:38    <DIR>          Google
01.10.2013  14:47    <DIR>          Identities
01.10.2013  15:03    <DIR>          InstallShield
01.10.2013  15:14    <DIR>          Intel Corporation
09.09.2016  17:52    <DIR>          Kalypso Media
30.01.2015  22:40    <DIR>          LolClient
12.06.2015  13:05    <DIR>          LucasArts
15.02.2014  20:34    <DIR>          Macromedia
18.06.2014  16:28    <DIR>          Malwarebytes
12.04.2011  08:54    <DIR>          Media Center Programs
14.07.2016  22:06    <DIR>          Mozilla
05.05.2017  12:33    <DIR>          NCH Software
10.01.2014  17:45    <DIR>          Nico Mak Computing
03.11.2013  15:10    <DIR>          NVIDIA
24.10.2017  00:24    <DIR>          obs-studio
13.05.2014  00:03    <DIR>          OpenOffice
01.10.2013  16:45    <DIR>          Opera Software
11.11.2017  08:56    <DIR>          Origin
10.02.2015  21:44    <DIR>          Rejet
26.10.2017  12:48    <DIR>          RenPy
30.01.2015  17:09    <DIR>          Riot Games
08.05.2017  19:26    <DIR>          skate's Thumbnail Tool
11.11.2017  15:30    <DIR>          Skype
11.12.2014  21:29    <DIR>          StunlockStudios
19.05.2016  13:29    <DIR>          Sword of the Stars - The Pit
01.08.2015  23:55    <DIR>          Tap_Dungeon
01.10.2013  17:16    <DIR>          teamspeak2
12.09.2016  21:30    <DIR>          Tropico 4
11.11.2017  00:26    <DIR>          TS3Client
03.10.2013  10:00    <DIR>          TuneUp Software
29.06.2014  17:42    <DIR>          Unity
08.05.2017  19:26    <DIR>          VisioForge
18.05.2014  05:57    <DIR>          Wargaming.net
21.04.2015  14:10    <DIR>          Waveform
23.03.2014  13:41                44 WB.CFG
23.11.2014  10:51    <DIR>          Winamp
16.11.2013  19:25    <DIR>          WinRAR
               1 Datei(en),             44 Bytes
              58 Verzeichnis(se), 391.586.877.440 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Users\User\AppData\Local

10.11.2017  22:12    <DIR>          .
10.11.2017  22:12    <DIR>          ..
04.06.2015  15:49    <DIR>          4A Games
30.04.2016  07:37    <DIR>          ActiveSync
18.06.2017  08:23    <DIR>          Adobe
12.02.2014  06:39    <DIR>          Aeria Games
21.09.2017  23:25    <DIR>          Akamai
19.12.2013  17:33    <DIR>          Apps
02.10.2013  21:42    <DIR>          ArmA 2
04.11.2013  20:08    <DIR>          ArmA 2 OA
03.04.2017  09:50    <DIR>          Avg
17.04.2014  14:54    <DIR>          Avg2014
02.10.2013  21:36    <DIR>          avgchrome
03.04.2017  09:51    <DIR>          AvgSetupLog
11.11.2017  15:42    <DIR>          Battle.net
06.02.2016  16:21    <DIR>          BigHugeEngine
01.11.2013  15:50    <DIR>          BlackMarketGames
24.05.2014  14:33    <DIR>          Blizzard
28.07.2017  21:03    <DIR>          Blizzard Entertainment
14.07.2016  22:04    <DIR>          Bluestacks
23.07.2015  08:53    <DIR>          CEF
14.12.2016  14:25    <DIR>          Chromium
30.04.2016  19:16    <DIR>          Comms
22.05.2017  10:27    <DIR>          ConnectedDevicesPlatform
04.10.2016  15:13    <DIR>          CrashDumps
04.02.2017  15:30    <DIR>          CrashRpt
02.10.2013  21:38    <DIR>          DayZCommander
23.05.2017  14:42    <DIR>          DBG
20.06.2017  22:47    <DIR>          Deployment
28.04.2017  10:07    <DIR>          Diagnostics
09.08.2017  08:18    <DIR>          Discord
21.10.2016  12:12    <DIR>          dxhr
12.10.2014  00:20    <DIR>          ElevatedDiagnostics
18.08.2017  14:00    <DIR>          Elisa
01.06.2014  14:38    <DIR>          ESN
12.06.2015  11:47    <DIR>          fabi.me
30.12.2015  21:07    <DIR>          Fallout4
21.06.2015  15:01    <DIR>          FalloutNV
29.12.2015  10:59    <DIR>          Frontier Developments
11.07.2017  22:43    <DIR>          Frontier_Developments
15.04.2016  22:57            64.024 GDIPFONTCACHEV1.DAT
26.04.2017  09:42    <DIR>          GOG.com
03.11.2016  22:32    <DIR>          Google
09.09.2017  12:20    <DIR>          GottCode
01.06.2015  12:54    <DIR>          GWX
12.06.2017  12:21    <DIR>          Hinterland
25.10.2017  21:31    <DIR>          JDownloader v2.0
17.04.2014  11:56    <DIR>          Lexware
04.11.2013  18:52    <DIR>          LogMeIn
04.11.2013  19:38    <DIR>          LogMeIn Hamachi
14.07.2016  22:06    <DIR>          Macromedia
03.10.2013  09:52    <DIR>          MFAData
21.05.2017  10:13    <DIR>          Microsoft
28.04.2017  16:39    <DIR>          MicrosoftEdge
15.06.2015  00:27    <DIR>          mslug3
23.12.2016  21:55    <DIR>          My Games
09.05.2015  16:58    <DIR>          NBGI
28.10.2016  11:39    <DIR>          NVIDIA
28.10.2016  11:39    <DIR>          NVIDIA Corporation
01.10.2013  16:45    <DIR>          Opera Software
20.09.2016  16:29    <DIR>          Origin
30.04.2016  17:54    <DIR>          Overwolf
09.08.2017  08:25    <DIR>          Packages
13.04.2017  07:02    <DIR>          PackageStaging
04.02.2017  23:06    <DIR>          paint.net
22.10.2014  17:45    <DIR>          PAYDAY
04.11.2014  19:59    <DIR>          PAYDAY 2
03.10.2013  09:48    <DIR>          Programs
30.04.2016  07:36    <DIR>          Publishers
26.03.2015  14:30    <DIR>          PunkBuster
01.10.2013  17:43    <DIR>          report
04.01.2014  12:12    <DIR>          Robot Entertainment
03.10.2013  17:15    <DIR>          Rockstar Games
01.05.2015  22:09    <DIR>          SCE
16.12.2015  14:09    <DIR>          Skype
23.11.2014  17:04    <DIR>          Skyrim
29.10.2016  23:45    <DIR>          Skyrim Special Edition
27.06.2017  21:56    <DIR>          SniperElite4
03.11.2017  23:59    <DIR>          SniperV2
13.06.2017  23:35    <DIR>          speech
10.07.2017  19:38    <DIR>          SquirrelTemp
14.12.2016  14:26    <DIR>          Steam
12.01.2017  15:24    <DIR>          TeamSpeak 3
08.07.2016  18:29    <DIR>          techland
11.11.2017  15:42    <DIR>          Temp
30.04.2016  07:34    <DIR>          TileDataLayer
22.11.2014  17:43    <DIR>          TuneUp Software
26.06.2017  17:00    <DIR>          tyranoscript
17.04.2014  08:39    <DIR>          Ubisoft
07.11.2017  19:48    <DIR>          Ubisoft Game Launcher
29.06.2014  17:42    <DIR>          Unity
12.05.2017  10:31    <DIR>          UNP
27.10.2015  15:41    <DIR>          UnrealEngine
27.10.2015  15:41    <DIR>          UnrealEngineLauncher
27.10.2015  17:04    <DIR>          UnrealTournament
01.10.2013  17:56    <DIR>          VirtualStore
17.12.2013  21:09    <DIR>          Warframe
14.10.2016  12:17    <DIR>          Windows Live
               1 Datei(en),         64.024 Bytes
              97 Verzeichnis(se), 391.586.869.248 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Program Files (x86)\Common Files

12.09.2017  06:46    <DIR>          .
12.09.2017  06:46    <DIR>          ..
02.11.2015  16:31    <DIR>          Adobe
02.10.2013  21:56    <DIR>          BattlEye
01.10.2015  15:57    <DIR>          Blizzard Entertainment
05.01.2015  21:04    <DIR>          DVDVideoSoft
28.11.2015  12:29    <DIR>          InstallShield
21.05.2017  10:01    <DIR>          Intel
01.10.2013  15:15    <DIR>          Intel Corporation
17.04.2014  11:56    <DIR>          Lexware
30.04.2016  07:15    <DIR>          logishrd
21.05.2017  10:01    <DIR>          Microsoft Shared
27.10.2017  16:04    <DIR>          Overwolf
01.10.2013  15:04    <DIR>          postureAgent
01.10.2013  20:22    <DIR>          PX Storage Engine
18.03.2017  22:03    <DIR>          Services
12.09.2017  06:46    <DIR>          Skype
21.05.2017  10:01    <DIR>          SpeechEngines
03.11.2017  08:10    <DIR>          Steam
20.03.2017  05:35    <DIR>          System
10.06.2016  21:39    <DIR>          Windows Live
28.04.2015  19:50    <DIR>          Wise Installation Wizard
               0 Datei(en),              0 Bytes
              22 Verzeichnis(se), 391.586.869.248 Bytes frei

========= Ende von CMD: =========


========= dir "%CommonProgramW6432%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Program Files\Common Files

21.05.2017  10:01    <DIR>          .
21.05.2017  10:01    <DIR>          ..
08.09.2016  01:15    <DIR>          INCA Shared
30.03.2017  11:16    <DIR>          Intel
30.04.2016  07:15    <DIR>          logishrd
01.04.2017  23:19    <DIR>          McAfee
21.05.2017  10:01    <DIR>          microsoft shared
18.03.2017  22:03    <DIR>          Services
21.05.2017  10:01    <DIR>          SpeechEngines
20.03.2017  05:35    <DIR>          System
               0 Datei(en),              0 Bytes
              10 Verzeichnis(se), 391.586.869.248 Bytes frei

========= Ende von CMD: =========


========= dir "%UserProfile%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\Users\User

11.11.2017  15:32    <DIR>          .
11.11.2017  15:32    <DIR>          ..
14.09.2016  08:40    <DIR>          .Origin
14.09.2016  08:40    <DIR>          .QtWebEngineProcess
12.01.2017  15:24    <DIR>          .TeamSpeak 3
01.10.2013  15:12                 0 agent.log
12.10.2017  08:44    <DIR>          Contacts
11.11.2017  15:42    <DIR>          Desktop
12.10.2017  08:44    <DIR>          Documents
09.11.2017  19:26    <DIR>          Downloads
12.10.2017  08:44    <DIR>          Favorites
07.11.2017  00:16    <DIR>          Links
12.10.2017  08:44    <DIR>          Music
07.11.2017  00:16    <DIR>          OneDrive
07.11.2017  09:55    <DIR>          Pictures
12.10.2017  08:44    <DIR>          Saved Games
12.10.2017  08:44    <DIR>          Searches
24.03.2015  15:48    <DIR>          Tracing
30.10.2017  14:40    <DIR>          Videos
               1 Datei(en),              0 Bytes
              18 Verzeichnis(se), 391.586.865.152 Bytes frei

========= Ende von CMD: =========


========= dir "C:\" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: DE45-EB7F

 Verzeichnis von C:\

17.04.2014  14:54    <DIR>          $AVG
10.11.2017  22:11    <DIR>          AdwCleaner
11.02.2014  12:52    <DIR>          AeriaGames
30.03.2017  11:05                30 AVScanner.ini
22.02.2015  18:59            25.944 ComboFix.txt
11.11.2017  15:42    <DIR>          FRST
28.08.2017  00:02    <DIR>          Gravity
03.10.2015  14:15            12.955 IFRToolLog.txt
21.05.2017  10:44    <DIR>          inetpub
01.10.2013  14:58    <DIR>          Intel
13.02.2016  18:28    <DIR>          Logs
18.03.2017  22:03    <DIR>          PerfLogs
18.06.2017  19:29    <DIR>          Program Files
10.11.2017  22:12    <DIR>          Program Files (x86)
22.02.2015  19:00    <DIR>          Qoobox
28.11.2015  12:29                32 setup.log
21.05.2017  10:01    <DIR>          Users
10.11.2017  22:39    <DIR>          Windows
               4 Datei(en),         38.961 Bytes
              14 Verzeichnis(se), 391.586.865.152 Bytes frei

========= Ende von CMD: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== Ende von ExportKey ===

========= RemoveProxy: =========

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 263774549 B
Java, Flash, Steam htmlcache => 728596113 B
Windows/system/drivers => 2714934 B
Edge => 160700 B
Chrome => 1233070560 B
Firefox => 0 B
Opera => 65801890 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 201900 B
User => 339325941 B
DefaultAppPool => 0 B

RecycleBin => 309373 B
EmptyTemp: => 2.5 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 15:43:09 ====

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von User (11-11-2017 15:59:05)
Gestartet von C:\Users\User\Desktop
Start-Modus: Normal

================== Datei-Suche: "SearchAll: UltimateShoppingSearch;Avg_Update_;startseite24.net;AIM Toolbar;trovi.com;istart.webssearches" =============

Datei:
========
C:\AdwCleaner\Quarantine\C\Users\User\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_istart.webssearches.com_0.localstorage.vir
[2015-02-20 17:13][2015-02-20 23:20] 000011264 _____ () D2DD3FE583FDEE141ABF6C2FA8FAD9DE [Datei ist nicht signiert]


Ordner:
========

Registry:
========

===================== Suchergebnis für "UltimateShoppingSearch" ==========


===================== Suchergebnis für "Avg_Update_" ==========


===================== Suchergebnis für "startseite24.net" ==========


===================== Suchergebnis für "AIM Toolbar" ==========


===================== Suchergebnis für "trovi.com" ==========


===================== Suchergebnis für "istart.webssearches" ==========


====== Ende von Suche ======

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
durchgeführt von User (Administrator) auf USER-PC (11-11-2017 16:08:23)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Discord Inc.) C:\Users\User\AppData\Local\Discord\app-0.0.298\Discord.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-05] (Google Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5187648 2017-10-19] (GOG.com)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => Keine Datei
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-08] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8b0d2022-b991-4718-93be-7a02131a75f6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-06] ()

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MD713A93F-1957-49B5-B20A-CF925371BF4A&SearchSource=55&CUI=&UM=8&UP=SP40A464AF-B91F-4B2C-A91C-81DF8F108ABA&SSPV=","hxxp://myhome.vi-view.com/?type=hp&ts=1421856106&from=cor&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxp://istart.webssearches.com/?type=hp&ts=1424448595&from=exp&uid=WDCXWD20EFRX-68EUZN0_WD-WMC4M118017580175","hxxps://encrypted.google.com"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (ProxFlow) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-25]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Black Rock Shooter) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdkbpipldakmkbknanlkamcgohlgfng [2017-11-11]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> ist aktiviert.
OPR Extension: (Radio Canyon) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2015-06-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-02] () [Datei ist nicht signiert]
S3 DAUpdaterSvc; D:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-28] (BioWare)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-23] (Overwolf LTD)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-11] (Malwarebytes)
R1 MpKsl23e225a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38BDE9E8-F73E-4CB4-B85D-B2A8D0F28E22}\MpKsl23e225a0.sys [58120 2017-11-11] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-04-27] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-11 16:08 - 2017-11-11 16:09 - 000019378 _____ C:\Users\User\Desktop\FRST.txt
2017-11-11 16:04 - 2017-11-11 16:04 - 001783198 _____ C:\Users\User\Downloads\Nicht bestätigt 309963.crdownload
2017-11-11 15:59 - 2017-11-11 16:07 - 000001113 _____ C:\Users\User\Desktop\Search.txt
2017-11-11 15:42 - 2017-11-11 15:43 - 000034578 _____ C:\Users\User\Desktop\Fixlog.txt
2017-11-10 22:29 - 2017-11-10 22:36 - 000001806 _____ C:\Users\User\Desktop\mbam.txt.txt
2017-11-09 19:25 - 2017-11-09 19:25 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-11-08 22:51 - 2017-11-08 22:51 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner_7.0.4.0.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-11 16:08 - 2015-02-22 13:06 - 000000000 ____D C:\FRST
2017-11-11 15:56 - 2017-06-29 15:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2017-11-11 15:56 - 2017-05-21 10:15 - 000003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380645316
2017-11-11 15:56 - 2013-10-01 16:45 - 000000000 ____D C:\Program Files (x86)\Opera
2017-11-11 15:51 - 2014-05-29 21:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2017-11-11 15:50 - 2014-05-29 21:38 - 000000000 ____D C:\ProgramData\Origin
2017-11-11 15:50 - 2013-10-01 21:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-11-11 15:44 - 2017-10-05 22:14 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-11 15:44 - 2017-05-21 10:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-11 15:44 - 2016-09-22 06:47 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-11 15:44 - 2016-04-30 07:35 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-11-11 15:43 - 2017-03-18 12:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-11-11 15:43 - 2016-05-02 04:54 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2017-11-11 15:42 - 2014-04-17 18:35 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-11-11 15:29 - 2014-04-17 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-11 15:28 - 2017-05-21 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-11 15:02 - 2017-05-21 10:15 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C722207A-59FA-447E-9A7F-6EE09C1510F3}
2017-11-11 09:00 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-11 09:00 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-11 00:26 - 2013-12-26 21:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-11-10 22:20 - 2017-05-21 09:57 - 002427406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 22:20 - 2017-03-20 05:35 - 001068990 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-10 22:20 - 2017-03-20 05:35 - 000249490 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-10 22:12 - 2015-02-20 23:11 - 000000000 ____D C:\AdwCleaner
2017-11-08 23:26 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-08 16:31 - 2013-12-16 20:18 - 000000851 _____ C:\Users\User\Desktop\adressen.txt
2017-11-07 19:48 - 2015-03-26 14:24 - 000000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-11-07 00:39 - 2014-11-22 18:17 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-07 00:16 - 2017-07-27 16:17 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000
2017-11-07 00:16 - 2016-04-30 07:44 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:16 - 2016-04-30 07:44 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-06 21:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 14:14 - 2017-05-21 10:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-11-04 09:48 - 2014-05-29 21:38 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-03 23:59 - 2014-06-05 19:28 - 000000000 ____D C:\Users\User\AppData\Local\SniperV2
2017-10-30 14:42 - 2014-01-10 17:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity
2017-10-27 16:04 - 2013-12-26 21:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-10-26 12:48 - 2014-07-27 01:10 - 000000000 ____D C:\Users\User\AppData\Roaming\RenPy
2017-10-26 08:14 - 2017-05-21 10:15 - 000004642 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 21:31 - 2015-01-21 17:02 - 000000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2017-10-24 00:24 - 2016-06-10 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-10-13 14:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 08:44 - 2016-02-13 18:30 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 08:38 - 2017-05-21 09:53 - 000287376 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-23 13:41 - 2014-03-23 13:41 - 000000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-05 15:13

==================== Ende von FRST.txt ============================

zabasu · 11.11.2017, 16:19

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 02-11-2017
durchgeführt von User (11-11-2017 16:09:42)
Gestartet von C:\Users\User\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-21 09:23:43)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2440112941-538450990-2588341026-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2440112941-538450990-2588341026-503 - Limited - Disabled)
Gast (S-1-5-21-2440112941-538450990-2588341026-501 - Limited - Disabled)
User (S-1-5-21-2440112941-538450990-2588341026-1000 - Administrator - Enabled) => C:\Users\User

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Aiseesoft Blu-ray Player 6.2.20 (HKLM-x32\...\{3E1A13C3-E458-4995-BEA6-4B9BE279D502}_is1) (Version: 6.2.20 - Aiseesoft Studio)
Akamai NetSession Interface (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU TweakII (HKLM-x32\...\{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.0.6.9 - ASUSTek COMPUTER INC.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series Benutzerregistrierung (HKLM-x32\...\Canon iP2600 series Benutzerregistrierung) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
FocusWriter (HKLM-x32\...\FocusWriter) (Version: 1.6.7 - Graeme Gott)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.89 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Smart Connect Technology 2.0 x64 (HKLM\...\{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}) (Version: 2.0.1083.0 - Intel)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingdoms of Amalur: Reckoning (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.0.0.0 - Electronic Arts)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 49.0.2725.34 (HKLM-x32\...\Opera 49.0.2725.34) (Version: 49.0.2725.34 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.5.6040 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.107.256.0 - Overwolf Ltd.)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PIXMA Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Rage of Mages (HKLM-x32\...\1459856053_is1) (Version: 2.1.0.3 - GOG.com)
Rage of Mages (HKLM-x32\...\Rage of Mages) (Version:  - )
Ragnarok Restart (HKLM-x32\...\{06A73F7C-3719-4664-89DC-21FB0B3D7C9D}) (Version: 1.0.2 - Gravity Interactive, Inc.) Hidden
Ragnarok Restart (HKLM-x32\...\Ragnarok Restart 1.0.2) (Version: 1.0.2 - Gravity Interactive, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0006 - THQ)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
skate's Thumbnail Tool Version 1.1.2 (HKLM-x32\...\{E68C580F-B6A5-4D47-89EC-307B9096FC10}_is1) (Version: 1.1.2 - skate702.de)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Unity Web Player (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VideoPad Video-Editor (HKLM-x32\...\VideoPad) (Version: 4.60 - NCH Software)
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\{A7A1153A-3CA3-4366-B37D-291522538794}) (Version: 7.0.0.0 - VisioForge) Hidden
VisioForge Media Player SDK ActiveX LITE (HKLM-x32\...\VisioForge Media Player SDK ActiveX LITE 7.0.0.0) (Version: 7.0.0.0 - VisioForge)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Warcraft III) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Gamecaster (HKLM-x32\...\{4EDB1851-7427-4324-AAAA-9E3852C73DAE}) (Version: 2.2.1502.1741 - SplitmediaLabs)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2440112941-538450990-2588341026-1000_Classes\CLSID\{d966ac89-a571-4a5c-bcf0-638a3cdf1b14}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-11-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-11-15] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02CBCC90-3E56-4541-96EC-B200672D50B5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {04DCEB08-147F-4B59-88EB-9F3F89DE852C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {0E64ADC2-2056-475B-A71C-FFFE220DD0A1} - System32\Tasks\Opera scheduled Autoupdate 1380645316 => C:\Program Files (x86)\Opera\launcher.exe [2017-11-07] (Opera Software)
Task: {132A5559-4118-4295-A1E1-C141CB2F74F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-26] (Adobe Systems Incorporated)
Task: {14EE976F-63B2-4DD4-99DE-1835879794C7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {1B41679F-8512-4E70-8E44-8A344FBCA5D7} - System32\Tasks\{68198F9C-F8D5-440A-A307-2045870E9B9A} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings old.exe" -d "D:\Program Files (x86)\epicRO Ragnarok Online"
Task: {1FA9B476-5068-4DF9-A7C0-DE98215EA21A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2098291A-6826-4D8E-90E2-E7C7DE426F36} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2BF954F7-B5F8-4A34-8C72-ED4883865256} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F3C1B2D-FB8D-4193-8444-231AD0F9BBED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {309921DD-F04E-4995-AA50-9A6470930DC9} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3515463A-AD78-4987-86A5-060287B7AB95} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-10-23] (Overwolf LTD)
Task: {3754061D-CD83-4496-8AA0-8FE1BA314C47} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3EF7C9D3-8A19-4234-810A-2DDB201C8958} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {427CCE13-B111-4A80-BBB0-6D6F981E965F} - System32\Tasks\{A5DBFEE4-0356-4708-A655-BFA7E35BF624} => C:\Windows\system32\pcalua.exe -a "D:\Program Files (x86)\epicRO Ragnarok Online\settings.exe" -d "d:\Program Files (x86)\epicRO Ragnarok Online\"
Task: {4478F7FB-D260-4CB8-82E0-5CA44CDF79C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {5256B3A6-7B23-454C-AD22-5E2A693BC4C4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {55978C82-CC08-4BBE-8D03-B568E1E8E4E0} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5CEF6C81-6FC0-4ED2-897B-9497DD7E1887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {61160297-9C11-42C4-AA85-47CC9FA41C41} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {61C34886-4054-4DD8-A557-3A7B140BEBBF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {65342EE4-2ADC-4994-8633-40C4B9E686C5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {751916EA-7824-4174-B568-FC51A3F7BFE5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {760979B4-03D3-42CA-9AC0-C4FC833C0332} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8130F5FA-AF7D-4943-B2BA-060B3A46CDAE} - System32\Tasks\{438FA2C7-F30F-4579-A499-B2964FEB6E44} => C:\WINDOWS\system32\pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {821BF6DC-C0F0-4924-9E22-E698C929C50F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {83D8EA44-D5EA-48DC-AD74-8BAE0ABD30A4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8612CAD8-A91C-4A81-A388-BD870CF508D5} - System32\Tasks\easyVPN => C:\Program Files (x86)\EasyVpn\app\easyvpn.exe
Task: {89F9EDD9-7C6B-442A-80AE-7C781EA7CEFB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8BD8CDAB-DB90-48FD-9680-5746409A4010} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B55CF8D6-4BF9-4075-BC29-60C0CC07BD2C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BF5E2522-FE1D-4E8C-9FA9-E1B27B81D2DA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {D603657B-A4C5-4DD5-AB65-50C5B5C8B92D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {DB881C0E-C3BE-4699-AA40-CA7398035898} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DE82B7E1-A074-4B4B-96F8-B77C47A4381E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEC8126C-17DA-4FAD-A5F2-57CB2B91A8B0} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {E0E54520-18CA-4D7E-963B-A5AA232C6777} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EDFDCDC2-3F60-4BC2-ACE9-FA32929FA671} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F191C630-1ACC-4331-9C15-E924A011A9C0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6112400-8A8F-4A0B-B5DA-75DC52204405} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\Users\User\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-29 10:28 - 2015-05-29 10:28 - 000048640 _____ () C:\Windows\SysWOW64\ASGT.exe
2017-09-02 12:09 - 2017-10-10 12:28 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-07 09:44 - 2017-11-07 09:44 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-07 09:44 - 2017-11-07 09:44 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.480.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-04 09:48 - 2017-11-02 07:51 - 000021848 _____ () C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
2017-09-07 17:12 - 2017-09-07 17:12 - 000069632 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libglesv2.dll
2017-11-07 00:39 - 2017-11-05 10:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.89\libegl.dll
2015-03-31 17:25 - 2016-05-02 07:02 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-08-21 13:18 - 2017-09-09 20:25 - 000688416 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 15:17 - 2017-10-31 04:22 - 002546976 _____ () D:\Program Files (x86)\Steam\video.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 004969248 _____ () D:\Program Files (x86)\Steam\v8.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000491008 _____ () D:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000332800 _____ () D:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000485888 _____ () D:\Program Files (x86)\Steam\libswscale-3.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 002549760 _____ () D:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 15:21 - 2016-01-27 08:49 - 000442880 _____ () D:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 001195296 _____ () D:\Program Files (x86)\Steam\icuuc.dll
2015-01-20 16:13 - 2016-09-01 02:02 - 001563936 _____ () D:\Program Files (x86)\Steam\icui18n.dll
2013-09-21 09:35 - 2017-10-31 04:22 - 000901408 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 10:59 - 2016-07-04 23:17 - 000266560 _____ () D:\Program Files (x86)\Steam\openvr_api.dll
2017-11-04 09:47 - 2017-11-01 07:30 - 000015360 _____ () C:\Program Files (x86)\Origin\libEGL.DLL
2017-11-04 09:47 - 2017-11-01 07:30 - 003090944 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2014-05-29 21:40 - 2016-06-10 14:21 - 000266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-12 22:00 - 2017-08-12 22:00 - 001577976 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-08-17 15:51 - 2017-08-17 15:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-09 08:19 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\User\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000507968 _____ () D:\Program Files (x86)\GOG Galaxy\PocoUtil.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 053018112 _____ () D:\Program Files (x86)\GOG Galaxy\libcef.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001076800 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNet.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001854528 _____ () D:\Program Files (x86)\GOG Galaxy\PocoData.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000393280 _____ () D:\Program Files (x86)\GOG Galaxy\PocoDataSQLite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 001589312 _____ () D:\Program Files (x86)\GOG Galaxy\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000307776 _____ () D:\Program Files (x86)\GOG Galaxy\PocoNetSSL.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000330816 _____ () D:\Program Files (x86)\GOG Galaxy\PocoJSON.dll
2017-06-21 21:52 - 2017-10-19 17:33 - 000130112 _____ () D:\Program Files (x86)\GOG Galaxy\xdelta3.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000104000 _____ () D:\Program Files (x86)\GOG Galaxy\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000520768 _____ () D:\Program Files (x86)\GOG Galaxy\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000272448 _____ () D:\Program Files (x86)\GOG Galaxy\PocoZip.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000680000 _____ () D:\Program Files (x86)\GOG Galaxy\sqlite.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000157760 _____ () D:\Program Files (x86)\GOG Galaxy\PocoCrypto.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000425536 _____ () D:\Program Files (x86)\GOG Galaxy\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:33 - 000152128 _____ () D:\Program Files (x86)\GOG Galaxy\expat.dll
2017-08-12 22:00 - 2017-10-06 10:48 - 009722360 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-12 22:00 - 2017-11-07 20:29 - 001471992 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-11-11 15:49 - 2017-11-11 15:49 - 000148992 _____ () \\?\C:\Users\User\AppData\Local\Temp\5FEA.tmp.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002658296 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-12 22:00 - 2017-08-12 22:00 - 002673656 _____ () \\?\C:\Users\User\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-03-23 06:38 - 2017-10-19 17:32 - 001589312 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoFoundation.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000330816 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoJSON.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000104000 _____ () C:\ProgramData\GOG.com\Galaxy\redists\zlib.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000507968 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoUtil.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000425536 _____ () C:\ProgramData\GOG.com\Galaxy\redists\pcre.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000520768 _____ () C:\ProgramData\GOG.com\Galaxy\redists\PocoXML.dll
2017-03-23 06:38 - 2017-10-19 17:32 - 000152128 _____ () C:\ProgramData\GOG.com\Galaxy\redists\expat.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 001738752 _____ () D:\Program Files (x86)\GOG Galaxy\libglesv2.dll
2017-03-23 06:38 - 2017-03-16 16:46 - 000078848 _____ () D:\Program Files (x86)\GOG Galaxy\libegl.dll
2017-06-09 06:22 - 2017-09-07 03:04 - 000678400 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-14 14:24 - 2017-08-16 23:28 - 073130272 _____ () D:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-01-20 16:13 - 2015-09-25 00:52 - 000119208 _____ () D:\Program Files (x86)\Steam\winh264.dll
2013-10-01 15:05 - 2012-06-25 09:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\sony.com -> sony.com
IE restricted site: HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-06-18 08:56 - 000000029 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\Pictures\Desktop\black-rock-shooter11.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{9C3706ED-64EE-462D-AAC4-745260CD6FBB}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C169F269-54EE-4253-AF5D-4B55C15F1775}D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{695FAF78-0DBE-45B8-A05F-E1B4BAA59FCE}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{09B5A604-B7E3-4625-B7A6-CFED54329A9C}D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D892EF5A-DCC7-4FB0-A4E0-74D8A766440C}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{B3FB41F1-79B3-413C-B008-0001AAE7FBD3}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Block) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [{E3C4DEBD-FD96-4789-A362-859D9FD41B64}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{31812AB7-9EB1-4B6D-855C-B28552F64977}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Styx\Binaries\Win64\StyxGame.exe
FirewallRules: [{0BBA4094-B486-4BD8-BD46-7C0A8517B2B4}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{33751D31-A83B-43A3-9DE2-808B05A1B520}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{2ADDDE45-FFED-4DF4-B5B9-728AB583858F}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{9D7F081C-EB2E-4288-B03A-8395972D4B75}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [UDP Query User{923B508F-9F5D-4736-B953-3F24F729A1D6}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F5659E42-B74A-494A-A8AF-A9541DFAF5AD}D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E8D1EEDE-AC10-488C-A308-7A3D95633109}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B9422F32-ED23-4E77-95BE-1C8233C30CFA}D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9095436E-783B-47EF-86BC-8870FE9245E3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{0D545466-2DB6-43A5-B930-F5FF09CBD54F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{3E98866F-EB4C-4254-A94D-4A240BCB0810}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [TCP Query User{C77808E2-8F06-4C7B-9D6A-89E709CC510E}D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe] => (Allow) D:\program files (x86)\gog galaxy\games\rage of mages\rom.exe
FirewallRules: [{034B23A9-B7F7-41BC-AAD2-C3EAF9995FC6}] => (Allow) D:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [UDP Query User{F9497AD2-3548-45B8-B03D-AC8BDDAF00BB}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{63CB44E6-8816-4F9E-BEC8-F43B341F13FE}D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{4B60DBDC-8500-4884-A6D6-85CA309AF5E8}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{C9D014AE-64A9-407E-8C50-9B0B4B956CDD}D:\program files (x86)\warcraft iii\war3.exe] => (Allow) D:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{454C40F0-077B-4441-86C6-5CEA893D16D4}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E2694FD4-2DDF-4A8F-9612-485E47DB2A68}D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CE534BD4-C74C-4126-A126-F096C261E9B4}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83F87CDE-9639-48A9-9D2C-29F06783669B}D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{96A0F636-1016-47B0-9613-0838C573627C}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [TCP Query User{FE7968CC-68BD-4058-BA5E-DC6CE5390C53}D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base49716\sc2_x64.exe
FirewallRules: [{00C61FF4-17AB-42E3-AF35-4E125D337D5C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{FEAC0CEF-CCF3-481B-983C-289FC5D90A06}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [UDP Query User{22C8D6D8-21AC-48A7-B237-F110416F8C62}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [TCP Query User{D9BC6E22-9F8B-48C4-AD56-84EDC163AF26}C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\forhonorbeta\forhonor.exe
FirewallRules: [{138D4B24-E374-408F-B77C-CAB04725CB4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{2E74C4B3-E1DB-4017-A634-089C73E3BCC5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{C5005979-5EB3-4275-BA81-941B5BCA303D}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{9549E5A5-22C2-4148-B904-EFA25A3A1EDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11.exe
FirewallRules: [{A93E3F9B-68D2-4AC5-9E6E-753A5893817E}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{946AF9B7-81E4-405F-BC10-879736EA5FC2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon_d3d11_b.exe
FirewallRules: [{F67FF78E-10CC-4937-84C3-79D4E637771B}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{B6E043D3-CCEC-4261-8EA2-ABD080F46CAA}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\bin\fc3_blooddragon.exe
FirewallRules: [{DB413EC0-A14F-4E83-B401-3584D74AC9DB}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{06670257-4FD9-4B83-B20C-8BD10B937C8D}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{3F4F719E-7FB6-42BE-AFB1-41F9A3F67E0C}D:\program files (x86)\tom clancy's the division\thedivision.exe] => (Allow) D:\program files (x86)\tom clancy's the division\thedivision.exe
FirewallRules: [UDP Query User{56062B46-5268-47A5-8E3C-2F707B84A363}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{5150902E-AE6C-46A5-8A2F-EA4D374487E6}D:\program files (x86)\overwatch\overwatch.exe] => (Allow) D:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{AC698FB7-8262-4B5F-AE3C-EA35071684B7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{105A53C0-E656-4632-8371-77B9CAA10444}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExile_x64Steam.exe
FirewallRules: [{DE45B7B9-33A9-46F3-B80C-186992B98BFF}] => (Allow) LPort=1900
FirewallRules: [{51700128-C169-4AF0-ABB3-6019B2234BEB}] => (Allow) LPort=2869
FirewallRules: [{F87F89FA-B567-48B1-B68A-49BFE0EC8F02}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{DF780692-03C9-4FAE-A9F6-55D3D1FACBC8}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{80C4801A-B800-4EE1-B75A-68B715969375}D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46889\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AE71D734-B4B0-493F-8148-113142CAC814}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD1244D8-3CEF-4F9A-A4F2-59E3D4E6DBE9}D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe
FirewallRules: [{B310F864-AB7F-46F8-8033-12DBB4ABDB84}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{4E5588DC-8A03-452C-A814-28A50BA283A0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Punch Club\Punch Club.exe
FirewallRules: [{6FAA8E9A-1BFA-4B80-BF68-1CA0467272B3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8E53D14C-173C-469E-A7C0-FC634251035E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{F9C45902-1EE0-4ACC-ADA9-5742294F28B0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{199F447F-5289-4187-8331-07E5E48F8C9D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\devildaggers\dd.exe
FirewallRules: [{978218B0-6367-4C89-A1BA-236419747157}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{7834845B-A3B9-4A8E-BA47-C5CCF350686C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{939B4E88-BE25-40B1-91AD-DCDE2EAD1C68}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{BAED523B-EF2C-4F7E-A3AC-36B6F2FFEE4C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5582C2C5-8E66-48AB-8CFD-4E6865417117}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{A9599D5A-FCF6-4A13-8047-5EEC6C9DA6DF}] => (Allow) C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [UDP Query User{413A1624-EA4A-4FD1-A1C4-ECC6CC7A5A21}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EB1682A1-C4BA-4C3A-946F-1C32B10ED1CC}D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{43F29742-2B27-404F-A374-478205BA4294}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{80330737-BF6C-42C7-848C-A6732C78481D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Valkyria Chronicles\Launcher.exe
FirewallRules: [{556DC0B1-24E8-44A0-978E-2F284096707A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{81D69276-A640-4E1A-8132-9679BD381CD7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Koi-Koi Japan [Hanafuda playing cards]\KoiKoiJapan.exe
FirewallRules: [{BB290AEC-5AE9-4F47-8473-60B0DECD026D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EBD8D74F-07DA-492A-9CD8-44E4DFC293E8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{04C52C4F-CBE2-41E7-BCEC-1588F0F9E24A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{6BED1BD7-EA9E-4F1D-99D9-13AC8309FF08}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{C701686D-4ADA-4FBD-B698-6CD754F24116}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{56823176-FF81-41C2-B366-A2AC4CD39181}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [UDP Query User{931E706C-0C8F-450A-B2A1-6CFDFDA9A1D7}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{426C2B60-F3F7-4DA9-A811-0DA28546F717}D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base39709\heroesofthestorm_x64.exe
FirewallRules: [{9286A25F-2705-4B5E-906A-A99D35B85F6C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{0A1E6997-17D3-4747-8106-B50C0B323E1C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [UDP Query User{4898D512-B876-4D84-A582-19FD92816FB4}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{BD67A5BD-BEE6-4F4F-A79A-859EA844729E}D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) D:\program files (x86)\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{9FD52067-AF88-41C9-89A8-1CE183DA83A5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{2BCD56F3-0687-451D-ABA0-C2A00E081366}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Lichdom Battlemage\Bin64\LichdomBattlemage.exe
FirewallRules: [{C437CE87-A71C-43E7-BA62-1BDFCFAD7F0F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6BCF7699-632C-464D-B5D6-6A280DEE14A9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [UDP Query User{EBDBC056-CADE-4223-A181-F5FDDB377A56}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [TCP Query User{927370DD-8BA9-44E7-AA86-47CA6629B42B}D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base38215\sc2_x64.exe
FirewallRules: [{95F8A3D2-3A8C-4EDA-A729-55A671CCAEEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{27EF9A32-7213-41A4-98AD-AF9DA32C3C31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{94E71186-8933-4C9D-A6C3-098CCDB59886}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{769D1814-4C10-4D99-9087-0DEF9A84DD42}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9BA40C0A-53A8-458E-847C-F469DCE30002}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [UDP Query User{854A45F9-FC3B-4D9C-AF2A-ACC6E1D2F077}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{EDDB763B-D7EB-4B44-BBC1-4B6F068D1B86}D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base37795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DCC82C4C-AA14-464F-8CEF-374219504A06}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [TCP Query User{C458D6A8-9D64-4EE2-B89C-444F1D57F5D2}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{61043D88-EAA3-4BC0-8920-FF23913988AB}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{12EF483D-954A-469D-BB1A-65E18C8405B6}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{A66B7710-C51E-41A7-B65D-8461ED7E7970}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F3A2F987-9BF7-4B4D-AE65-FCC310AD82C2}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BDEB1C7A-0B1A-4F15-9995-0F56C7D56F55}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{0BE4DEDB-B609-4A08-8EDA-F7C04CC842AE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{76EEA0D2-F8F5-40AD-A054-638833F75E30}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6964DBF8-F8B3-4340-845E-EDBDFAEEBAE0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [UDP Query User{E2089537-DCE3-4B3A-B332-2411C7E09E4F}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{54417066-6F8B-4E28-9F85-0A8AE3DC904B}D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{747312C0-8EB8-46FB-A656-9F6E599C02A7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{542C020A-49A2-4625-BD62-3CBD888348E5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{08276856-D54A-4A66-826F-3638EF6D426D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{BAABEEDD-8579-417C-BA51-4484FD07839B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{8E3969EA-7101-4BF6-9A28-2160C0BC1960}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{1CC35AF9-409B-45AB-B49D-876C224E1DCA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\HuniePop\HuniePop.exe
FirewallRules: [{93103BC1-8D21-4350-8CE9-614D06E84813}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{11E424AA-383D-4F30-B683-AC91ADBFE99E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{45530EF2-BAF3-465E-BC26-F25EA0E19DEF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{88687C5A-DD19-4770-A83E-0091679FAD8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{F5B0530A-D302-4EA1-80B1-8F675B79CF4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{0B5E41A6-6AE2-4D7C-9A64-895CD624EC2B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{C2F978F6-405C-4E18-8B6D-61C8E10E54FB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{EEED312C-DCD7-454F-95D7-4A1D141A726C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [UDP Query User{594CAB67-D8D5-41F9-A38E-8F11CEE19BFF}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{AC383127-6714-4741-A6FF-004A6D97234E}D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{6C075229-B17F-44DE-8514-F9DF46E544E1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{91B46C84-3D73-4E76-B72F-CD08C8A723F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\SanctuaryRPG - Black Edition\SanctuaryRPG.exe
FirewallRules: [{CD532599-7D0F-448B-8A61-D1418120D8F8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F22BE907-5B04-4446-982C-BAC0ABC16FE9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [UDP Query User{37599D5F-4EC8-4C2B-9488-B0E5014E5641}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{EA09F9AC-D798-41B7-B9BC-2B91C7F88470}D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{F8B17FBB-BB43-4D85-9FEC-EEB58A81DEF6}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{D2026B4C-FF8B-4202-877A-6957857CE548}] => (Allow) C:\Program Files (x86)\Origin Games\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{59D3C52C-6E46-4914-8591-5CBD1DC43B59}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2454A699-F7D7-4B06-8507-CDA10141C753}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C01D681C-5515-4BEA-8DD1-470D6655263F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E9FC3B04-A8B6-4EEC-B236-2C5A66660648}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{59FFA24C-9527-4277-906D-49DBAC599876}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{F991024D-E179-4712-AA82-955673652A2A}D:\program files (x86)games\world_of_tanks\worldoftanks.exe] => (Allow) D:\program files (x86)games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{9EE4FF07-A56D-41DA-BAC1-587AD0863EE5}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{9576ED4F-F3D3-421B-851A-EA8CAC010DDC}D:\program files (x86)games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{3657D514-73CC-4A6E-BCB1-AD0FA2CED502}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{4294FE41-DAC7-4F44-9479-F36D4DBBBB92}D:\program files (x86)\games\world_of_tanks\worldoftanks.exe] => (Block) D:\program files (x86)\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{6B4F058A-BB38-4242-A5E8-736F19C93D69}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{E31B9522-9A84-4C23-9F9D-B4E9296DAF9D}D:\program files (x86)\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\program files (x86)\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8F7157CF-58CD-4E5F-93E8-F684C99B46A6}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{EA6743E4-2DDA-4596-A24C-3EBCA2CD2934}C:\users\user\downloads\dune 2000\dune2000.dat] => (Block) C:\users\user\downloads\dune 2000\dune2000.dat
FirewallRules: [{51392C51-B819-4F17-B588-2F0A59CF28F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{7EDDB216-22CD-4ACE-B4CA-91DBA8065109}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TheLongDark\tld.exe
FirewallRules: [{36ACE851-6FA1-43E8-8830-87489602CFAD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{9E6072B1-243E-4607-8261-9DC2D35B2BCD}] => (Allow) C:\Program Files (x86)\EasyVpn\app\EasyVpn.exe
FirewallRules: [{904B7528-A15C-4B24-AF16-ECAA0B3D6D87}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{553021BC-6E9F-48B2-A48A-8BFC8793293B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{8E1309DC-E711-4624-BC14-06BA827F255F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{8A738709-8F43-43DB-8B41-6B8B9D659C7B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Shadowgate\Shadowgate.exe
FirewallRules: [{165F9B7F-1ABD-4B75-B0B9-C9D3AF1C6C8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{8D6F5A2F-AB87-4474-AE8C-268EC317D082}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{882DDA1E-1797-4C8D-B7B1-7EC046C09CAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{178DB507-8C05-4B91-8D43-23F07A3F3E90}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{66BB3191-9E45-47E4-B23F-9689763D1D89}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{53322157-5BF7-4A59-B7DF-ECE2AA2B096D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{957B20E6-213F-4900-AE9C-2595E0FC7A73}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{003B164E-96F1-44C9-8AC6-7DC763E9B37C}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{4114852A-0504-41D6-B4A4-F10874A1E1E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{7AA3C5D5-F9C4-4D2E-9E7F-30DF30E2298E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{3103D173-19BB-498B-BDB8-3BD93246371B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{7EAFF071-4732-4473-8434-937E416A33A8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{0808623D-B568-4C2F-AB90-13C1A2A0BC79}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{A2FC59C2-FE72-4DB0-BE84-C71FA67B049A}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [UDP Query User{0091A712-7316-4BB0-9567-DB4ED2CCAE2C}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [TCP Query User{88049ACA-17DC-4E8A-AD9A-22FCCEDB0F95}C:\programdata\battle.net\agent\agent.3634\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3634\agent.exe
FirewallRules: [{025A0A9B-CF16-490D-968A-4A519CEB05F5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{F69A8511-49F8-4A64-B903-7803F62542EC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Final Exam\final_exam.exe
FirewallRules: [{88875109-6458-4D10-B5EC-6160942533D9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{3620D27E-0A5A-4992-94EA-28819E585337}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{4D49B0DE-78A4-4E2F-B86B-5C71B42A547F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4F6891C3-C4C1-4CB9-82AB-9DC2CC7744D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E60FB92B-7B1F-4FB0-9983-294FF306D5A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{534E9AFB-53DB-4C19-9B69-B5CF03AF2621}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{9CF1C447-1F74-4224-94F9-56A8E2ACAA4E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E8DAA218-AB25-4A30-AF5A-B302D723FA5D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{4E71A770-D637-4760-A672-924728F821D5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{AB63AA2B-26BD-45B0-9CE2-0EA165118980}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\strikesuitzero\pc\main\Binary\SSZ.exe
FirewallRules: [{750D3D6A-9E69-4503-907F-8B84766719FF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{E513D3E1-8315-4D72-8112-4AE52E864B11}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8395B346-8251-44CB-9F47-19A2B8F991CE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{6BF77B84-E27E-49BB-85EC-084F50C01152}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [UDP Query User{D9F21994-9087-4CC1-91A7-A6AC6AC21FDA}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [TCP Query User{932DC11C-3578-4829-BB58-8DEA4451F3E8}C:\programdata\battle.net\agent\agent.3478\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3478\agent.exe
FirewallRules: [{E4982598-1B17-4F9A-92B0-A97DFA0D8969}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{9882AE9D-8ACA-43EE-937C-B30A97B1EA9D}] => (Allow) C:\Program Files (x86)\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{FCBB5751-DA21-442D-B3F4-C75C850443C4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{E15BF8A3-61B5-4087-B52E-54CB23DCEC8D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [UDP Query User{D44A29A5-9682-4184-A12A-D3848E3AF54E}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [TCP Query User{C1F79FFE-5A29-4E9C-806A-C6E4A4AD2CF8}D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe
FirewallRules: [{D65358B1-3C3A-438A-9C02-00A69955A4B8}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{4FACA89F-8360-4559-B593-8A8A62C42B60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Crysis 2 Game of the Year\bin32\Crysis2Launcher.exe
FirewallRules: [{8B80574B-D3B4-40EB-A2CC-E6452A82A57A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{6576F812-EA0D-4CB7-9E29-4CD61F768913}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{8A0128E7-BEE7-49AA-849D-0941E41787A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{F2D08121-F09E-4AC9-A506-88954C015B67}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{084858FE-CC1D-40CA-B216-8FE0863B5B6E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{A1584557-3DED-4262-9F18-FD7091440DC1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{F53B7EA0-4176-48E3-850C-98F0F0847608}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D6D22702-F493-4DFF-8ECF-93A49B9E6085}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{821ED095-7918-4383-9C9B-3915F555E351}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{D21781BC-68D4-46AB-A324-723D1B113E51}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{3E4B4413-0E46-487B-A73F-3B64D9973610}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{50366807-F292-4728-B4AB-D2B736B3FB8C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{F0B26C7D-DD07-4E19-AF87-EA42C8020751}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{8C009CE1-24F0-4D66-9B0C-9CDE44195540}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{2CB35982-ABC3-4C35-B315-5255C97FC7E4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{815BCFC8-E68A-4AB2-8F37-AFDA9D949400}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{8C05F04B-5060-4223-B4F0-042CBCB79BFD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{3D3714CC-B944-44E7-B32E-EA7312DF3D60}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{F49BFD88-F42C-4A40-B397-353E74AF8A47}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{50BE5F13-37EF-4D97-A843-F28155D3AED2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{FA437E49-3A80-41B3-8BF6-AEBEAA632A96}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{E36A9235-3F7B-4191-A219-DE1D9D3D82DF}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{7115B09D-2CF2-44B4-9F57-E07CE944DA17}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{3270C909-24F9-454F-879D-071F39726FEB}] => (Allow) D:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{33B47877-541D-4D49-9703-0C2ACEAA6341}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C3FA100E-4D78-4917-A4A7-7B0C17BDB5EC}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{9CC92D98-1198-4B0E-BD70-D69CAB1455A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{C7D65CDC-049A-4B8B-8D9B-2BD612D447CF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [UDP Query User{73ADE978-E53A-4D29-B42B-B438899D69CE}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{9B247D3D-34B7-40C7-A55F-D06AE3146EC6}D:\games\world_of_tanks\worldoftanks.exe] => (Allow) D:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{D5747574-B0EF-4CB4-A72F-5872AF0C6E66}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{CEE98252-4B0B-4997-8FDB-0F2A0B9BD5E1}D:\games\world_of_tanks\wotlauncher.exe] => (Allow) D:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{B11634B5-9E9A-4DEE-9DF2-22E2ABAE0262}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [TCP Query User{F576C934-C549-43F4-8FA3-B067C82C7CF9}D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe] => (Block) D:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms - eu\game\pdc-live\ghostreconphantoms.exe
FirewallRules: [{03D6DC67-94B5-47D2-AD34-D30049E9F8B9}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D7F1840C-9B7D-4D0E-9EE7-A78E3F68B3FB}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C8BC0C11-AE31-42D1-BB26-36DA31E28D28}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{22E68F23-B492-4A4D-BB53-97AC0DB4FB59}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{D4D0B3C9-5AFE-4BB9-B045-1F1A47351BDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{1DFE8043-002E-4D3D-9C3E-D5A8B4FD9FAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{89FA64F9-1D72-4512-AE62-B7934BB05DAF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{786712AE-7193-427A-9544-BE17BBCC815C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{38ACF4AB-823C-47E8-9F52-C1D2550ED9C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{6AA642D3-8A2F-44C3-9C55-D1B41879EE0F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [UDP Query User{2B4DA5C7-000C-44FD-979B-92910B76DA8C}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EFD73655-1356-427C-ACAB-4303F05BC13B}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [{DA44E897-2477-4A25-AC54-0700CEB5A6FA}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [{34B4BEB7-2827-4563-A860-C855B1CE9BBC}] => (Allow) D:\Program Files (x86)\Gamigo\Dragon Nest Europe\DragonNest.exe
FirewallRules: [UDP Query User{62A688BB-FFE0-4D92-8A68-26BEC4C29FA2}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32715F2F-269E-4E66-A9D3-C1584F472706}C:\users\user\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\user\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{ED885F51-9EB9-4A3A-8A4E-883D26282E15}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{4DF4EC7A-9581-4ABC-B604-A876303A17E2}D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{9506B136-4877-4406-8E96-A2E078EE26F1}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{14FD270A-F503-49FF-B521-9A1847FD8785}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{731D2B39-4F01-4189-89B8-A7F89F1A0E7F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{ADC968AB-A931-4E44-81F0-DB55F92D4BEC}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [UDP Query User{819060AB-12D9-4783-BEC5-2151A70FDFF3}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [TCP Query User{F2AE7830-9CED-4379-A3D9-928CD3E24032}D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{D1461A24-2E2B-4341-81DB-96908BE9B6B2}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{14BA0501-516D-44F7-8F3C-D85C7AE9B1EF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{75118281-45CA-4C42-A3D4-0C3EE99C7F75}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{EBA31B81-FE0B-40C3-ABAE-E67F79C68CA4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9F978D43-9118-4B38-99D6-9AF98CACCB15}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{FF5D4631-DE06-44EE-8D02-1ED34F9F378D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{00A99602-0225-4E25-AF4B-5653BAF25F46}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{2D0F026A-A3C2-4462-B799-01BDDA5316F2}] => (Allow) D:\Program Files (x86)\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{51EE29B1-FB68-4566-9B21-ED3E8FE69D9A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{2689F466-8710-4E34-92AD-467ED36F1EDD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [UDP Query User{9F411DDB-07ED-401D-B11A-561345B36BD3}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{B5FDD4EC-BD26-42D5-87A8-A4DEACBF824A}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [UDP Query User{DE7D2B3D-A8B3-4B5B-B5C8-CB3D5A4F2779}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [TCP Query User{9C8DAB59-7C8B-4723-B666-2E281B66E04B}D:\program files (x86)\steam\steam.exe] => (Allow) D:\program files (x86)\steam\steam.exe
FirewallRules: [{32F81BF7-6DD4-4973-BECE-BF8D5614BB8E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{98ADE586-69AD-4CE7-98D5-AB605A07E65F}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{56B8E014-F687-4992-89E4-E01B71F8A251}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{0915F978-1854-485F-A388-9C4F2A67FDA2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4059C563-9EF6-471B-8209-7C28947F6233}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{F71FF282-E052-4C44-B7DB-BD381D8C3423}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{2D1DA045-E6F3-4E61-8B58-09A2B4D127B7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{886AD962-8153-4159-87CD-B62FDC2082C1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{7A80EFAC-6237-4B15-BAF5-BE64147FDAB0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [{77972C1E-E53F-4BED-8729-A28881C6A6DE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Pit\ThePit.exe
FirewallRules: [UDP Query User{2E61565B-6990-4A59-AE0E-F6C62FDC1DE2}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [TCP Query User{C8BB4F09-9EBD-4E1D-8936-B3E50C6E4D14}D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe
FirewallRules: [{90D6DEB5-8542-451E-A9BD-2D2286A3D021}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{EBB68814-2F91-4013-8070-5C95AF8607A9}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{9750FC29-0CA8-486F-95A9-36C4511641BE}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [TCP Query User{F29253DD-845B-4919-998C-A17C61A6C79F}D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [{187B787F-EE9D-4C6F-96C3-32A8F562C51A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F2CFB36F-C2CC-4D5A-8DD7-BE70E93E3E33}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2381088C-CD17-47C4-AC5F-E1506F86ECCC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{221BFBEA-B5BC-45D2-A5C5-403E609A2881}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{1F811F5D-1A1E-4A01-A9B9-8BB8E9473BA3}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{0358047A-3434-4402-B322-0FACD892A43C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80AB33F4-0E65-4A46-B32E-8E9EBE45DD3C}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A952EF7-3588-466C-8A42-73B02A5AA105}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{FF71BAD1-507C-4A03-BCCC-5CC8F25A1C81}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
FirewallRules: [{ACD0D2F6-E2E9-480A-9880-8EBDA343F9CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BD06E472-490F-4FE3-8DA8-6E92828236CB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{90A76F71-FE1A-4BA6-BFAD-47833C7C8DD0}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{611FC127-1D6D-4C24-9311-8CB9698A04D7}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Plants Vs Zombies\PlantsVsZombies.exe
FirewallRules: [{6900030B-CA52-4002-85A0-F6D062934084}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{44BD211B-77B4-4D2A-9D02-4FCC0BFB0802}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{2007D810-87C9-4BE4-B4B3-464DFC37D3DB}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{2DE4FE91-3DE7-4BEE-B526-1B9E3E49A63D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{3AED1BF5-E810-4E51-9364-80407CA23461}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{ECB390C3-738D-4B22-B16C-26DC851F99D4}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Tropico 4\Tropico4.exe
FirewallRules: [{7DC90B57-3390-4F05-900C-95684DF0C086}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [{5C498397-C8AF-4CCA-BED1-C4860DD31D4A}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Ziggurat\Ziggurat.exe
FirewallRules: [TCP Query User{B2D2A1CF-D1BD-4928-A88D-CD89D25643D4}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{15165249-D612-4401-A12E-73006BD53D38}D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{940A0DFB-D5B1-4853-8569-567CE94CFFB5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{72B4EC1E-53D4-49A2-B225-06F326413486}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{3988B9CA-DB40-4984-9ACF-CC92E48F2A75}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{ABAA0DC2-1BE5-4550-BA80-D39A001006CF}D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{F454F959-DF9D-432C-A534-F47BD03F9D59}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{D0D77C75-CD16-4342-9568-80C3B1B7A4BE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A48B48B0-9FD3-4E9D-9ACA-2E14733C0628}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{50D307DD-113C-493A-B5B8-E51DD3ED25FA}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3EEFD00B-71C6-4632-83D8-A7590B7CBD16}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{49AA4E96-2322-487C-80C6-FB3DE7AF5B7E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [TCP Query User{AE788611-7C47-462A-AC76-0A9E97D4300A}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D0574057-5293-4840-B837-0657D8A426AB}D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3E7801EE-AD3D-4DCB-8FEE-10B28323BB7F}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [UDP Query User{98EBC094-13DD-4CB7-BBF5-DB7CBC61C8B6}C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.9093\battle.net.exe
FirewallRules: [TCP Query User{2DFCF6C9-A0B8-4489-9FEC-C73FFB47C816}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CA458EE1-B8AA-409A-945E-3D788C7900BE}D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{302AD794-90E7-49AF-97F3-A539E626F4AC}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{93C87B87-B5FE-4FA4-BAB9-06285C9845D1}D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{41301FF2-2E70-41CB-9FD7-C0E969324E8A}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [UDP Query User{26585C94-4295-4072-A5F8-E6F019C6EA4E}D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe
FirewallRules: [TCP Query User{B5A9F877-151D-44C0-A1B7-DDB235AD06B1}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D591AA06-5DAC-4F2F-920F-D4714E1AE010}D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe
FirewallRules: [{A6ADFFDB-186B-407C-A274-8895B7A7447E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B4997078-67CC-42A8-A054-E3D59D343788}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{3C5B5F81-7BD4-4DA5-98AA-C080B1811000}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [{6B2D9AC0-303D-424C-96A1-A4091C3D5FFF}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\TacticalIntervention\bin\tacint.exe
FirewallRules: [TCP Query User{861C0C3B-1165-404E-9DF3-EA2A6CE86666}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B1B7202E-5CE9-4968-A76C-8384B960BCB7}D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe
FirewallRules: [{AFB2D075-0560-4276-B353-4C5A192287BD}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [{217356E9-0E31-4916-8330-56D5A50E2400}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Dementium 2\DII_Beta.exe
FirewallRules: [TCP Query User{D87974C5-6960-4B99-835C-A84A8C5F151D}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CC484CF4-EDCF-4429-935F-74DDE4322EFE}D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FD5F9239-E1B6-471D-B3F3-DE2BC7F72536}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{95EE92CB-F7A8-4702-B84C-5EAD4A3D39DB}D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57589\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{524D1693-9E29-4F9F-A543-E366FA4EB9DE}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2F6426D7-F430-41C5-9E01-7CE671E1616F}D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base57797\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3FC9D089-BE27-4E4A-B682-CBF0BCAFC580}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98F45318-DDB7-4588-A7BC-E42AFF540DD5}D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58209\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{83DFFEEC-DDAA-48A6-9680-E945178BDE7F}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{EEEC02B6-8AB2-47AB-88FA-A91084E78635}D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58482\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{54C45AB9-0BBB-4FAC-AFB4-6CD753996C00}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DA3CAC01-AAF5-47C5-9790-1356B48EEEAA}D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58623\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{86FFF1AE-9B60-4BB2-A523-5FBA74A3E2D5}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E42A70EB-A988-45AF-984F-95B3C7B0617F}D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base58795\heroesofthestorm_x64.exe
FirewallRules: [{B8417AE4-B69E-4608-A025-609146443F52}] => (Allow) C:\Program Files (x86)\Opera\48.0.2685.52\opera.exe
FirewallRules: [TCP Query User{095C0C30-718A-40E1-9C91-7BAF35A4C77F}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B4F82A47-2FA5-4CFB-8216-6C2116E279BE}D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe] => (Allow) D:\program files (x86)\heroes of the storm\versions\base59239\heroesofthestorm_x64.exe
FirewallRules: [{EFA43A2F-4D6A-4937-9D2B-586804D5F557}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7BE53509-65C8-4556-973D-6597197D3797}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{1411DA5A-5E72-43E9-8AC1-CDB55E3133B5}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{01FE5BA2-9C1A-49E9-8217-2AA702B291E5}] => (Allow) C:\Program Files (x86)\Opera\49.0.2725.34\opera.exe

==================== Wiederherstellungspunkte =========================

26-10-2017 12:15:27 Geplanter Prüfpunkt
04-11-2017 12:40:13 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/08/2017 12:36:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.WindowsStore_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2017 08:22:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: USER-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/06/2017 06:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wow-64.exe, Version 7.3.2.25383 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1784

Startzeit: 01d3572705fec3f2

Beendigungszeit: 4294967295

Anwendungspfad: D:\Program Files (x86)\World of Warcraft\Wow-64.exe

Berichts-ID: fd5e60e0-aec4-48f7-8502-a3b2bedb5612

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (11/03/2017 08:09:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x23d4
Startzeit der fehlerhaften Anwendung: 0x01d35472830fa356
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 0cec459e-07fe-4a87-8388-94a009887aed
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/01/2017 01:32:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: USER-PC)
Description: Das Paket „Microsoft.Windows.ShellExperienceHost_10.0.15063.674_neutral_neutral_cw5n1h2txyewy+App“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (10/31/2017 10:48:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.15063.0, Zeitstempel: 0x02799ef5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x8400000e
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x2be0
Startzeit der fehlerhaften Anwendung: 0x01d3522d4d2cc634
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: d3ad92b3-a270-4aba-88ee-b351169a6b70
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (10/30/2017 02:39:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.


Systemfehler:
=============
Error: (11/11/2017 03:53:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Software Protection" wurde nicht richtig gestartet.

Error: (11/11/2017 03:51:03 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Manager für heruntergeladene Karten" wurde nicht richtig gestartet.

Error: (11/11/2017 03:48:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Übermittlungsoptimierung" wurde nicht richtig gestartet.

Error: (11/11/2017 03:48:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/11/2017 03:48:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/11/2017 03:44:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (11/11/2017 03:44:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.

Error: (11/11/2017 03:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (11/11/2017 03:44:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (11/11/2017 03:43:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.


CodeIntegrity:
===================================
  Date: 2017-06-24 20:48:50.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:13.113
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.775
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 20:48:12.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:58.615
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:23.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:46:22.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-06-24 14:45:33.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 16265.62 MB
Verfügbarer physikalischer RAM: 10884.55 MB
Summe virtueller Speicher: 32649.62 MB
Verfügbarer virtueller Speicher: 26952.8 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:487.84 GB) (Free:366.98 GB) NTFS
Drive d: () (Fixed) (Total:1374.51 GB) (Free:716.25 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0CD429A7)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 12.11.2017, 11:37

Servus,

Schritt 1

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
C:\Program Files (x86)\b10a0213-acef-4521-99fa-0d6aa48db07e
Reboot:
End::

Starte nun FRST und klicke direkt den Entfernen Button. Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Deinstalliere Google Chrome über die Systemsteuerung. (Bebilderte Anleitung)
Setze bei der Deinstallation auch einen Haken vor Auch die Browserdaten löschen (oder so ähnlich).
Starte den Rechner im Anschluss neu auf.
Installiere Google Chrome neu (falls benötigt). Keine Erweiterungen/Plugins installieren und nicht mit einem evtl. vorhandenen Konto verbinden/synchronisieren.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix (fixlog.txt),
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

zabasu · 12.11.2017, 15:00

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2017
durchgeführt von User (12-11-2017 14:02:31) Run:5
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
C:\Program Files (x86)\b10a0213-acef-4521-99fa-0d6aa48db07e
Reboot:

*****************

C:\Program Files (x86)\b10a0213-acef-4521-99fa-0d6aa48db07e => erfolgreich verschoben


Das System musste neu gestartet werden.

==== Ende von Fixlog 14:02:31 ====

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017
durchgeführt von User (Administrator) auf USER-PC (12-11-2017 14:57:20)
Gestartet von C:\Users\User\Desktop
Geladene Profile: User (Verfügbare Profile: User & DefaultAppPool)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\SysWOW64\ASGT.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(GOG.com) D:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Origin\QtWebEngineProcess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Take-Two Interactive Software, Inc.) D:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Valve Corporation) D:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-26] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-09-14] (CANON INC.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-31] (Valve Corporation)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3098952 2017-11-02] (Electronic Arts)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [GalaxyClient] => D:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [5187648 2017-10-19] (GOG.com)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => Keine Datei
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-07-08] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8b0d2022-b991-4718-93be-7a02131a75f6}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2440112941-538450990-2588341026-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2440112941-538450990-2588341026-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2017-11-06] ()

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-11-12]
CHR Extension: (Präsentationen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-12]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-12]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-12]
CHR Extension: (Adobe Acrobat) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-12]
CHR Extension: (Tabellen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-12]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-12]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-11-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-12]
CHR Extension: (Google Mail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-12]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Session Restore: -> ist aktiviert.
OPR Extension: (Radio Canyon) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\bikofacodmhdpkfdeeocponfcgjcdfbk [2015-06-27]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [48640 2015-05-29] () [Datei ist nicht signiert]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-02] () [Datei ist nicht signiert]
S3 DAUpdaterSvc; D:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-01-28] (BioWare)
S3 GalaxyClientService; D:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [536128 2017-10-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8256576 2017-10-11] (GOG.com)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [101528 2007-04-13] () [Datei ist nicht signiert]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123104 2017-11-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3002728 2017-11-02] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1451336 2017-10-23] (Overwolf LTD)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [Datei ist nicht signiert]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [Datei ist nicht signiert]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [Datei ist nicht signiert]
R3 ikbevent; C:\WINDOWS\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\WINDOWS\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-10-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-12] (Malwarebytes)
R1 MpKslb43a4178; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76B664E1-8378-4AEC-878C-55A977ACAACF}\MpKslb43a4178.sys [58120 2017-11-12] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-04-27] ()
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-12 14:02 - 2017-11-12 14:02 - 000000000 ____D C:\Users\User\Desktop\FRST-OlderVersion
2017-11-12 14:01 - 2017-11-12 14:01 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-12 14:01 - 2017-11-12 14:01 - 000002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-12 14:00 - 2017-11-12 14:00 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-12 14:00 - 2017-11-12 14:00 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-11 16:08 - 2017-11-12 14:58 - 000019277 _____ C:\Users\User\Desktop\FRST.txt
2017-11-11 16:04 - 2017-11-11 16:04 - 001783198 _____ C:\Users\User\Downloads\Nicht bestätigt 309963.crdownload
2017-11-11 15:59 - 2017-11-11 16:07 - 000001113 _____ C:\Users\User\Desktop\Search.txt
2017-11-11 15:42 - 2017-11-12 14:02 - 000000602 _____ C:\Users\User\Desktop\Fixlog.txt
2017-11-10 22:29 - 2017-11-10 22:36 - 000001806 _____ C:\Users\User\Desktop\mbam.txt.txt
2017-11-09 19:25 - 2017-11-12 14:02 - 002392576 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2017-11-08 22:51 - 2017-11-08 22:51 - 008261584 _____ (Malwarebytes) C:\Users\User\Desktop\AdwCleaner_7.0.4.0.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-11-12 14:57 - 2015-02-22 13:06 - 000000000 ____D C:\FRST
2017-11-12 14:50 - 2013-10-01 21:09 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-11-12 14:10 - 2014-05-29 21:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Origin
2017-11-12 14:09 - 2014-05-29 21:38 - 000000000 ____D C:\ProgramData\Origin
2017-11-12 14:04 - 2016-04-30 07:35 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2017-11-12 14:03 - 2017-10-05 22:14 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-12 14:03 - 2017-05-21 10:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-12 14:03 - 2016-09-22 06:47 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-12 14:02 - 2017-03-18 12:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-11-12 14:01 - 2013-10-01 20:28 - 000000000 ____D C:\Users\User\AppData\Local\Google
2017-11-12 14:00 - 2013-10-01 20:28 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-12 13:58 - 2013-11-02 10:35 - 000000426 _____ C:\Users\User\Desktop\Ragnarok.txt
2017-11-12 13:02 - 2017-05-21 09:53 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-12 12:36 - 2017-05-21 10:15 - 000004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C722207A-59FA-447E-9A7F-6EE09C1510F3}
2017-11-12 06:57 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-12 06:57 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-12 04:00 - 2013-12-26 21:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2017-11-12 00:43 - 2015-03-26 14:24 - 000000000 ____D C:\Users\User\AppData\Local\Ubisoft Game Launcher
2017-11-11 17:39 - 2014-04-17 18:35 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2017-11-11 16:54 - 2014-04-17 18:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-11-11 15:56 - 2017-06-29 15:13 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2017-11-11 15:56 - 2017-05-21 10:15 - 000003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1380645316
2017-11-11 15:56 - 2013-10-01 16:45 - 000000000 ____D C:\Program Files (x86)\Opera
2017-11-11 15:43 - 2016-05-02 04:54 - 000000000 ____D C:\Users\User\AppData\LocalLow\Temp
2017-11-10 22:20 - 2017-05-21 09:57 - 002427406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-10 22:20 - 2017-03-20 05:35 - 001068990 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-10 22:20 - 2017-03-20 05:35 - 000249490 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-10 22:12 - 2015-02-20 23:11 - 000000000 ____D C:\AdwCleaner
2017-11-08 23:26 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-08 16:31 - 2013-12-16 20:18 - 000000851 _____ C:\Users\User\Desktop\adressen.txt
2017-11-07 00:16 - 2017-07-27 16:17 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2440112941-538450990-2588341026-1000
2017-11-07 00:16 - 2016-04-30 07:44 - 000002380 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 00:16 - 2016-04-30 07:44 - 000000000 ___RD C:\Users\User\OneDrive
2017-11-06 21:29 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-05 14:14 - 2017-05-21 10:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2017-11-04 09:48 - 2014-05-29 21:38 - 000000000 ____D C:\Program Files (x86)\Origin
2017-11-03 23:59 - 2014-06-05 19:28 - 000000000 ____D C:\Users\User\AppData\Local\SniperV2
2017-10-30 14:42 - 2014-01-10 17:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity
2017-10-27 16:04 - 2013-12-26 21:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2017-10-26 12:48 - 2014-07-27 01:10 - 000000000 ____D C:\Users\User\AppData\Roaming\RenPy
2017-10-26 08:14 - 2017-05-21 10:15 - 000004642 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-26 08:14 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-25 21:31 - 2015-01-21 17:02 - 000000000 ____D C:\Users\User\AppData\Local\JDownloader v2.0
2017-10-24 00:24 - 2016-06-10 22:28 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2017-10-13 14:16 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-03-23 13:41 - 2014-03-23 13:41 - 000000044 _____ () C:\Users\User\AppData\Roaming\WB.CFG

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-11-05 15:13

==================== Ende von FRST.txt ============================

09.11.2017, 17:06	#5
M-K-D-B /// TB-Ausbilder	Probleme mit nicht Löschbarer Adware.Elex.ShrtCln Servus, deine Version von FRST ist total veraltet. Bitte erneut starten. Normalerweise sollte es sich updaten. Dann nochmal einen Suchlauf durchführen. Wenn nicht, von hier die aktuellste Version laden.

Probleme mit nicht Löschbarer Adware.Elex.ShrtCln

Plagegeister aller Art und deren Bekämpfung: Probleme mit nicht Löschbarer Adware.Elex.ShrtCln