Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hijack.exe+Virus Neshta file nach installation von visual studio

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.12.2018, 03:15   #1
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Guten Morgen,
wie im Titel schon geschrieben habe ich nach der Installation von Visual Studio mir die 2 eingefangen.
Installiert habe ich VS von der Microsoft Seite dazu. Ich hoffe mir kann geholfen werden.

Hier mal meine Logs dazu.

FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 09.12.2018
durchgeführt von Mortifer (Administrator) auf DESKTOP-HP1IRVV (17-12-2018 02:56:28)
Gestartet von C:\Users\Mortifer\Desktop
Geladene Profile: Mortifer (Verfügbare Profile: Mortifer)
Platform: Windows 10 Pro Version 1803 17134.471 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Program Files\Firefox Nightly\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
() C:\Windows\runSW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
(Electronic Arts) D:\Games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(VMware, Inc.) D:\VMware Workstation\Workstation\vmware-authd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Realtek) C:\Windows\SwUSB.exe
() D:\VMware Workstation\Workstation\vmware-hostd.exe
() C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(OldTimer Tools) C:\Users\Mortifer\Desktop\OTL.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMware Workstation\Workstation\vmware-tray.exe [125872 2018-09-19] (VMware, Inc.)
HKLM-x32\...\Run: [WPSTool] => C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe [1891840 2018-02-06] (TP-Link Technologies Co., Ltd)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [CCEnhancer] => C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe [895488 2018-12-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3268176 2018-09-10] (Dominik Reichl)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [VeraCrypt] => C:\Program Files\VeraCrypt\VeraCrypt.exe [5896240 2018-11-02] (IDRIX)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2053472 2017-07-24] (Palit Microsystems Ltd.)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [EpicGamesLauncher] => D:\Games\Fortnite\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [35149712 2018-12-14] (Epic Games, Inc.)
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [3173152 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3478256 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [EADM] => D:\Games\Origin\Origin.exe [3155240 2018-12-16] ()
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [19554936 2018-11-28] (Piriform Software Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{3615a814-1cd2-4d8f-8a5c-417e21555e98}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2411979688-3473291244-4169740345-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kein Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-12-10] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-12-10] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: lwvz5smc.default
FF ProfilePath: C:\Users\Mortifer\AppData\Roaming\Mozilla\Firefox\Profiles\lwvz5smc.default [nicht gefunden] <==== ACHTUNG
FF DefaultProfile: x4qx88x5.default
FF ProfilePath: C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default [2018-12-17]
FF Extension: (Dark Moon) - C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default\Extensions\darkmoon@lootyhoof-pm.xpi [2018-11-02] [Legacy] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Mortifer\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\x4qx88x5.default\Extensions\langpack-de@palemoon.org.xpi [2018-11-23] [Legacy] [ist nicht signiert]
FF Extension: (Firefox ESR configurer for OLDJAWS screen reader ) - C:\Program Files\Mozilla Firefox\browser\features\jaws-esr@mozilla.org.xpi [2018-10-17] [Legacy] [ist nicht signiert]
FF HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\Firefox\Extensions: [{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}] - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDFirefoxExt
FF Extension: (Allavsoft Video Downloader Firefox Extension) - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDFirefoxExt [2018-11-24] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-12-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-12-10] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Keine Datei]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-02] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-11-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-11-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
StartMenuInternet: Firefox-6F193CCC56814779 - C:\Program Files\Firefox Nightly\firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default [2018-12-17]
CHR Extension: (Slides) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-11-09]
CHR Extension: (Docs) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-11-09]
CHR Extension: (Google Drive) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-11-09]
CHR Extension: (YouTube) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-11-09]
CHR Extension: (Allavsoft video downloader converter) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif [2018-12-02]
CHR Extension: (Sheets) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-02]
CHR Extension: (Morpheon Dark) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-12-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-09]
CHR Extension: (Gmail) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-11-09]
CHR Extension: (Chrome Media Router) - C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-09]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDChromeExt.crx [2018-11-24]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7398152 2018-12-16] () [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-12-07] (Microsoft Corporation)
R2 dnscrypt-proxy; C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe [5389968 2018-07-09] ()
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [843904 2018-12-16] () [Datei ist nicht signiert]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-12-16] () [Datei ist nicht signiert]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-12-16] () [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [290768 2018-12-16] () [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518080 2017-10-11] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2310976 2018-12-16] () [Datei ist nicht signiert]
R2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [3130696 2018-11-20] (Electronic Arts)
R2 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [38664 2018-10-17] ()
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [253776 2018-09-20] (Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [281840 2018-10-29] ()
R2 RunSwUSB; C:\Windows\runSW.exe [59232 2018-02-07] ()
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [534400 2018-09-26] (Razer Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-10-06] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1725728 2018-12-16] () [Datei ist nicht signiert]
R2 VMAuthdService; D:\VMware Workstation\Workstation\vmware-authd.exe [100784 2018-09-19] (VMware, Inc.)
R2 VMwareHostd; D:\VMware Workstation\Workstation\vmware-hostd.exe [15445936 2018-09-19] ()
S3 VSStandardCollectorService150; D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [157480 2018-08-02] (Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe [3921592 2018-12-16] () [Datei ist nicht signiert]
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe [155680 2018-12-16] () [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [303712 2018-11-01] (Bluestack System Inc. )
S3 CorsairCAHS1; C:\Windows\system32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
R3 kmloop; C:\Windows\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-12-17] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-12-17] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-12-17] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-17] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-12-17] (Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.)
R1 npf; C:\Windows\system32\DRIVERS\npf.sys [81688 2018-03-03] (Insecure.Com LLC.)
S4 npf_wifi; C:\Windows\system32\DRIVERS\npf.sys [81688 2018-03-03] (Insecure.Com LLC.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e59b844303b9907e\nvlddmkm.sys [20395400 2018-11-16] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-10-11] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [36384 2018-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-10-11] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [74576 2018-10-01] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [7148864 2018-04-10] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 tapexpressvpn; C:\Windows\System32\drivers\tapexpressvpn.sys [45024 2018-11-06] (The OpenVPN Project)
R3 tapprotonvpn; C:\Windows\System32\drivers\tapprotonvpn.sys [44976 2018-06-01] (The OpenVPN Project)
R0 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [828776 2018-11-02] (IDRIX)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2018-09-19] (VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92040 2018-06-22] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-x64.sys [52576 2018-02-28] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [46680 2018-12-11] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [330936 2018-12-11] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62136 2018-12-11] (Microsoft Corporation)
R3 ysusb_w10_64; C:\Windows\system32\drivers\ysusb_w10_64.sys [173536 2018-08-01] (Yamaha Corporation)
U3 dmwappushsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-17 02:56 - 2018-12-17 02:56 - 000025010 _____ C:\Users\Mortifer\Desktop\FRST.txt
2018-12-17 02:55 - 2018-12-17 02:56 - 000000000 ____D C:\FRST
2018-12-17 02:54 - 2018-12-17 02:54 - 002417152 _____ (Farbar) C:\Users\Mortifer\Desktop\FRST64.exe
2018-12-17 02:50 - 2018-12-17 02:50 - 000001495 _____ C:\Users\Mortifer\Desktop\malwbscan.txt
2018-12-17 02:47 - 2018-12-17 02:47 - 000018534 _____ C:\Users\Mortifer\Desktop\install.progs.txt
2018-12-17 02:24 - 2018-12-17 02:24 - 003899256 _____ C:\Users\Mortifer\Desktop\OTL.Txt
2018-12-17 02:24 - 2018-12-17 02:24 - 000096270 _____ C:\Users\Mortifer\Desktop\Extras.Txt
2018-12-17 02:20 - 2018-12-08 08:39 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2018-12-17 02:20 - 2018-12-08 08:36 - 005746688 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2018-12-17 02:20 - 2018-12-08 08:28 - 004529664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2018-12-17 02:12 - 2018-12-17 02:12 - 001107968 _____ C:\Users\Mortifer\Desktop\RSIT.exe
2018-12-17 02:12 - 2017-09-10 17:37 - 000743600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mortifer\Desktop\autorunsc64.exe
2018-12-17 02:12 - 2017-09-10 17:34 - 000845488 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mortifer\Desktop\Autoruns64.exe
2018-12-17 02:12 - 2017-09-10 17:31 - 000629928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mortifer\Desktop\autorunsc.exe
2018-12-17 02:12 - 2017-09-10 17:27 - 000716968 _____ (Sysinternals - www.sysinternals.com) C:\Users\Mortifer\Desktop\Autoruns.exe
2018-12-17 02:12 - 2017-09-10 17:22 - 000050512 _____ C:\Users\Mortifer\Desktop\autoruns.chm
2018-12-17 02:12 - 2017-06-13 15:52 - 000007490 _____ C:\Users\Mortifer\Desktop\Eula.txt
2018-12-17 02:09 - 2018-12-17 02:09 - 001306150 _____ C:\Users\Mortifer\Desktop\Autoruns.zip
2018-12-17 02:07 - 2018-12-17 02:07 - 000602112 _____ (OldTimer Tools) C:\Users\Mortifer\Desktop\OTL.exe
2018-12-17 02:04 - 2018-12-17 02:04 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-17 02:04 - 2018-12-17 02:04 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-17 02:04 - 2018-12-17 02:04 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-17 01:35 - 2018-12-17 01:35 - 000001528 _____ C:\Users\Mortifer\Desktop\fileeeeeeeeee.txt
2018-12-17 01:28 - 2018-12-17 01:28 - 000000000 ____D C:\Users\Mortifer\Desktop\backups
2018-12-17 01:20 - 2018-12-17 01:20 - 000388608 _____ (Trend Micro Inc.) C:\Users\Mortifer\Desktop\HijackThis.exe
2018-12-17 01:10 - 2018-12-17 02:04 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-12-17 01:10 - 2018-12-17 01:10 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-12-17 01:10 - 2018-12-17 01:10 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-12-17 01:10 - 2018-12-17 01:10 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-12-17 01:10 - 2018-12-17 01:10 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-12-17 01:10 - 2018-12-17 01:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-12-17 01:10 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2018-12-17 00:57 - 2018-12-17 00:57 - 019731263 _____ C:\Users\Mortifer\Downloads\tweaking.com_windows_repair_aio.zip
2018-12-17 00:53 - 2018-12-17 00:53 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\Mortifer\Downloads\spybotsd-2.7.64.0.exe
2018-12-17 00:49 - 2018-12-17 00:49 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-17 00:47 - 2018-12-17 00:48 - 000000000 ____D C:\AdwCleaner
2018-12-17 00:46 - 2018-12-17 00:46 - 007321808 _____ (Malwarebytes) C:\Users\Mortifer\Desktop\adwcleaner_7.2.5.0.exe
2018-12-17 00:30 - 2018-12-17 00:30 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\Users\Public\Documents\Python Scripts
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\Users\Mortifer\Documents\Visual Studio 2017
2018-12-17 00:25 - 2018-12-17 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Package Cache
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Program Files\IIS
2018-12-17 00:14 - 2018-12-17 00:14 - 000000000 ____D C:\Program Files (x86)\IIS
2018-12-17 00:13 - 2018-12-17 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\ProgramData\dftmp
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\VS2012Schemas
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\VS2010Schemas
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files\Microsoft SDKs
2018-12-17 00:13 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2018-12-17 00:03 - 2018-12-17 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\Program Files\Application Verifier
2018-12-17 00:00 - 2018-12-17 00:00 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2018-12-16 23:55 - 2018-12-17 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-12-16 23:55 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files\Windows Kits
2018-12-16 23:55 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2018-12-16 23:48 - 2018-04-11 06:46 - 000402944 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2018-12-16 23:48 - 2018-04-11 06:44 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2018-12-16 23:48 - 2018-04-11 05:12 - 000380416 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2018-12-16 23:48 - 2018-04-11 05:11 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2018-12-16 23:48 - 2018-04-10 21:41 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2018-12-16 23:48 - 2018-04-10 21:37 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2018-12-16 23:48 - 2018-04-10 21:15 - 017871360 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2018-12-16 23:48 - 2018-04-10 21:15 - 014058496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2018-12-16 23:48 - 2018-04-10 21:11 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2018-12-16 23:48 - 2018-04-10 21:11 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2018-12-16 23:48 - 2018-04-10 21:10 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2018-12-16 23:48 - 2018-04-10 21:10 - 000118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2018-12-16 23:48 - 2018-04-10 21:09 - 000238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 003632640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2018-12-16 23:48 - 2018-04-10 21:08 - 002249728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 001100288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000466944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2018-12-16 23:48 - 2018-04-10 21:08 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 001359872 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 000221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2018-12-16 23:48 - 2018-04-10 21:07 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2018-12-16 23:48 - 2018-04-10 21:06 - 001500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2018-12-16 23:48 - 2018-04-10 21:06 - 000539136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2018-12-16 23:48 - 2018-04-10 21:06 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2018-12-16 23:48 - 2018-04-10 21:05 - 002000896 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2018-12-16 23:48 - 2018-04-10 21:05 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2018-12-16 23:48 - 2018-04-10 21:04 - 000189952 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2018-12-16 23:48 - 2018-04-10 21:03 - 002818560 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2018-12-16 23:48 - 2018-04-10 21:02 - 001178624 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2018-12-16 23:48 - 2018-04-10 21:02 - 000286720 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2018-12-16 23:45 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2018-12-16 23:42 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files\IIS Express
2018-12-16 23:42 - 2018-12-16 23:45 - 000000000 ____D C:\Program Files (x86)\IIS Express
2018-12-16 23:42 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
2018-12-16 23:42 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files (x86)\NuGet
2018-12-16 23:41 - 2018-12-16 23:42 - 000000000 ____D C:\Users\Mortifer\.dotnet
2018-12-16 23:41 - 2018-12-16 23:42 - 000000000 ____D C:\Program Files\dotnet
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\3082
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\2052
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1055
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1049
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1046
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1045
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1042
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1041
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1040
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1036
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1031
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1029
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\SysWOW64\1028
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\3082
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\2052
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1055
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1049
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1046
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1045
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1042
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1041
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1040
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1036
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1033
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1031
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1029
2018-12-16 23:38 - 2018-12-16 23:48 - 000000000 ____D C:\Windows\system32\1028
2018-12-16 23:38 - 2018-12-16 23:38 - 000001697 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
2018-12-16 23:38 - 2018-12-16 23:38 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2018-12-16 23:36 - 2018-12-16 23:46 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-12-16 23:35 - 2018-12-16 23:46 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-12-16 23:34 - 2018-12-17 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2018-12-16 23:34 - 2018-12-17 00:13 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-12-16 23:34 - 2018-12-16 23:55 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2018-12-16 23:33 - 2018-12-16 23:33 - 000001401 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2018-12-16 23:18 - 2018-12-17 00:28 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Visual Studio Setup
2018-12-16 23:18 - 2018-12-16 23:32 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-12-16 23:18 - 2018-12-16 23:18 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\vstelemetry
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft Visual Studio
2018-12-16 23:18 - 2018-12-16 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ServiceHub
2018-12-16 23:17 - 2018-12-16 23:17 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2018-12-16 23:16 - 2018-12-16 23:16 - 001281536 _____ (Microsoft Corporation) C:\Users\Mortifer\Documents\vs_community.exe
2018-12-16 22:23 - 2018-12-17 02:23 - 000000000 _____ C:\Windows\directx.sys
2018-12-16 22:06 - 2018-12-16 22:06 - 004996834 _____ C:\Users\Mortifer\Downloads\combo.rar
2018-12-16 21:52 - 2018-12-16 21:52 - 004173811 _____ C:\Users\Mortifer\Documents\125k-NLLD.txt
2018-12-16 21:26 - 2018-12-16 21:26 - 000000000 ____D C:\Users\Mortifer\Documents\Netflix Checker Pack Moataz
2018-12-16 21:26 - 2018-09-11 13:01 - 016792060 _____ C:\Users\Mortifer\Documents\Netflix Checker Pack Moataz.zip
2018-12-16 21:21 - 2018-12-16 21:21 - 000000000 ____D C:\Users\Mortifer\Documents\All-in-One Checker
2018-12-16 21:20 - 2018-10-13 21:53 - 002078383 _____ C:\Users\Mortifer\Documents\All-in-One Checker.rar
2018-12-16 21:18 - 2018-12-16 21:18 - 000000000 ____D C:\Users\Mortifer\Documents\Mail-Checker-2.0.0.1_1
2018-12-16 21:18 - 2018-09-14 03:47 - 002769828 _____ C:\Users\Mortifer\Documents\Mail-Checker-2.0.0.1_1.7z
2018-12-16 20:46 - 2018-12-16 20:46 - 000029820 _____ C:\Users\Mortifer\Downloads\you tube video ideas.xlsx
2018-12-16 19:46 - 2018-12-16 19:46 - 000020960 _____ C:\Users\Mortifer\Downloads\Best Digital Marketing Tools - CompleteDigitalMarketingCourse.com.xlsx
2018-12-16 19:43 - 2018-12-16 19:43 - 000431466 _____ C:\Users\Mortifer\Downloads\Digital-Marketing-Demystified.pdf
2018-12-16 19:02 - 2018-12-16 19:02 - 000016775 _____ C:\Users\Mortifer\Documents\links.txt
2018-12-16 19:01 - 2018-12-16 19:01 - 000003199 _____ C:\Users\Mortifer\Documents\my gpgkey.txt
2018-12-16 18:51 - 2018-12-16 18:51 - 000005932 _____ C:\Users\Mortifer\Downloads\notepad-plus-plus-master.zip
2018-12-16 18:51 - 2018-12-16 18:51 - 000000000 ____D C:\Users\Mortifer\Downloads\notepad-plus-plus-master
2018-12-16 14:55 - 2018-12-16 14:55 - 000001036 _____ C:\Users\Mortifer\Desktop\Nmap - Zenmap GUI.lnk
2018-12-16 14:55 - 2018-12-16 14:55 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2018-12-16 14:53 - 2018-12-16 14:54 - 000000000 ____D C:\Program Files\Npcap
2018-12-16 14:53 - 2018-12-16 14:53 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2018-12-16 14:53 - 2018-12-16 14:53 - 000000000 ____D C:\Windows\system32\Npcap
2018-12-16 14:52 - 2018-12-16 14:54 - 000000000 ____D C:\Program Files (x86)\Nmap
2018-12-16 14:51 - 2018-12-16 14:51 - 027530328 _____ (Insecure.org) C:\Users\Mortifer\Downloads\nmap-7.70-setup.exe
2018-12-16 07:03 - 2018-12-16 07:03 - 000000000 ____D C:\Users\Mortifer\Documents\BlackBullet
2018-12-16 07:02 - 2018-12-16 07:02 - 024203365 _____ C:\Users\Mortifer\Documents\BlackBullet.zip
2018-12-16 05:01 - 2018-12-16 05:01 - 001294682 _____ C:\Users\Mortifer\Downloads\ollybone-0.1.zip
2018-12-16 04:41 - 2018-12-16 04:41 - 000000810 _____ C:\Users\Mortifer\Documents\Downloads - Verknüpfung.lnk
2018-12-16 03:43 - 2018-12-16 04:07 - 000000000 ____D C:\Users\Mortifer\Desktop\olly
2018-12-16 03:36 - 2018-12-16 03:36 - 000213988 _____ C:\Users\Mortifer\Downloads\plug110.zip
2018-12-16 01:53 - 2018-12-16 01:53 - 000002157 _____ C:\Users\Mortifer\Desktop\PUBG MOBILE.lnk
2018-12-16 01:07 - 2018-12-16 01:07 - 000000000 ____D C:\Users\Mortifer\.pylint.d
2018-12-16 01:00 - 2018-12-16 01:00 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Python
2018-12-16 01:00 - 2018-12-16 01:00 - 000000000 ____D C:\Users\Mortifer\AppData\Local\pip
2018-12-16 00:58 - 2018-12-16 00:58 - 000000000 ____D C:\Users\Mortifer\.idlerc
2018-12-16 00:55 - 2018-12-16 00:55 - 000008933 _____ C:\Users\Mortifer\Desktop\recommender.py
2018-12-16 00:18 - 2018-12-16 11:20 - 000000000 ____D C:\Users\Mortifer\AppData\Local\AVAST Software
2018-12-16 00:17 - 2018-12-16 00:17 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-12-16 00:17 - 2018-12-16 00:17 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-12-16 00:16 - 2018-12-16 11:20 - 000000000 ____D C:\ProgramData\AVAST Software
2018-12-16 00:16 - 2018-12-16 00:18 - 000000009 _____ C:\Users\Mortifer\Downloads\Unlocker 1.9.2.msi
2018-12-16 00:15 - 2018-12-16 21:31 - 002531634 _____ C:\Users\Mortifer\Downloads\Unlocker 1.9.2_0541372110.exe
2018-12-16 00:08 - 2018-12-16 00:11 - 519474715 _____ C:\Users\Mortifer\Downloads\VMware-Fusion-11.0.2-10952296.dmg
2018-12-15 19:44 - 2018-12-15 04:06 - 000000000 _____ C:\Users\Mortifer\Desktop\firstTry
2018-12-15 18:32 - 2018-12-15 18:32 - 000051654 _____ C:\Users\Mortifer\Downloads\Hide Debugger v1.2.4.rar
2018-12-15 18:25 - 2018-12-15 18:25 - 000398311 _____ C:\Users\Mortifer\Downloads\PEiD-0.95-20081103.zip
2018-12-15 18:15 - 2018-12-16 21:31 - 004606600 _____ C:\Users\Mortifer\Downloads\vvpro25-64.exe
2018-12-15 12:00 - 2018-12-15 12:00 - 007135444 _____ C:\Users\Mortifer\Downloads\vb_decompiler_lite.zip
2018-12-15 11:18 - 2018-12-15 11:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Deployment
2018-12-15 11:18 - 2018-12-15 11:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Apps\2.0
2018-12-15 11:17 - 2018-12-15 11:17 - 000000000 ____D C:\Users\Mortifer\Downloads\Word_Add_in_Microsoft_Programmierer
2018-12-15 11:16 - 2018-12-15 11:16 - 018425568 _____ C:\Users\Mortifer\Downloads\Word_Add_in_Microsoft_Programmierer.zip
2018-12-15 02:43 - 2018-12-15 20:09 - 000000000 ____D C:\Python35
2018-12-15 02:42 - 2018-12-15 02:42 - 225065576 _____ (ActiveState Software Inc.) C:\Users\Mortifer\Downloads\ActivePython-3.5.4.3504-win64-x64-404899.exe
2018-12-15 02:36 - 2018-12-15 02:36 - 018542592 _____ C:\Users\Mortifer\Downloads\python-3.2.2.amd64.msi
2018-12-14 17:41 - 2018-12-14 17:41 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-12-14 17:41 - 2018-12-14 17:41 - 000001270 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2018-12-14 17:41 - 2018-12-14 17:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-12-14 10:01 - 2018-12-14 17:48 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Thunderbird
2018-12-14 10:01 - 2018-12-14 10:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Thunderbird
2018-12-14 09:57 - 2018-12-14 17:39 - 031795664 _____ (Mozilla) C:\Users\Mortifer\Downloads\Thunderbird Setup 60.3.3.exe
2018-12-12 10:20 - 2018-12-12 10:20 - 000000000 ____D C:\ProgramData\HP
2018-12-12 04:12 - 2018-12-08 13:42 - 004527800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-12-12 04:12 - 2018-12-08 13:42 - 001616824 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-12-12 04:12 - 2018-12-08 13:29 - 013572608 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 012710400 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 006586880 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2018-12-12 04:12 - 2018-12-08 13:28 - 004708864 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2018-12-12 04:12 - 2018-12-08 13:25 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-12-12 04:12 - 2018-12-08 13:25 - 011902976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-12-12 04:12 - 2018-12-08 13:23 - 003649024 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-12-12 04:12 - 2018-12-08 09:07 - 005625352 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2018-12-12 04:12 - 2018-12-08 09:06 - 001017168 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2018-12-12 04:12 - 2018-12-08 09:05 - 007520096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-12-12 04:12 - 2018-12-08 09:05 - 007436216 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-12-12 04:12 - 2018-12-08 09:04 - 009084216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-12-12 04:12 - 2018-12-08 09:04 - 002371296 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-12-12 04:12 - 2018-12-08 08:49 - 025855488 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-12-12 04:12 - 2018-12-08 08:47 - 000861744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2018-12-12 04:12 - 2018-12-08 08:46 - 002331480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-12-12 04:12 - 2018-12-08 08:45 - 006569040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-12-12 04:12 - 2018-12-08 08:45 - 006043496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-12-12 04:12 - 2018-12-08 08:42 - 022715392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-12-12 04:12 - 2018-12-08 08:41 - 007057408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2018-12-12 04:12 - 2018-12-08 08:40 - 004710912 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-12-12 04:12 - 2018-12-08 08:40 - 004384768 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-12-12 04:12 - 2018-12-08 08:38 - 022016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-12-12 04:12 - 2018-12-08 08:38 - 003392000 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-12-12 04:12 - 2018-12-08 08:36 - 007573504 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-12-12 04:12 - 2018-12-08 08:36 - 003396608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-12-12 04:12 - 2018-12-08 08:33 - 019405312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-12-12 04:12 - 2018-12-08 08:28 - 005775872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-12-12 04:12 - 2018-11-09 07:15 - 021388752 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-12-12 04:12 - 2018-11-09 03:56 - 001213472 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2018-12-12 04:12 - 2018-11-09 03:21 - 004866560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-12-12 04:12 - 2018-11-09 03:16 - 004939776 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-12-12 04:12 - 2018-11-09 02:26 - 004514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-12-12 04:11 - 2018-12-08 13:48 - 000034104 _____ C:\Windows\system32\SyncAppvPublishingServer.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 001786896 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001627656 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001422864 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001048712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 001038352 _____ (Microsoft Corporation) C:\Windows\system32\AppVPolicy.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000954384 _____ (Microsoft Corporation) C:\Windows\system32\AppVManifest.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000830480 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000825352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000750096 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000670224 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000652296 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000645320 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000495632 _____ (Microsoft Corporation) C:\Windows\system32\TransportDSA.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000399880 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000258064 _____ (Microsoft Corporation) C:\Windows\system32\AppVFileSystemMetadata.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000231440 _____ (Microsoft Corporation) C:\Windows\system32\AppVShNotify.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 000228368 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamMap.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000201744 _____ (Microsoft Corporation) C:\Windows\system32\AppVStreamingUX.dll
2018-12-12 04:11 - 2018-12-08 13:47 - 000180752 _____ (Microsoft Corporation) C:\Windows\system32\AppVDllSurrogate.exe
2018-12-12 04:11 - 2018-12-08 13:47 - 000173072 _____ (Microsoft Corporation) C:\Windows\system32\AppVNice.exe
2018-12-12 04:11 - 2018-12-08 13:46 - 000549760 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll
2018-12-12 04:11 - 2018-12-08 13:43 - 000304144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssecflt.sys
2018-12-12 04:11 - 2018-12-08 13:42 - 001634944 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-12-12 04:11 - 2018-12-08 13:41 - 002394960 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-12-12 04:11 - 2018-12-08 13:41 - 000481880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-12-12 04:11 - 2018-12-08 13:40 - 001454648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-12-12 04:11 - 2018-12-08 13:39 - 000444416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll
2018-12-12 04:11 - 2018-12-08 13:29 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\iemigplugin.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 005657600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.SecureAssessment.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storqosflt.sys
2018-12-12 04:11 - 2018-12-08 13:27 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\fdBth.dll
2018-12-12 04:11 - 2018-12-08 13:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 002892288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-12-12 04:11 - 2018-12-08 13:23 - 001856512 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 001661440 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 000503296 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2018-12-12 04:11 - 2018-12-08 13:23 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 001586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 001469952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2018-12-12 04:11 - 2018-12-08 13:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2018-12-12 04:11 - 2018-12-08 09:13 - 001040936 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-12-12 04:11 - 2018-12-08 09:12 - 000272408 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-12-12 04:11 - 2018-12-08 09:12 - 000269336 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-12-12 04:11 - 2018-12-08 09:12 - 000092688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bindflt.sys
2018-12-12 04:11 - 2018-12-08 09:07 - 001328632 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2018-12-12 04:11 - 2018-12-08 09:07 - 001221632 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-12-12 04:11 - 2018-12-08 09:07 - 001063416 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-12-12 04:11 - 2018-12-08 09:07 - 001030184 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-12-12 04:11 - 2018-12-08 09:07 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-12-12 04:11 - 2018-12-08 09:07 - 000076280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000777512 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-12-12 04:11 - 2018-12-08 09:06 - 000709936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\tcblaunch.exe
2018-12-12 04:11 - 2018-12-08 09:06 - 000491416 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-12-12 04:11 - 2018-12-08 09:06 - 000433168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2018-12-12 04:11 - 2018-12-08 09:06 - 000249088 _____ (Microsoft Corporation) C:\Windows\system32\weretw.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 002822656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 002463384 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001935008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001209888 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 001018880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000793592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000706040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000594224 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-12-12 04:11 - 2018-12-08 09:05 - 000421176 _____ (Microsoft Corporation) C:\Windows\system32\xbgmengine.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000413920 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-12-12 04:11 - 2018-12-08 09:05 - 000130312 _____ (Microsoft Corporation) C:\Windows\system32\rmclient.dll
2018-12-12 04:11 - 2018-12-08 09:05 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 004404720 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 002590296 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2018-12-12 04:11 - 2018-12-08 09:04 - 001943328 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001457032 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-12-12 04:11 - 2018-12-08 09:04 - 001257672 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 001188512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001150312 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 001140480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-12-12 04:11 - 2018-12-08 09:04 - 000982912 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 000885760 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000604984 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-12-12 04:11 - 2018-12-08 09:04 - 000527160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000416024 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000413176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000375608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000335672 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000268280 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000260800 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000158624 _____ (Microsoft Corporation) C:\Windows\system32\vertdll.dll
2018-12-12 04:11 - 2018-12-08 09:04 - 000128824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000058168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\iorate.sys
2018-12-12 04:11 - 2018-12-08 09:04 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2018-12-12 04:11 - 2018-12-08 08:47 - 000785760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 001989040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 001397104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000665224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000457056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2018-12-12 04:11 - 2018-12-08 08:46 - 000101192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rmclient.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 004789952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 002307240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2018-12-12 04:11 - 2018-12-08 08:45 - 001805656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001620472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001379816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 001011872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000567256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-12-12 04:11 - 2018-12-08 08:45 - 000129296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-12-12 04:11 - 2018-12-08 08:42 - 009084928 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2018-12-12 04:11 - 2018-12-08 08:39 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\wpnsruprov.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 002739200 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000419328 _____ (Microsoft Corporation) C:\Windows\system32\eeprov.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000132608 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageLiveTileTask.exe
2018-12-12 04:11 - 2018-12-08 08:38 - 000085504 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2018-12-12 04:11 - 2018-12-08 08:38 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcnfs.sys
2018-12-12 04:11 - 2018-12-08 08:38 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 002825728 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 001308160 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000395776 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Diagnostics.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\DataUsageHandlers.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\AppXApplicabilityBlob.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000184320 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\appsruprov.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000157696 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll
2018-12-12 04:11 - 2018-12-08 08:37 - 000079872 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 003090432 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 002364928 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 001768448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2018-12-12 04:11 - 2018-12-08 08:36 - 000356352 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2018-12-12 04:11 - 2018-12-08 08:36 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000153600 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2018-12-12 04:11 - 2018-12-08 08:36 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mmcss.sys
2018-12-12 04:11 - 2018-12-08 08:35 - 002126336 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001826816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001708544 _____ (Microsoft Corporation) C:\Windows\system32\MSPhotography.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 001551360 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 000808448 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-12-12 04:11 - 2018-12-08 08:35 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 002173440 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 001023488 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000684544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-12-12 04:11 - 2018-12-08 08:34 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 002904064 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001457152 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001264640 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 001058304 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2018-12-12 04:11 - 2018-12-08 08:33 - 000949248 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 000823296 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 000176640 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000895488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000796672 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-12-12 04:11 - 2018-12-08 08:32 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2018-12-12 04:11 - 2018-12-08 08:30 - 006647296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2018-12-12 04:11 - 2018-12-08 08:30 - 002966528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-12-12 04:11 - 2018-12-08 08:30 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2018-12-12 04:11 - 2018-12-08 08:29 - 005883904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 002700288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Diagnostics.dll
2018-12-12 04:11 - 2018-12-08 08:29 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 002258944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 001295360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 000391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-12-12 04:11 - 2018-12-08 08:28 - 000288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 002449408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 001986560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000555008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2018-12-12 04:11 - 2018-12-08 08:27 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2018-12-12 04:11 - 2018-12-08 08:26 - 001348096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2018-12-12 04:11 - 2018-12-08 08:26 - 000848384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000856576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2018-12-12 04:11 - 2018-12-08 08:25 - 000729088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000669696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-12-12 04:11 - 2018-12-08 08:25 - 000145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000735744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000533504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-12-12 04:11 - 2018-12-08 08:24 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-12-12 04:11 - 2018-12-08 07:16 - 000001310 _____ C:\Windows\system32\tcbres.wim
2018-12-12 04:11 - 2018-11-09 07:00 - 000177664 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-12-12 04:11 - 2018-11-09 06:59 - 008623616 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-12-12 04:11 - 2018-11-09 06:58 - 000244736 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-12-12 04:11 - 2018-11-09 06:57 - 004491264 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2018-12-12 04:11 - 2018-11-09 06:57 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\sensrsvc.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000381952 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2018-12-12 04:11 - 2018-11-09 06:56 - 000103936 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSoftwareInstallationClient.dll
2018-12-12 04:11 - 2018-11-09 06:55 - 001254400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2018-12-12 04:11 - 2018-11-09 06:55 - 000878592 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-12-12 04:11 - 2018-11-09 06:54 - 001535488 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2018-12-12 04:11 - 2018-11-09 06:32 - 020383832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-12-12 04:11 - 2018-11-09 06:22 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-12-12 04:11 - 2018-11-09 06:20 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-12-12 04:11 - 2018-11-09 06:20 - 003397632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2018-12-12 04:11 - 2018-11-09 06:19 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-12-12 04:11 - 2018-11-09 06:18 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-12-12 04:11 - 2018-11-09 06:18 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2018-12-12 04:11 - 2018-11-09 06:17 - 000704000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-12-12 04:11 - 2018-11-09 03:49 - 000723416 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-12-12 04:11 - 2018-11-09 03:49 - 000565048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2018-12-12 04:11 - 2018-11-09 03:49 - 000368656 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 003179760 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 002719736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-12-12 04:11 - 2018-11-09 03:48 - 001613288 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000899920 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000766704 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-12-12 04:11 - 2018-11-09 03:48 - 000745472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2018-12-12 04:11 - 2018-11-09 03:48 - 000375296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-12-12 04:11 - 2018-11-09 03:47 - 002765344 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 002571128 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 002062392 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2018-12-12 04:11 - 2018-11-09 03:47 - 001285432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-12-12 04:11 - 2018-11-09 03:47 - 000930616 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2018-12-12 04:11 - 2018-11-09 03:47 - 000537912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-12-12 04:11 - 2018-11-09 03:22 - 000185344 _____ (Microsoft Corporation) C:\Windows\system32\InstallServiceTasks.dll
2018-12-12 04:11 - 2018-11-09 03:22 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 001627136 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 000119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2018-12-12 04:11 - 2018-11-09 03:21 - 000112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2018-12-12 04:11 - 2018-11-09 03:21 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 006032384 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000530432 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000399872 _____ (Microsoft Corporation) C:\Windows\system32\BthAvctpSvc.dll
2018-12-12 04:11 - 2018-11-09 03:20 - 000193536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2018-12-12 04:11 - 2018-11-09 03:20 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 002368512 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-12-12 04:11 - 2018-11-09 03:19 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 001487360 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000573952 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000514048 _____ (Microsoft Corporation) C:\Windows\system32\BTAGService.dll
2018-12-12 04:11 - 2018-11-09 03:18 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 002584576 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 001069568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 002224640 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-12-12 04:11 - 2018-11-09 03:16 - 001364992 _____ (Microsoft Corporation) C:\Windows\system32\lpasvc.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 001225216 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2018-12-12 04:11 - 2018-11-09 03:16 - 000308736 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000943616 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000933888 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000884224 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2018-12-12 04:11 - 2018-11-09 03:15 - 000505344 _____ (Microsoft Corporation) C:\Windows\system32\edgeIso.dll
2018-12-12 04:11 - 2018-11-09 03:07 - 002417976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-12-12 04:11 - 2018-11-09 03:07 - 001299704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2018-12-12 04:11 - 2018-11-09 02:48 - 000550728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-12-12 04:11 - 2018-11-09 02:47 - 000295224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 002253184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 002161008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 001980776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 000829960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-12-12 04:11 - 2018-11-09 02:46 - 000721024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-12-12 04:11 - 2018-11-09 02:46 - 000573504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2018-12-12 04:11 - 2018-11-09 02:31 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2018-12-12 04:11 - 2018-11-09 02:31 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-12-12 04:11 - 2018-11-09 02:30 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallServiceTasks.dll
2018-12-12 04:11 - 2018-11-09 02:30 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2018-12-12 04:11 - 2018-11-09 02:29 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-12-12 04:11 - 2018-11-09 02:28 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-12-12 04:11 - 2018-11-09 02:28 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-12-12 04:11 - 2018-11-09 02:27 - 000463872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 000873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2018-12-12 04:11 - 2018-11-09 02:26 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-12-12 04:11 - 2018-11-09 02:25 - 000713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2018-12-12 04:11 - 2018-11-09 02:25 - 000705024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2018-12-12 04:11 - 2018-05-20 19:20 - 000022936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hvsicontainerservice.dll
2018-12-11 20:41 - 2018-12-11 21:16 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:51 - 000000000 ____D C:\ProgramData\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:41 - 000001230 _____ C:\Users\Public\Desktop\ProtonVPN.lnk
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\ProtonVPN AG
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2018-12-11 20:41 - 2018-12-11 20:41 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2018-12-11 17:01 - 2018-12-11 17:01 - 000003199 _____ C:\Users\Mortifer\Desktop\E52CD47FB3A7B96D5551EB48B7E0C348D07561BE.asc
2018-12-11 17:01 - 2018-12-11 17:01 - 000000735 _____ C:\Users\Mortifer\AppData\Local\recently-used.xbel
2018-12-11 11:32 - 2018-12-11 11:32 - 000597588 _____ C:\Users\Mortifer\Downloads\darknet crypocurrency.pdf
2018-12-11 09:46 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Local\gtk-2.0
2018-12-11 08:35 - 2018-12-11 08:35 - 000000907 _____ C:\Users\Public\Desktop\Claws-Mail.lnk
2018-12-11 08:35 - 2018-12-11 08:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claws Mail
2018-12-11 08:35 - 2018-12-11 08:35 - 000000000 ____D C:\Program Files\Claws Mail
2018-12-11 08:22 - 2018-12-11 08:22 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\claws Mail
2018-12-11 08:18 - 2018-12-11 08:46 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Claws-mail
2018-12-11 07:34 - 2018-12-11 07:36 - 000004938 _____ C:\Users\Mortifer\Desktop\test123456.gpg
2018-12-11 06:26 - 2018-12-11 06:26 - 000000007 _____ C:\Users\Mortifer\Desktop\new 20.txt
2018-12-11 06:12 - 2018-12-11 06:14 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\PyBitmessage
2018-12-11 04:51 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\kleopatra
2018-12-11 04:46 - 2018-12-11 17:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\gnupg
2018-12-11 04:46 - 2018-12-11 04:46 - 000002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000002116 _____ C:\Users\Public\Desktop\Kleopatra.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000001350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000001338 _____ C:\Users\Public\Desktop\GPA.lnk
2018-12-11 04:46 - 2018-12-11 04:46 - 000000000 ____D C:\Program Files (x86)\GnuPG
2018-12-11 04:45 - 2018-12-11 04:46 - 000000000 ____D C:\Program Files (x86)\Gpg4win
2018-12-11 04:29 - 2018-12-11 09:45 - 000000000 ____D C:\Users\Mortifer\Desktop\PGP
2018-12-11 02:42 - 2018-12-11 02:42 - 001269132 _____ C:\Users\Mortifer\Desktop\SQLi Dorks By The N3RoX.rar
2018-12-11 02:06 - 2018-12-11 02:06 - 000001555 _____ C:\Users\Mortifer\Desktop\prox.txt
2018-12-11 00:34 - 2018-12-11 00:34 - 000007676 _____ C:\Users\Mortifer\Downloads\Shodan Queries.txt
2018-12-11 00:23 - 2018-12-16 19:06 - 000067782 _____ C:\Users\Mortifer\Desktop\Meine URL's.txt
2018-12-10 23:25 - 2018-12-10 23:25 - 019833350 _____ C:\Users\Mortifer\Desktop\10.12.18.html
2018-12-10 23:10 - 2018-12-10 23:10 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Bishop_Fox
2018-12-10 23:09 - 2018-12-10 23:09 - 000002627 _____ C:\Users\Public\Desktop\SearchDiggity.lnk
2018-12-10 23:09 - 2018-12-10 23:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
2018-12-10 23:09 - 2018-12-10 23:09 - 000000000 ____D C:\Program Files (x86)\Bishop Fox
2018-12-10 23:08 - 2018-12-10 23:08 - 000000000 ____D C:\Users\Mortifer\Downloads\SearchDiggity_v3.1.0-MSI
2018-12-10 23:07 - 2018-12-10 23:08 - 011722751 _____ C:\Users\Mortifer\Downloads\SearchDiggity_v3.1.0-MSI.zip
2018-12-10 23:05 - 2018-12-10 23:05 - 000352456 _____ C:\Users\Mortifer\Desktop\Bing Queries.txt
2018-12-10 22:53 - 2018-12-10 22:53 - 004522562 _____ C:\Users\Mortifer\Downloads\Hacking_SharePoint_FINAL.pptx
2018-12-10 21:21 - 2018-12-10 21:21 - 000230122 _____ C:\Users\Mortifer\Downloads\Bypass IPTV.pdf
2018-12-10 15:19 - 2018-12-10 15:19 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Sun
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Users\Mortifer\AppData\LocalLow\Sun
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\ProgramData\Oracle
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-12-10 15:19 - 2018-12-10 15:19 - 000000000 ____D C:\Program Files\Java
2018-12-10 15:18 - 2018-12-10 15:18 - 074618232 _____ (Oracle Corporation) C:\Users\Mortifer\Downloads\jre-8u191-windows-x64.exe
2018-12-10 15:10 - 2018-12-10 15:14 - 000000000 ____D C:\Users\Mortifer\Desktop\ValidateCreditCard
2018-12-10 15:10 - 2007-01-13 00:59 - 000411003 _____ C:\Users\Mortifer\Desktop\ValidateCreditCard.jar
2018-12-10 05:44 - 2018-12-10 05:44 - 003260163 _____ C:\Users\Mortifer\Documents\Journey-Into-the-Hidden-Web-A-Guide-For-New-Researchers.pdf
2018-12-08 06:40 - 2018-12-14 14:39 - 000000912 _____ C:\Users\Public\Desktop\Battlefield™ V.lnk
2018-12-05 03:13 - 2018-12-05 03:13 - 000377734 _____ C:\Users\Mortifer\Downloads\RISCS-Annual-Report-2013.pdf
2018-12-05 03:06 - 2018-12-05 03:06 - 002200861 _____ C:\Users\Mortifer\Downloads\Thaler_2014_Fooling_wired_NAC.pdf
2018-12-05 02:27 - 2018-12-05 02:27 - 001804955 _____ C:\Users\Mortifer\Downloads\auditing-aspnet-applications-pci-dss-compliance-33869.pdf
2018-12-05 01:51 - 2018-12-05 01:51 - 000942032 _____ C:\Users\Mortifer\Downloads\guide-find-cardholder-data-automated-tools-pci-assessors-35477.pdf
2018-12-05 01:46 - 2018-12-05 01:46 - 000022765 _____ C:\Users\Mortifer\Downloads\hook.zip
2018-12-04 16:21 - 2018-12-04 16:21 - 000033280 _____ C:\Users\Mortifer\Documents\Kopie von businessanalysisfebruary2015_tcm77-399475.xls
2018-12-04 05:00 - 2018-12-04 05:00 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Wondershare
2018-12-04 02:34 - 2018-12-16 21:31 - 006849024 _____ C:\Users\Mortifer\Downloads\SDLTradosStudio2019TrialInstaller.exe
2018-12-04 02:34 - 2018-12-04 02:34 - 000000000 ____D C:\Users\Mortifer\Documents\SDL
2018-12-03 11:56 - 2018-12-03 11:56 - 000001365 _____ C:\Users\Public\Desktop\PDFelement 6 Pro.lnk
2018-12-03 11:56 - 2018-12-03 11:56 - 000000000 ____D C:\ProgramData\PDFelement 6 Pro
2018-12-03 11:56 - 2018-12-03 11:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-12-03 11:56 - 2017-10-19 10:17 - 000271360 _____ (Wondershare Software) C:\Windows\system32\WSPDFelementMonitor.dll
2018-12-03 11:55 - 2018-12-16 21:31 - 001028200 _____ C:\Users\Mortifer\Downloads\pdfelement6-pro_setup_full2990.exe
2018-12-03 11:55 - 2018-12-03 11:55 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-12-03 11:55 - 2018-11-27 18:16 - 011011136 _____ C:\Windows\SysWOW64\WSPECRT.dll
2018-12-03 11:54 - 2018-12-16 21:31 - 001449064 _____ C:\Users\Mortifer\Downloads\recoverit_setup_full4134.exe
2018-12-03 10:14 - 2018-12-03 11:02 - 000000000 ____D C:\Users\Mortifer\Documents\Malware Analyze Tools
2018-12-03 04:58 - 2018-12-03 05:02 - 000000000 ____D C:\Users\Mortifer\Documents\Video´s
2018-12-03 04:48 - 2018-12-03 05:17 - 087852792 _____ (Wondershare Software ) C:\Users\Mortifer\Downloads\pdf-converter-pro_full839.exe
2018-12-03 04:48 - 2018-12-03 04:50 - 007759926 _____ C:\Users\Mortifer\Downloads\thxg_card-giveaway.zip
2018-12-03 04:44 - 2018-12-03 04:55 - 033447176 _____ ( ) C:\Users\Mortifer\Downloads\3steppdf-1.2.0-October2017.exe
2018-12-03 04:43 - 2018-12-16 21:31 - 003004304 _____ C:\Users\Mortifer\Downloads\7-Data_Recovery_Suite_4.1.0.exe
2018-12-03 04:24 - 2018-12-10 13:22 - 000000000 ____D C:\Users\Mortifer\Desktop\Pirate Browser
2018-12-03 04:12 - 2018-12-03 04:19 - 022324759 _____ C:\Users\Mortifer\Desktop\w_sitb100.pdf
2018-12-03 01:27 - 2018-12-03 01:28 - 024133472 _____ (ExpressVPN) C:\Users\Mortifer\Downloads\expressvpn_6.8.0.5553.BETA.exe
2018-12-03 00:51 - 2018-12-03 01:30 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ExpressVPN
2018-12-03 00:51 - 2018-12-03 00:51 - 000000000 ____D C:\Users\Mortifer\AppData\Local\IsolatedStorage
2018-12-02 19:58 - 2018-12-02 19:58 - 033641900 _____ C:\Users\Mortifer\Downloads\Bitmessage-0.6.1_64.exe
2018-12-02 19:56 - 2018-12-02 20:08 - 035422880 _____ C:\Users\Mortifer\Downloads\Bitmessage_x86_0.6.3.2.exe
2018-12-01 14:45 - 2018-12-16 21:31 - 006604448 _____ C:\Users\Mortifer\Downloads\FiddlerSetup.exe
2018-12-01 11:57 - 2018-12-01 13:23 - 000000000 ____D C:\Users\Mortifer\Downloads\x64dbg
2018-12-01 10:14 - 2018-12-05 03:14 - 000000000 ____D C:\Users\Mortifer\Downloads\IDA
2018-12-01 09:42 - 2018-12-01 09:42 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Hex-Rays
2018-12-01 09:42 - 2018-12-01 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2018-12-01 09:41 - 2018-12-01 09:42 - 000000000 ____D C:\python27-x64
2018-12-01 09:41 - 2018-12-01 09:41 - 000000852 _____ C:\Users\Mortifer\Desktop\IDA Demo.lnk
2018-12-01 09:41 - 2018-12-01 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA Demo
2018-12-01 09:41 - 2018-12-01 09:41 - 000000000 ____D C:\Program Files\IDA Demo 7.2
2018-12-01 08:58 - 2018-12-01 09:38 - 000000000 ____D C:\Users\Mortifer\Documents\ArTeam
2018-12-01 05:14 - 2018-12-16 05:13 - 000000000 ____D C:\Users\Mortifer\Downloads\OllyDBG
2018-12-01 05:13 - 2018-12-01 05:13 - 000115034 _____ C:\Users\Mortifer\Downloads\Disasm201.zip
2018-12-01 05:13 - 2018-12-01 05:13 - 000075540 _____ C:\Users\Mortifer\Downloads\chicken.zip
2018-12-01 05:13 - 2018-12-01 05:13 - 000060720 _____ C:\Users\Mortifer\Downloads\language.zip
2018-12-01 05:12 - 2018-12-01 05:12 - 006965278 _____ C:\Users\Mortifer\Downloads\odbg201.zip
2018-12-01 04:41 - 2018-12-01 04:41 - 000000188 _____ C:\Users\Mortifer\Documents\pdf serials.txt
2018-12-01 04:26 - 2018-12-01 04:26 - 000000000 ____D C:\Users\Mortifer\Documents\Foxit_PhantomPDF_Business_9.3.0.10826_Multilingual_crackzsoft.com
2018-12-01 03:59 - 2018-12-01 03:59 - 000000000 ____D C:\Users\Mortifer\Documents\Wondershare PDFelement Professional 6.8.4.3921 Multilingual [CrackzSoft.com]
2018-11-28 05:02 - 2018-11-28 05:02 - 000254412 _____ C:\Users\Mortifer\Downloads\305096-The-Automation-of-Credit-Card-Fraud.pdf
2018-11-27 17:36 - 2018-11-27 17:43 - 000000000 ____D C:\Users\Mortifer\Desktop\peppi
2018-11-27 13:21 - 2018-12-12 14:47 - 000000000 ____D C:\Program Files (x86)\Origin Games
2018-11-27 12:26 - 2018-11-27 12:26 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\EasyAntiCheat
2018-11-27 11:51 - 2018-11-27 11:51 - 000000000 ____D C:\Users\Mortifer\ansel
2018-11-27 11:50 - 2018-11-16 00:29 - 000133160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-11-27 11:47 - 2018-11-16 20:40 - 019712744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 016989208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 015909720 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 013203592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001471632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001462416 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001167792 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001152008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 001145928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000914608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000822584 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000794840 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-11-27 11:47 - 2018-11-16 20:40 - 000637688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-11-27 11:47 - 2018-11-16 19:43 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000978128 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000978128 _____ C:\Windows\system32\vulkan-1.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000552144 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000456904 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-11-27 11:47 - 2018-11-16 16:44 - 000267984 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000267984 _____ C:\Windows\system32\vulkaninfo.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-27 11:47 - 2018-11-16 16:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-11-27 11:47 - 2018-11-16 16:42 - 002003424 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 001460128 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 001126280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 000631392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-11-27 11:47 - 2018-11-16 16:42 - 000521472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 040256992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 035154400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 004945288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 004316040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 002017536 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6441701.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 001510656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 001468192 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6441701.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 000750472 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-11-27 11:47 - 2018-11-16 16:41 - 000609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-11-27 11:31 - 2018-11-27 11:51 - 000000000 ____D C:\Users\Mortifer\Documents\Battlefield V
2018-11-27 11:27 - 2018-11-27 11:27 - 000000000 ____D C:\ProgramData\Electronic Arts
2018-11-27 11:02 - 2018-11-27 11:02 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2018-11-25 21:55 - 2018-11-25 21:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-11-25 21:50 - 2018-11-25 21:50 - 000000000 ____D C:\Users\Mortifer\.QtWebEngineProcess
2018-11-25 21:50 - 2018-11-25 21:50 - 000000000 ____D C:\Users\Mortifer\.Origin
2018-11-25 21:49 - 2018-12-16 17:56 - 000000000 ____D C:\ProgramData\Origin
2018-11-25 21:49 - 2018-12-16 12:27 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Origin
2018-11-25 21:49 - 2018-11-25 22:01 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Origin
2018-11-25 21:49 - 2018-11-25 21:49 - 063362344 _____ (Electronic Arts) C:\Users\Mortifer\Downloads\OriginThinSetup.exe
2018-11-25 20:45 - 2018-11-25 20:45 - 042718488 _____ (Mozilla) C:\Users\Mortifer\Downloads\GMX_Firefox_Setup.exe
2018-11-25 08:52 - 2018-12-11 13:41 - 000000000 ____D C:\Users\Mortifer\Documents\Book´s&Guides
2018-11-25 01:44 - 2018-11-25 01:44 - 009301680 _____ C:\Users\Mortifer\Downloads\CISSP_Tips_and_Tricks_E_Book.pdf
2018-11-25 01:35 - 2018-11-27 11:50 - 000000000 ____D C:\temp
2018-11-25 01:35 - 2018-11-25 01:35 - 000001634 _____ C:\Users\Public\Desktop\Razer Synapse.lnk
2018-11-25 01:35 - 2018-11-25 01:35 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Synapse3
2018-11-25 01:35 - 2018-11-25 01:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2018-11-25 01:34 - 2018-11-25 01:35 - 000000000 ____D C:\Program Files (x86)\Razer
2018-11-25 01:34 - 2018-11-25 01:34 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Razer
2018-11-25 01:31 - 2018-11-25 01:50 - 000000000 ____D C:\ProgramData\Razer
2018-11-25 00:31 - 2018-12-16 21:31 - 004312040 _____ C:\Users\Mortifer\Downloads\RazerSynapseInstaller_V1.0.87.116.exe
2018-11-24 11:48 - 2018-11-24 11:50 - 000995870 _____ C:\Users\Mortifer\Downloads\[Klassfield_M.]_Adobe_Photoshop_CC_(2015)_The_Ult(b-ok.cc).epub
2018-11-24 11:47 - 2018-11-24 11:47 - 005947208 _____ C:\Users\Mortifer\Downloads\[Björn_Franke_(eds.)]_Compiler_Construction_24th(b-ok.cc).pdf
2018-11-24 11:43 - 2018-11-24 11:45 - 000238147 _____ C:\Users\Mortifer\Downloads\[Gerald_M._Weinberg]_Perfect_Software_and_Other_Il(b-ok.cc).epub
2018-11-24 11:42 - 2018-11-24 11:42 - 004374958 _____ C:\Users\Mortifer\Downloads\Sanjib Sinha (auth.)-Beginning Ethical Hacking with Python-Apress (2017)-Kopieren.pdf
2018-11-24 11:41 - 2018-11-24 11:41 - 002084778 _____ C:\Users\Mortifer\Downloads\[IEEE_Computer_Society]_IEEE_Standard_for_Informat(b-ok.cc)-Kopieren.pdf
2018-11-24 11:35 - 2018-11-24 11:35 - 001333942 _____ C:\Users\Mortifer\Downloads\[IEEE_Computer_Society]_IEEE_Standard_for_Informat(b-ok.cc).pdf
2018-11-24 09:47 - 2018-12-16 21:31 - 002783048 _____ C:\Users\Mortifer\Downloads\uTorrent.exe
2018-11-24 09:32 - 2018-11-24 09:32 - 003868890 _____ C:\Users\Mortifer\Downloads\318d75acd08e962f02cbdc9411500d62
2018-11-24 07:47 - 2018-11-24 07:47 - 000002295 _____ C:\Users\Mortifer\Desktop\Fortnite Installer.lnk
2018-11-24 07:32 - 2018-11-24 07:32 - 000002175 _____ C:\Users\Mortifer\Desktop\Snapchat.lnk
2018-11-24 07:30 - 2018-11-24 07:30 - 000003628 _____ C:\Windows\System32\Tasks\BlueStacksHelper
2018-11-24 07:27 - 2018-11-24 07:27 - 000001798 _____ C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2018-11-24 07:27 - 2018-11-24 07:27 - 000001774 _____ C:\Users\Mortifer\Desktop\BlueStacks.lnk
2018-11-24 07:26 - 2018-11-27 11:49 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\NVIDIA
2018-11-24 07:26 - 2018-11-24 07:26 - 000000000 ____D C:\ProgramData\BlueStacks
2018-11-24 07:26 - 2018-11-24 07:26 - 000000000 ____D C:\Program Files\BlueStacks
2018-11-24 07:25 - 2018-11-24 07:25 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Bluestacks
2018-11-24 07:24 - 2018-12-16 21:31 - 001583624 _____ C:\Users\Mortifer\Downloads\BlueStacks - CHIP-Installer.exe
2018-11-24 07:05 - 2018-11-24 07:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-11-24 07:03 - 2018-11-24 07:03 - 082654607 _____ C:\Users\Mortifer\Downloads\Snapchat_v10.45.6.0_apkpure.com.apk
2018-11-24 03:07 - 2018-12-17 00:27 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Allavsoft
2018-11-24 03:07 - 2018-11-24 03:07 - 000000000 ____D C:\Users\Mortifer\Documents\Allavsoft
2018-11-24 03:06 - 2018-11-24 03:06 - 000000931 _____ C:\Users\Public\Desktop\Allavsoft.lnk
2018-11-24 03:06 - 2018-11-24 03:06 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allavsoft
2018-11-23 15:19 - 2018-11-23 15:19 - 003868890 _____ C:\Users\Mortifer\Desktop\Sanjib Sinha (auth.)-Beginning Ethical Hacking with Python-Apress (2017).pdf
2018-11-23 13:32 - 2018-11-23 13:32 - 004486692 _____ C:\Users\Mortifer\Documents\Kurzanleitung+Springer+Professional.pdf
2018-11-23 12:34 - 2018-11-23 14:08 - 000000000 ____D C:\Users\Mortifer\Downloads\2252000
2018-11-23 12:10 - 2018-11-23 12:10 - 024054018 _____ C:\Users\Mortifer\Documents\Hacking mit Metasploit Das umfassende Handbuch zu Penetration Testing und Metasploit.pdf
2018-11-23 11:54 - 2018-11-23 11:54 - 005299903 _____ C:\Users\Mortifer\Documents\Intensivkurs Angriff und Verteidigung mit Python.pdf
2018-11-23 08:54 - 2018-11-23 08:54 - 000000000 ____D C:\Users\Mortifer\AppData\Local\CrashReportClient
2018-11-23 08:27 - 2018-11-23 08:27 - 019197014 _____ C:\Users\Mortifer\Desktop\lz.11.18.html
2018-11-23 06:32 - 2018-11-23 06:32 - 008954281 _____ C:\Users\Mortifer\Documents\Eldad_Eilam-Reversing__Secrets_of_Reverse_Engineering-Wiley(2005).pdf
2018-11-23 06:29 - 2018-11-23 06:29 - 006442047 _____ C:\Users\Mortifer\Documents\Chris Eagle-The IDA Pro book_ The unofficial guide to the world's most popular disassembler-No Starch Press (2011).pdf
2018-11-23 06:13 - 2018-11-23 06:13 - 002952430 _____ C:\Users\Mortifer\Downloads\mm-tools.pdf
2018-11-23 05:38 - 2018-11-23 05:38 - 002001053 _____ C:\Users\Mortifer\Downloads\odbg201h.zip
2018-11-23 02:55 - 2018-11-23 02:55 - 000000000 ____D C:\Users\Mortifer\Documents\My Games
2018-11-23 02:47 - 2018-11-23 02:47 - 000483486 _____ C:\Users\Mortifer\Downloads\21K Combo (User_User)Private by cosmos697.txt
2018-11-23 02:41 - 2018-11-23 02:41 - 024413214 _____ C:\Users\Mortifer\Downloads\[Fulldb Cracked] 739k HQ Combo Private Premium SQLi Hit Guaranteed Booom! Iptv,Btc,Psn,Vpn,Directv,Netflix,Hbo,Shopping,Selly,Porn,Chaturbate,Hosting,Minecraft,Steam,Origin,Uplay,More.txt
2018-11-23 02:34 - 2018-12-16 21:31 - 008570917 _____ C:\Users\Mortifer\Downloads\combo_checker_v2.exe
2018-11-22 12:06 - 2018-11-22 12:06 - 009117698 _____ C:\Users\Mortifer\Downloads\dwt-3.2.0-cp27-win_x86.zip
2018-11-22 12:06 - 2018-11-22 12:06 - 000000000 ____D C:\Users\Mortifer\Downloads\dwt-3.2.0-cp27-win_x86
2018-11-22 05:23 - 2018-11-22 05:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ElevatedDiagnostics
2018-11-21 20:46 - 2018-11-22 11:35 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-21 18:15 - 2018-11-21 18:15 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Steam
2018-11-21 18:13 - 2018-11-21 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-11-21 18:12 - 2018-12-16 21:31 - 001615040 _____ C:\Users\Mortifer\Downloads\SteamSetup.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2018-12-17 02:55 - 2018-11-02 00:04 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-17 02:34 - 2018-11-02 22:15 - 000000000 ____D C:\Users\Mortifer\AppData\LocalLow\Mozilla
2018-12-17 02:20 - 2018-11-02 00:01 - 000000000 ____D C:\Windows\CbsTemp
2018-12-17 02:10 - 2018-11-02 00:21 - 001837624 _____ C:\Windows\system32\PerfStringBackup.INI
2018-12-17 02:10 - 2018-11-02 00:07 - 000786554 _____ C:\Windows\system32\perfh007.dat
2018-12-17 02:10 - 2018-11-02 00:07 - 000168444 _____ C:\Windows\system32\perfc007.dat
2018-12-17 02:10 - 2018-11-02 00:03 - 000000000 ____D C:\Windows\INF
2018-12-17 02:04 - 2018-11-02 21:44 - 000000000 ____D C:\ProgramData\VMware
2018-12-17 02:04 - 2018-11-02 00:15 - 000000000 ____D C:\ProgramData\NVIDIA
2018-12-17 02:04 - 2018-11-02 00:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-12-17 02:03 - 2018-11-02 00:00 - 000524288 _____ C:\Windows\system32\config\BBI
2018-12-17 01:32 - 2018-11-02 00:00 - 000000000 ____D C:\Windows\Panther
2018-12-17 01:30 - 2018-11-02 00:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-12-17 00:30 - 2018-11-03 04:14 - 000000000 ____D C:\Program Files\Firefox Nightly
2018-12-17 00:30 - 2018-11-02 22:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-17 00:30 - 2018-11-02 01:25 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-17 00:28 - 2018-11-02 05:40 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\KeePass
2018-12-17 00:27 - 2018-11-02 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\VMware
2018-12-17 00:27 - 2018-11-02 23:18 - 000000000 ____D C:\Users\Mortifer\AppData\Local\VMware
2018-12-17 00:02 - 2018-11-02 00:07 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-12-16 23:41 - 2018-11-02 00:21 - 000000000 ____D C:\Users\Mortifer
2018-12-16 23:38 - 2018-11-02 00:04 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-16 21:31 - 2018-11-09 09:17 - 001172312 _____ C:\Users\Mortifer\Downloads\ChromeSetup.exe
2018-12-16 21:31 - 2018-11-09 04:04 - 001467240 _____ C:\Users\Mortifer\Downloads\novapdf.exe
2018-12-16 21:31 - 2018-11-09 01:37 - 004613992 _____ C:\Users\Mortifer\Downloads\npp.7.5.9.Installer.x64.exe
2018-12-16 21:31 - 2018-11-08 11:57 - 001028200 _____ C:\Users\Mortifer\Downloads\pdfelement6-pro_setup_full3010.exe
2018-12-16 21:31 - 2018-11-06 21:02 - 004912112 _____ C:\Users\Mortifer\Downloads\Diablo-III-Setup.exe
2018-12-16 21:31 - 2018-11-03 07:56 - 005604448 _____ C:\Users\Mortifer\Downloads\rcsetup153.exe
2018-12-16 21:31 - 2018-11-03 04:13 - 000326336 _____ C:\Users\Mortifer\Downloads\Firefox Installer.de.exe
2018-12-16 21:31 - 2018-11-02 17:53 - 002802664 _____ C:\Users\Mortifer\Downloads\officedeploymenttool_11023-33600.exe
2018-12-16 21:31 - 2018-11-02 12:04 - 007570120 _____ C:\Users\Mortifer\Downloads\setuphomebusinessretail.x64.de-de_.exe
2018-12-16 21:31 - 2018-11-02 05:34 - 003322624 _____ C:\Users\Mortifer\Downloads\KeePass-2.40-Setup.exe
2018-12-16 19:20 - 2018-11-16 22:09 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\TS3Client
2018-12-16 18:19 - 2018-11-03 04:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk
2018-12-16 17:55 - 2018-11-08 20:27 - 000000000 ____D C:\Program Files (x86)\CCEnhancer
2018-12-16 17:55 - 2018-11-02 06:02 - 000000000 ____D C:\Program Files\CCleaner
2018-12-16 17:44 - 2018-11-06 21:03 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Battle.net
2018-12-16 14:39 - 2018-11-11 17:45 - 000000000 ____D C:\Users\Mortifer\Desktop\Books
2018-12-16 11:30 - 2018-11-03 12:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\CrashDumps
2018-12-16 11:05 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\Packages
2018-12-16 01:32 - 2018-11-03 02:30 - 000000000 ____D C:\Users\Mortifer\AppData\Local\NVIDIA
2018-12-16 01:00 - 2018-11-08 07:17 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2018-12-16 00:17 - 2018-11-02 00:04 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-12-15 23:30 - 2018-11-07 17:34 - 000000000 ____D C:\Users\Mortifer\Documents\Data mining IoT
2018-12-15 22:07 - 2018-11-02 05:35 - 000031886 _____ C:\Users\Mortifer\Documents\Datenbank.kdbx
2018-12-15 16:43 - 2018-11-06 21:02 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-12-15 14:29 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\AppReadiness
2018-12-15 10:22 - 2018-11-07 12:50 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\vlc
2018-12-15 10:13 - 2018-11-02 00:04 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-14 08:15 - 2018-11-06 21:11 - 000000000 ____D C:\Program Files (x86)\Diablo III
2018-12-14 08:01 - 2018-11-02 18:07 - 000000000 ____D C:\Program Files\Microsoft Office
2018-12-12 09:44 - 2018-11-02 00:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-12-12 09:44 - 2018-11-02 00:23 - 000000000 ___RD C:\Users\Mortifer\3D Objects
2018-12-12 09:44 - 2018-11-02 00:14 - 000407544 _____ C:\Windows\system32\FNTCACHE.DAT
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\TextInput
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\ShellComponents
2018-12-12 09:42 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\bcastdvr
2018-12-12 04:18 - 2018-11-02 01:00 - 000000000 ____D C:\Windows\system32\MRT
2018-12-12 04:16 - 2018-11-02 01:00 - 137260640 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-12-11 03:21 - 2018-11-02 00:32 - 000592616 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-12-11 03:21 - 2018-11-02 00:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-12-10 21:22 - 2018-11-07 11:41 - 000000000 ____D C:\Users\Mortifer\Documents\css toolkit Projekt
2018-12-10 19:43 - 2018-11-03 07:58 - 000000000 ____D C:\Program Files\Recuva
2018-12-10 13:20 - 2018-11-02 00:04 - 000000000 ____D C:\Windows\LiveKernelReports
2018-12-08 04:43 - 2018-11-03 02:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\UnrealEngine
2018-12-08 00:03 - 2018-11-15 23:32 - 000000000 ____D C:\Program Files\rempl
2018-12-03 11:56 - 2018-11-08 14:14 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-12-03 11:56 - 2018-11-08 14:14 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\Wondershare
2018-12-03 05:42 - 2018-11-03 02:28 - 000000000 ____D C:\Users\Mortifer\AppData\Local\D3DSCache
2018-12-02 21:12 - 2018-11-02 06:02 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-12-01 05:01 - 2018-11-02 00:06 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-12-01 05:01 - 2018-11-02 00:06 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-12-01 04:43 - 2018-11-02 06:02 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-12-01 04:43 - 2018-11-02 06:01 - 018174280 _____ (Piriform Software Ltd) C:\Users\Mortifer\Downloads\cctrialsetup.exe
2018-12-01 00:25 - 2018-11-03 11:02 - 000000000 ____D C:\Users\Mortifer\AppData\Local\calibre-cache
2018-12-01 00:25 - 2018-11-03 11:01 - 000000000 ____D C:\Users\Mortifer\AppData\Roaming\calibre
2018-11-27 15:34 - 2018-11-02 00:15 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-27 12:27 - 2018-11-03 02:51 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-11-27 11:50 - 2018-11-03 02:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-11-27 11:50 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\VirtualStore
2018-11-27 11:50 - 2018-11-02 00:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-27 11:50 - 2018-11-02 00:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-27 11:43 - 2018-11-03 02:30 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-11-27 11:43 - 2018-11-03 02:27 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:43 - 2018-11-03 02:27 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:43 - 2018-11-03 02:27 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 11:32 - 2018-11-03 02:27 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-27 08:18 - 2018-11-09 09:18 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-11-24 16:33 - 2018-11-02 00:23 - 000000000 ____D C:\Users\Mortifer\AppData\Local\ConnectedDevicesPlatform
2018-11-22 12:08 - 2018-11-02 00:24 - 000000000 ___RD C:\Users\Mortifer\OneDrive
2018-11-22 11:55 - 2018-11-02 00:24 - 000000000 ____D C:\Users\Mortifer\AppData\Local\PlaceholderTileLogoFolder
2018-11-22 05:17 - 2018-11-03 02:28 - 000000000 ____D C:\ProgramData\Epic

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2018-12-11 17:01 - 2018-12-11 17:01 - 000000735 _____ () C:\Users\Mortifer\AppData\Local\recently-used.xbel
2018-11-07 05:56 - 2018-11-08 22:00 - 000007621 _____ () C:\Users\Mortifer\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2018-11-02 00:14

==================== Ende von FRST.txt ============================
         

Alt 17.12.2018, 03:20   #2
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 09.12.2018
durchgeführt von Mortifer (17-12-2018 02:56:59)
Gestartet von C:\Users\Mortifer\Desktop
Windows 10 Pro Version 1803 17134.471 (X64) (2018-11-01 23:17:06)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2411979688-3473291244-4169740345-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2411979688-3473291244-4169740345-503 - Limited - Disabled)
Gast (S-1-5-21-2411979688-3473291244-4169740345-501 - Limited - Disabled)
Mortifer (S-1-5-21-2411979688-3473291244-4169740345-1001 - Administrator - Enabled) => C:\Users\Mortifer
WDAGUtilityAccount (S-1-5-21-2411979688-3473291244-4169740345-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Active Directory Authentication Library für SQL Server (HKLM\...\{5AE8DFF5-F9A2-4B59-9875-45BFF82DC1DA}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Allavsoft 3.16.4.6855 (HKLM-x32\...\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
Application Verifier x64 External Package (HKLM\...\{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}) (Version: 10.1.17134.12 - Microsoft) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.59.30619 - Electronic Arts)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.32.57.2556 - BlueStack Systems, Inc.)
calibre (HKLM-x32\...\{DF1CF60D-3193-4602-970E-8B0D776D0E31}) (Version: 3.33.1 - Kovid Goyal)
CCEnhancer Version 4.5.3 (HKLM-x32\...\{D621766C-B5EC-42BD-9E10-774C02C17B44}_is1) (Version: 4.5.3 - SingularLabs)
CCleaner (HKLM\...\CCleaner) (Version: 5.50 - Piriform)
Claws Mail (HKLM-x32\...\ClawsMail) (Version: 3.17.1-1 - claws-mail.org)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{D256A5B9-68DA-4F6C-A447-A93E5639A46D}) (Version: 4.7.03083 - Microsoft Corporation) Hidden
Destiny 2 (HKLM-x32\...\Destiny 2) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DiagnosticsHub_CollectionService (HKLM\...\{440C5592-4EA5-4772-B256-969D66068843}) (Version: 15.9.28016 - Microsoft Corporation) Hidden
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 417.01 - NVIDIA Corporation) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2017 (HKLM-x32\...\{B843915F-00A1-44B1-994C-1AE0A6400AE3}) (Version: 6.2.61807.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 2.2.11 - The GnuPG Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Gpg4win (3.1.5) (HKLM-x32\...\Gpg4win) (Version: 3.1.5 - The Gpg4win Project)
icecap_collection_neutral (HKLM-x32\...\{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{E524832A-C567-499A-8872-0D79596E4DEE}) (Version: 15.8.27906 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{4B691388-E031-4268-A096-95173D1E6E0F}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}) (Version: 15.8.27924 - Microsoft Corporation) Hidden
IDA Demo v7.2 (HKLM\...\IDA Demo_is1) (Version:  - Hex-Rays SA)
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{ACBAA378-519A-441D-9349-C0AAD8DEAD04}) (Version: 15.0.17289.01 - Microsoft Corporation) Hidden
Java 8 Update 191 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180191F0}) (Version: 8.0.1910.12 - Oracle Corporation)
KeePass Password Safe 2.40 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.40 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{6F502640-B753-C101-FFA5-B38C3FA5B29A}) (Version: 10.1.17134.12 - Microsoft) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes Version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Core SDK - 2.1.202 (x64) (HKLM-x32\...\{06b884b0-4947-4439-859f-098e431012d6}) (Version: 2.1.202 - Microsoft Corporation)
Microsoft .NET Core SDK 2.1.502 (x64) (HKLM-x32\...\{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}) (Version: 2.1.502 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.7 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.7) (Version: 5.7.18218.1723 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.11029.20108 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{E9AD0F97-5DF2-4F5B-BC5B-F524D21BF165}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{33B8D051-4DF5-4103-8FDB-8663E468A204}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.30.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.18.1089.1204 - Microsoft Corporation)
Microsoft Web Deploy 4.0 (HKLM\...\{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}) (Version: 10.0.1994 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM\...\{598EF772-9320-43B6-9D3C-A60A1F6A804E}) (Version: 15.0.600.33 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6 (HKLM-x32\...\{2773DECE-0FE5-4CA9-96A8-621E0185388F}) (Version: 15.0.600.33 - Microsoft Corporation)
Mozilla Firefox 60.3.0 ESR (x64 de) (HKLM\...\Mozilla Firefox 60.3.0 ESR (x64 de)) (Version: 60.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.3.3 - Mozilla)
Mozilla Thunderbird 60.3.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 60.3.3 (x86 de)) (Version: 60.3.3 - Mozilla)
MSI Development Tools (HKLM-x32\...\{1E406B46-65F4-91CE-65DA-DB66D5443B68}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Nightly 66.0a1 (x64 de) (HKLM\...\Nightly 66.0a1 (x64 de)) (Version: 66.0a1 - Mozilla)
Nmap 7.70 (HKLM-x32\...\Nmap) (Version: 7.70 - Nmap Project)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.5.9 - Notepad++ Team)
Npcap 0.99-r2 (HKLM-x32\...\NpcapInst) (Version: 0.99-r2 - Nmap Project)
NVIDIA 3D Vision Controller-Treiber 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 417.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 417.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 417.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 417.01 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.11029.20108 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.31.17411 - Electronic Arts, Inc.)
Paket zur Festlegung von "Doc Redirected"-Zielversionen von Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM-x32\...\{5B970BE4-A2F2-41BD-8B91-FEA8DAA1DB9B}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Pale Moon 28.1.0 (x64 en-US) (HKLM\...\Pale Moon 28.1.0 (x64 en-US)) (Version: 28.1.0 - Moonchild Productions)
ProtonVPN (HKLM-x32\...\{ED11FFD4-61B3-4329-870E-8F4DAC7D5A0D}) (Version: 1.6.4 - ProtonVPN AG) Hidden
ProtonVPN (HKLM-x32\...\ProtonVPN 1.6.4) (Version: 1.6.4 - ProtonVPN AG)
ProtonVPNTap (HKLM-x32\...\{C23BCE3A-FD25-48BA-948E-2CE94576F983}) (Version: 1.0.1 - ProtonVPN AG)
Python 2.7.13 (64-bit) (HKLM\...\{4A656C6C-D24A-473F-9747-3A8D00907A04}) (Version: 2.7.13150 - Python Software Foundation)
Python 3.6.5 (Anaconda3 5.2.0 64-bit) (HKLM\...\Python 3.6.5 (Anaconda3 5.2.0 64-bit)) (Version: 5.2.0 - Anaconda, Inc.)
Python 3.6.6 (64-bit) (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}) (Version: 3.6.6150.0 - Python Software Foundation)
Python 3.6.6 Core Interpreter (64-bit symbols) (HKLM\...\{09472AF9-4E5C-419F-8AFC-E42DE3C00062}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Core Interpreter (64-bit) (HKLM\...\{13428472-D58E-476D-932F-5B1B0C1397BE}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Development Libraries (64-bit) (HKLM\...\{C4752757-9240-4518-BE22-A7E2E7CC7D7B}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Documentation (64-bit) (HKLM\...\{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit symbols) (HKLM\...\{D1DCF56C-C29C-436A-9764-DEA45032EC46}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Executables (64-bit) (HKLM\...\{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 pip Bootstrap (64-bit) (HKLM\...\{9D8D733D-3822-4808-B382-6291910081B2}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit symbols) (HKLM\...\{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Standard Library (64-bit) (HKLM\...\{4D137679-6FB4-446B-9BDB-279292FA2D2C}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit symbols) (HKLM\...\{20F0B3BE-3E51-4536-BE6E-451359FD5432}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Tcl/Tk Support (64-bit) (HKLM\...\{44EC13CA-E201-433B-B2D3-386B9609B859}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit symbols) (HKLM\...\{C5BD9A00-9221-486E-94BF-9B1553B215AF}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Test Suite (64-bit) (HKLM\...\{C9596636-022D-4123-B369-98819F772985}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python 3.6.6 Utility Scripts (64-bit) (HKLM\...\{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}) (Version: 3.6.6150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{A9DED8BE-05DF-45D5-81A0-3743A44CC0C9}) (Version: 3.6.6386.0 - Python Software Foundation)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.3.1031.102917 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SDK ARM Additions (HKLM-x32\...\{346B2C02-CC0D-6E09-8B9D-CAA2821473CF}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SDK ARM Redistributables (HKLM-x32\...\{825784BB-114D-ADB3-B65F-E1EB2A63C3BC}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
SearchDiggity (HKLM-x32\...\{32593C5B-EEAD-49F1-8968-211C5C311072}) (Version: 3.1.0 - Bishop Fox)
Simple DNSCrypt (HKLM-x32\...\{DA89A82E-D909-41F5-AB28-7E5F612DC386}) (Version: 0.5.8 - bitbeans)
SlimDX Runtime .NET 4.0 x64 (January 2012) (HKLM\...\{A2199A06-89C4-4187-AA4A-3A9676FB799D}) (Version: 2.0.13.43 - SlimDX Group)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\TeamSpeak 3 Client) (Version: 3.2.3 - TeamSpeak Systems GmbH)
Thunder Master v3.2 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 3.2.0.0 - Palit Microsystems Ltd.)
TP-Link Archer T4U Driver (HKLM-x32\...\{4805DC86-DEBF-4A5C-B9C4-291FA6441548}) (Version: 2.1.0 - TP-Link)
TP-Link Wireless Adapter WPS Tool (HKLM-x32\...\{685EFF87-B126-49E4-8213-70C56625C5B5}) (Version: 1.0.0.1 - TP-Link)
TypeScript SDK (HKLM-x32\...\{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}) (Version: 3.1.2.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{0D6B41AF-D117-8944-A059-3F9346A896C5}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{B6273353-8B54-1F89-1A16-5940925104CE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{BA6F1D53-C3F2-F9D5-80CE-CEF608E36AD3}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{6E43CA0C-046E-4F38-A0A2-3B1BA139B661}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{77B667B9-36B3-4712-AD45-28EA1A278D8B}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.23 - IDRIX)
Visual Studio Community 2017 (HKLM-x32\...\47418da4) (Version: 15.9.28307.222 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
VMware Workstation (HKLM\...\{A6D7B449-8F4F-4FA9-B80A-101345AA998A}) (Version: 15.0.0 - VMware, Inc.)
VS Immersive Activate Helper (HKLM-x32\...\{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{4B816AD0-D12B-498A-8148-7CBE3ED328DE}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{8B657335-3813-4CF4-A6FE-2AA44BE23F94}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{14AF842C-675E-4268-B493-EB76D9B465A8}) (Version: 16.0.95.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}) (Version: 15.0.27205 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{A68D7884-F036-4A0D-AE1A-410E0311E135}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{71797C29-380A-492C-B35A-F5E4A7B57BDC}) (Version: 15.9.28307 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{5297D80E-CD92-48D8-9DB0-301AB3205772}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{A254DA0E-26A1-43C3-95BE-7A24D5599473}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{1F42A73E-CF26-4D67-BA79-752CA56B639F}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{A41E138F-5A3F-443C-B72D-957AB994FB5A}) (Version: 15.9.28128 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{3161DA68-DD37-4798-82DB-B3A0BD6BA233}) (Version: 15.8.27729 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{3A78DA3D-C8D4-429D-B536-6E59A0088451}) (Version: 15.8.27825 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{68B8AD33-CE97-4C3D-9583-669C39D21BA5}) (Version: 15.9.28302 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{1AC6CC3D-7724-4D84-9270-798A2191AB1C}) (Version: 15.0.27005 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{5AD4A604-B476-1578-2A20-6B02FC6258BE}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.17134.12 (HKLM-x32\...\{5f83ccda-0498-4b97-a298-16a642bf49f2}) (Version: 10.1.17134.12 - Microsoft Corporation)
WinRAR 5.61 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.61.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{389D182F-0ADA-5C7E-FF32-2573A821592C}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{C3776B36-B34E-00E2-3009-95A6F1870B58}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{965D1746-D94A-49B9-2A48-A14914CA3B57}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{3755CD99-C62E-3312-DDD3-29A4F259270D}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{729DA966-8590-2C1F-2178-16C1D32FD7FD}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{F1C18506-3168-A9D9-E2D9-D23A512A326E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{4095D263-6A13-78D3-DEDA-AA3452011F6E}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{C3243E23-2EB6-4419-2692-40944923B112}) (Version: 10.1.17134.12 - Microsoft Corporation) Hidden
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement 6 Pro(Build 6.8.6) (HKLM-x32\...\{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1) (Version: 6.8.6.4121 - Wondershare Software Co.,Ltd.)
Word_Add_In_Microsoft_Programmierer (HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\03B29BC83A87B7C74EBC6B73E82B25E3D70320ED) (Version: 1.0.0.7 - Raimund Popp CodeDocu.com)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Progs\Notepad++\NppShell_06.dll [2018-10-14] ()
ContextMenuHandlers1: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-11-13] (g10 Code GmbH)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => D:\VMware Workstation\Workstation\vmdkShellExt.dll [2018-09-19] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => D:\VMware Workstation\Workstation\x64\vmdkShellExt64.dll [2018-09-19] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers4: [GpgEX] -> {CCD955E4-5C16-4A33-AFDA-A8947A94946B} => C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll [2018-11-13] (g10 Code GmbH)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-11-16] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-09-30] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-09-30] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07865D17-69CD-4D0E-B9AD-85391050CBAA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {17A69A16-C0BF-458F-985A-4AE024BD2444} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {1ADDE1A7-0C52-4FD6-8F29-CB558A8245BF} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-12-07] (Microsoft Corporation)
Task: {256638C0-7A6D-4A69-8279-769B29806EFA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {32CE7343-0ED8-42A4-BB48-3F52FDC0A3F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {58BABD45-3914-4D28-BD57-4CB80ABC32DD} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {62AC5E09-A222-459F-A978-DEA6ECA1BA5D} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {653D4761-0C64-4DC3-8534-814BE6C73AEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-16] ()
Task: {6E2E8B51-BA69-44C4-BDA5-5A9E021DC0F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {7D1C3C96-A69B-4525-AB06-6DCD11D1332F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-14] (Microsoft Corporation)
Task: {8267A650-DF0F-471D-AE12-C00DCCB244EB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-16] ()
Task: {833EB10E-8DAC-4F71-8573-2C960BB2872F} - System32\Tasks\ThunderMaster => C:\Program Files (x86)\Thunder Master\THPanel.exe [2017-07-24] (Palit Microsystems Ltd.)
Task: {839B7A67-16B2-4E7E-B78B-43030DF5BC6A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-12-16] ()
Task: {8EFC613D-66EC-4655-8F91-E4230363703A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-11-28] (Piriform Software Ltd)
Task: {98874578-7805-4E67-85D1-9FB20CFA864E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-12-16] (AVAST Software)
Task: {9E4A04FB-A6A0-40A5-A872-43A2289BB205} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-16] ()
Task: {9F220C7A-5584-4CB0-B1F1-4E2533A5F38A} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-12-16] ()
Task: {A78B8817-4CE4-44F4-9B03-BF8B4D48E13D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-12-14] (Microsoft Corporation)
Task: {A7ADACC7-01DC-4283-82C7-FBEEBAB8CE45} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {B083DEFD-5961-460A-A023-DB1FBEF6F5AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation)
Task: {BA573C9B-2CB6-41D5-8991-98203A8AE63F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-12-16] ()
Task: {C5560092-2626-4106-86B5-C0D5C57C5A84} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {D5246B66-6578-4ECC-B3DE-19B61C66D1E1} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2411979688-3473291244-4169740345-1001 => C:\Users\Mortifer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {E4AFA1C8-73D7-4F5D-8A57-0D5185DACE3D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-12-16] ()
Task: {F34ADCBB-F0B2-41AE-AFFB-19274ED9FD0D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-12-02] (Microsoft Corporation)
Task: {F3D31349-9AEE-4EAA-ACFD-C959BF9505F3} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [2018-12-16] ()
Task: {F41B1E29-4281-4128-8C00-6667C872E846} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
Task: {FD190C35-EFAC-490F-ABE3-28A5E970175C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-11-28] (Piriform Ltd)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Nightly.lnk -> C:\Program Files\Firefox Nightly\firefox.exe (Mozilla Corporation)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2018-10-17 13:46 - 2018-10-17 13:46 - 000038664 _____ () C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
2018-08-17 06:50 - 2018-08-17 06:50 - 000300032 _____ () C:\Program Files (x86)\Proton Technologies\ProtonVPN\Resources\64-bit\firewall.dll
2018-11-04 19:04 - 2018-02-07 19:06 - 000059232 _____ () C:\Windows\runSW.exe
2018-11-03 02:27 - 2017-10-11 02:05 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-07-09 18:23 - 2018-07-09 18:23 - 005389968 _____ () C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
2018-11-11 22:28 - 2018-10-18 08:44 - 002821952 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-11-11 22:28 - 2018-10-18 08:44 - 002695360 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 015445936 _____ () D:\VMware Workstation\Workstation\vmware-hostd.exe
2018-10-29 10:19 - 2018-10-29 10:19 - 000281840 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-12-12 04:11 - 2018-11-09 03:17 - 002759680 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-10-14 19:45 - 2018-10-14 19:45 - 000230064 _____ () D:\Progs\Notepad++\NppShell_06.dll
2018-12-12 04:11 - 2018-12-08 08:33 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-11-02 00:41 - 2018-11-02 00:42 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000019456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 010927616 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\LibWrapper.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 002916864 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\skypert.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000688128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-12-14 07:58 - 2018-12-14 07:58 - 000182272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2018-12-08 00:03 - 2018-12-08 00:03 - 034870272 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-12-08 00:03 - 2018-12-08 00:03 - 000292352 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-04-12 17:24 - 2018-04-12 17:24 - 000902656 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-11-29 20:46 - 2018-11-29 20:46 - 004202208 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-08 00:03 - 2018-12-08 00:03 - 005967872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-12-08 00:03 - 2018-12-08 00:03 - 009072128 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18102.12011.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-10-29 10:19 - 2018-10-29 10:19 - 000303344 _____ () C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
2018-11-28 17:11 - 2018-11-28 17:11 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-11-28 17:11 - 2018-11-28 17:11 - 000098376 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2018-09-19 04:12 - 2018-09-19 04:12 - 000091568 _____ () D:\VMware Workstation\Workstation\zlib1.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 002035120 _____ () D:\VMware Workstation\Workstation\libxml2.dll
2018-09-19 04:18 - 2018-09-19 04:18 - 000141744 _____ () D:\VMware Workstation\Workstation\expat.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 000150768 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.ChromaSDKWrapper.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 000179952 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativeDeviceDetectionWrapper.dll
2018-11-25 01:35 - 2018-10-10 04:57 - 000206576 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.NativePhilipsHueWrapper.dll
2018-11-25 01:35 - 2018-10-29 10:16 - 000202480 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Common.PowerPlan.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000081648 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AccelWinM.dll
2018-11-25 01:35 - 2018-10-29 10:12 - 000354544 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_AudioPlayer.dll
2018-11-25 01:35 - 2018-10-29 10:12 - 000135408 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_KeyboardKeysWrapper.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000086256 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedCommon.dll
2018-11-25 01:35 - 2018-10-26 13:21 - 000344816 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_ManagedMacros.dll
2018-11-25 01:35 - 2018-10-26 13:22 - 000260336 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_MappingTypesM.dll
2018-11-25 01:35 - 2018-10-29 10:15 - 002278128 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\RSy3_PowerSwitchWrapper.dll
2018-11-25 01:35 - 2018-10-09 21:28 - 000631536 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DeviceStatus.dll
2018-11-25 01:35 - 2018-10-09 21:28 - 000332016 _____ () C:\ProgramData\Razer\Synapse3\Service\Bin\Devices\Philips Hue\Bin\RSy3_DriverMode.dll
2018-11-03 02:27 - 2017-10-11 02:05 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-10-29 10:12 - 2018-10-29 10:12 - 000361712 _____ () C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll
2015-07-06 20:36 - 2015-07-06 20:36 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [470]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\localhost -> localhost

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2018-11-02 00:04 - 2018-11-22 12:08 - 000003907 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mortifer\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\18469-aurora-borealis-over-hammerfest-1920x1200-world-wallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.

HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2411979688-3473291244-4169740345-1001\...\StartupApproved\Run: => "Synapse3"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

10-12-2018 09:43:05 Windows Modules Installer
11-12-2018 20:41:20 Installed ProtonVPN
15-12-2018 02:37:00 Installed Python 3.2.2 (64-bit)
16-12-2018 23:33:07 Visual Studio Community 2017 wird installiert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/17/2018 12:41:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm notepad.exe, Version 10.0.17134.131 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1634

Startzeit: 01d49598ccf93526

Beendigungszeit: 4

Anwendungspfad: C:\Windows\System32\notepad.exe

Berichts-ID: d30c3632-cd3f-4911-aabd-70194907200e

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/16/2018 11:33:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {05dd3b6a-6044-4e83-bfe7-b1cc41f20bcd}

Error: (12/16/2018 02:53:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig.
.


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (12/16/2018 01:32:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\Windows\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/16/2018 01:32:16 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (12/16/2018 01:32:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\Windows\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/16/2018 01:32:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/16/2018 01:32:15 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\Windows\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


Systemfehler:
=============
Error: (12/17/2018 02:55:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 02:40:37 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HP1IRVV)
Description: Ein DCOM-Server konnte nicht gestartet werden: XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"0"
Aufgetreten beim Start dieses Befehls:
"C:\Windows\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXz2zxkdmw4wwcwh41me91q40p6xy5v793.mca

Error: (12/17/2018 02:40:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX559n63yb6s27psgjf2h1zbhpvwdswf46.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 02:25:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 02:09:37 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-HP1IRVV)
Description: Ein DCOM-Server konnte nicht gestartet werden: XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX9v491rntc114gd4rhkbmzrsqkaj04tt3.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"0"
Aufgetreten beim Start dieses Befehls:
"C:\Windows\SysWOW64\backgroundTaskHost.exe" -ServerName:App.AppXz2zxkdmw4wwcwh41me91q40p6xy5v793.mca

Error: (12/17/2018 02:09:37 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HP1IRVV)
Description: Der Server "XINGAG.XING_3.120.21.0_x86__xpfg3f7e9an52!App.AppX559n63yb6s27psgjf2h1zbhpvwdswf46.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/17/2018 02:06:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/17/2018 02:06:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.


Windows Defender:
===================================
Date: 2018-12-16 17:56:00.933
Description: 
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 17:55:27.574
Description: 
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:23:29.258
Description: 
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:22:54.882
Description: 
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-15 16:41:57.480
Description: 
Von Windows Defender Antivirus wurde Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Signaturversion: AV: 1.283.652.0, AS: 1.283.652.0, NIS: 1.283.652.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 17:56:00.703
Description: 
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. 
Signaturversion: AV: 1.283.733.0, AS: 1.283.733.0, NIS: 1.283.733.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-16 11:23:29.045
Description: 
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. 
Signaturversion: AV: 1.283.684.0, AS: 1.283.684.0, NIS: 1.283.684.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-15 16:41:57.255
Description: 
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: Unknown
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. 
Signaturversion: AV: 1.283.652.0, AS: 1.283.652.0, NIS: 1.283.652.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-11 01:51:23.876
Description: 
Kritischer Fehler von Windows Defender Antivirus beim Ergreifen von Maßnahmen gegen Schadsoftware oder andere potenziell unerwünschte Software.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Neshta.A&threatid=2147575939&enterprise=0
Name: Virus:Win32/Neshta.A
ID: 2147575939
Schweregrad: Schwerwiegend
Kategorie: Virus
Pfad: file:_I:\register-mail-online.exe
Erkennungsursprung: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\explorer.exe
Aktion: Bereinigen
Aktionsstatus:  No additional actions required
Fehlercode: 0x8007007f
Fehlerbeschreibung: Die angegebene Prozedur wurde nicht gefunden. 
Signaturversion: AV: 1.283.262.0, AS: 1.283.262.0, NIS: 1.283.262.0
Modulversion: AM: 1.1.15500.2, NIS: 1.1.15500.2

Date: 2018-12-02 21:15:11.698
Description: 
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion: 
Vorherige Signaturversion: 1.281.1155.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
Vorherige Modulversion: 1.1.15400.5
Fehlercode: 0x80240438
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

CodeIntegrity:
===================================

Date: 2018-12-17 02:54:42.152
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:54:17.660
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:52:50.694
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:52:17.720
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:41:19.076
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:40:54.607
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:38:23.129
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-12-17 02:38:12.311
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16345.48 MB
Verfügbarer physikalischer RAM: 11937.34 MB
Summe virtueller Speicher: 25561.48 MB
Verfügbarer virtueller Speicher: 19736.62 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:76.67 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:164.25 GB) NTFS

\\?\Volume{44a6bf94-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.54 GB) (Free:0.13 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 44A6BF94)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 281FAE7C)

Partition: GPT.

==================== Ende von Addition.txt ============================
         
__________________


Alt 17.12.2018, 03:26   #3
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



OTLLOG:

Code:
ATTFilter
OTL logfile created on: 17.12.2018 04:49:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mortifer\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 11,70 Gb Available Physical Memory | 73,31% Memory free
24,96 Gb Paging File | 18,59 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,35 Gb Total Space | 76,52 Gb Free Space | 32,93% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 164,25 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-HP1IRVV | User Name: Mortifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Mortifer\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Games\Origin\OriginWebHelperService.exe (Electronic Arts)
PRC - C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe ()
PRC - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ()
PRC - C:\Windows\SysWOW64\fontdrvhost.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
PRC - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe ()
PRC - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (Razer Inc)
PRC - D:\VMware Workstation\Workstation\vmware-hostd.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - D:\VMware Workstation\Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SwUSB.exe (Realtek)
PRC - C:\Windows\runSW.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Thunder Master\THPanel.exe (Palit Microsystems Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\79290c0b66da8d5fa653afd435afb501\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\4f08ca45359b540b01091ab8b1d32b75\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\6a99c6e22e52c77c1ab79e468cb75d4c\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a212748b5f06b36bc68835ae9acb93d8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\039b4d745cebf25ce0c5dd0318debd04\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7dd0e8469c07b8366550ef8467bba40d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6503654c977bc8d653d7115e3fa3e2\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2dd583b5f64f681b49b8ffd5f19f3e55\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0284b7dc578a54a177472ad326441be1\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\48932109b3d17e06eb5d8a3540b6156d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\9ccb70171b63edaf3783c509ecd204c0\System.Net.Http.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\4bb24270683a8f59195cba36105c3f7f\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\59322625e79937d055f5e14f8dfe1790\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6c51098849c1249fbce36e045c10f84c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\30060bb17fc8622a68c18f3687ebac80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\58ae81d120290fd6262fa798dc911c12\System.ni.dll ()
MOD - C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe ()
MOD - C:\Program Files (x86)\Razer\Synapse3\UserProcess\RSy3_AudioAppStreamsWrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6715dc4d04e35f16d482900c355325e9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ()
         
__________________

Geändert von korato (17.12.2018 um 03:58 Uhr)

Alt 17.12.2018, 03:28   #4
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Part2:

Code:
ATTFilter
========== Services (SafeList) ==========
 
SRV:64bit: - (BcastDVRUserService) -- C:\Windows\SysNative\bcastdvruserservice.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DusmSvc) -- C:\Windows\SysNative\dusmsvc.dll (Microsoft Corporation)
SRV:64bit: - (RmSvc) -- C:\Windows\SysNative\RMapi.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (BthAvctpSvc) -- C:\Windows\SysNative\BthAvctpSvc.dll (Microsoft Corporation)
SRV:64bit: - (InstallService) -- C:\Windows\SysNative\InstallService.dll (Microsoft Corporation)
SRV:64bit: - (BTAGService) -- C:\Windows\SysNative\BTAGService.dll (Microsoft Corporation)
SRV:64bit: - (wlpasvc) -- C:\Windows\SysNative\lpasvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (TokenBroker) -- C:\Windows\SysNative\TokenBroker.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc) -- C:\Windows\SysNative\cdpusersvc.dll (Microsoft Corporation)
SRV:64bit: - (WpcMonSvc) -- C:\Windows\SysNative\WpcDesktopMonSvc.dll (Microsoft Corporation)
SRV:64bit: - (spectrum) -- C:\Windows\SysNative\Spectrum.exe (Microsoft Corporation)
SRV:64bit: - (wisvc) -- C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
SRV:64bit: - (SharedRealitySvc) -- C:\Windows\SysNative\SharedRealitySvc.dll (Microsoft Corporation)
SRV:64bit: - (WFDSConMgrSvc) -- C:\Windows\SysNative\WFDSConMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (SecurityHealthService) -- C:\Windows\SysNative\SecurityHealthService.exe (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (PushToInstall) -- C:\Windows\SysNative\PushToInstall.dll (Microsoft Corporation)
SRV:64bit: - (WaaSMedicSvc) -- C:\Windows\SysNative\WaaSMedicSvc.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (camsvc) -- C:\Windows\SysNative\CapabilityAccessManager.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (FrameServer) -- C:\Windows\SysNative\FrameServer.dll (Microsoft Corporation)
SRV:64bit: - (AppVClient) -- C:\Windows\SysNative\AppVClient.exe (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (HvHost) -- C:\Windows\SysNative\hvhostsvc.dll (Microsoft Corporation)
SRV:64bit: - (CaptureService) -- C:\Windows\SysNative\CaptureService.dll (Microsoft Corporation)
SRV:64bit: - (UevAgentService) -- C:\Windows\SysNative\AgentService.exe (Microsoft Corporation)
SRV:64bit: - (AssignedAccessManagerSvc) -- C:\Windows\SysNative\assignedaccessmanagersvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc) -- C:\Windows\SysNative\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV:64bit: - (NaturalAuthentication) -- C:\Windows\SysNative\NaturalAuth.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (diagsvc) -- C:\Windows\SysNative\DiagSvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc) -- C:\Windows\SysNative\PrintWorkflowService.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PrintWorkflowUserSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicePickerUserSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CDPUserSvc_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (CaptureService_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (BcastDVRUserService_72a4a) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DevicesFlowUserSvc) -- C:\Windows\SysNative\DevicesFlowBroker.dll (Microsoft Corporation)
SRV:64bit: - (shpamsvc) -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (TimeBrokerSvc) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WpnUserService) -- C:\Windows\SysNative\WpnUserService.dll (Microsoft Corporation)
SRV:64bit: - (XboxGipSvc) -- C:\Windows\SysNative\xboxgipsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (SEMgrSvc) -- C:\Windows\SysNative\SEMgrSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (GraphicsPerfSvc) -- C:\Windows\SysNative\GraphicsPerfSvc.dll (Microsoft Corporation)
SRV:64bit: - (xbgm) -- C:\Windows\SysNative\xbgmsvc.exe (Microsoft Corporation)
SRV:64bit: - (WarpJITSvc) -- C:\Windows\SysNative\Windows.WARP.JITService.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (VacSvc) -- C:\Windows\SysNative\vac.dll (Microsoft Corporation)
SRV:64bit: - (LxpSvc) -- C:\Windows\SysNative\LanguageOverlayServer.dll (Microsoft Corporation)
SRV:64bit: - (SgrmBroker) -- C:\Windows\SysNative\SgrmBroker.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (BluetoothUserService) -- C:\Windows\SysNative\Microsoft.Bluetooth.UserService.dll (Microsoft Corporation)
SRV:64bit: - (IpxlatCfgSvc) -- C:\Windows\SysNative\ipxlatcfg.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvcext.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (ssh-agent) -- C:\Windows\SysNative\OpenSSH\ssh-agent.exe ()
SRV - (Origin Client Service) -- D:\Games\Origin\OriginClientService.exe ()
SRV - (WdNisSvc) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\NisSrv.exe ()
SRV - (WinDefend) -- C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1812.3-0\MsMpEng.exe ()
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe ()
SRV - (EasyAntiCheat) -- C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe ()
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (ose64) -- c:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sedsvc) -- C:\Programme\rempl\sedsvc.exe (Microsoft Corporation)
SRV - (Origin Web Helper Service) -- D:\Games\Origin\OriginWebHelperService.exe (Electronic Arts)
SRV - (NVDisplay.ContainerLocalSystem) -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation)
SRV - (InstallService) -- C:\Windows\SysWOW64\InstallService.dll (Microsoft Corporation)
SRV - (TokenBroker) -- C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
SRV - (Razer Synapse Service) -- C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ()
SRV - (ProtonVPN Service) -- C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe ()
SRV - (wisvc) -- C:\Windows\SysWOW64\FlightSettings.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (RzActionSvc) -- C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe (Razer Inc.)
SRV - (Razer Game Manager Service) -- C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe (Razer Inc)
SRV - (MBAMService) -- C:\Programme\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes)
SRV - (VMwareHostd) -- D:\VMware Workstation\Workstation\vmware-hostd.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\VMware Workstation\Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (VSStandardCollectorService150) -- D:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe (Microsoft Corporation)
SRV - (dnscrypt-proxy) -- C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe ()
SRV - (DevicePickerUserSvc) -- C:\Windows\SysWOW64\Windows.Devices.Picker.dll (Microsoft Corporation)
SRV - (PrintWorkflowUserSvc) -- C:\Windows\SysWOW64\PrintWorkflowService.dll (Microsoft Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (tzautoupdate) -- C:\Windows\SysWOW64\tzautoupdate.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (RunSwUSB) -- C:\Windows\runSW.exe ()
SRV - (NvTelemetryContainer) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation)
SRV - (NvContainerNetworkService) -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
SRV - (NvContainerLocalSystem) -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (isaHelperSvc) -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe ()
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Intel Corporation)
         

Geändert von korato (17.12.2018 um 03:59 Uhr)

Alt 17.12.2018, 03:36   #5
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Part3

Code:
ATTFilter
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtection) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (MBAMFarflt) -- C:\Windows\SysNative\drivers\farflt.sys (Malwarebytes)
DRV:64bit: - (MBAMWebProtection) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes)
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes)
DRV:64bit: - (MBAMChameleon) -- C:\Windows\SysNative\drivers\MbamChameleon.sys (Malwarebytes)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (MsSecFlt) -- C:\Windows\SysNative\drivers\mssecflt.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (bindflt) -- C:\Windows\SysNative\drivers\bindflt.sys (Microsoft Corporation)
DRV:64bit: - (hvservice) -- C:\Windows\SysNative\drivers\hvservice.sys (Microsoft Corporation)
DRV:64bit: - (iorate) -- C:\Windows\SysNative\drivers\iorate.sys (Microsoft Corporation)
DRV:64bit: - (wcnfs) -- C:\Windows\SysNative\drivers\wcnfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (nvlddmkm) -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispi.inf_amd64_e59b844303b9907e\nvlddmkm.sys (NVIDIA Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (tapexpressvpn) -- C:\Windows\SysNative\drivers\tapexpressvpn.sys (The OpenVPN Project)
DRV:64bit: - (veracrypt) -- C:\Windows\SysNative\drivers\veracrypt.sys (IDRIX)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WinNat) -- C:\Windows\SysNative\drivers\winnat.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (ESProtectionDriver) -- C:\Windows\SysNative\drivers\mbae64.sys (Malwarebytes)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\Windows\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CldFlt) -- C:\Windows\SysNative\drivers\cldflt.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (scmbus) -- C:\Windows\SysNative\drivers\scmbus.sys (Microsoft Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vmgid) -- C:\Windows\SysNative\drivers\vmgid.sys (Microsoft Corporation)
DRV:64bit: - (nvvhci) -- C:\Windows\SysNative\drivers\nvvhci.sys (NVIDIA Corporation)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (vmkbd3) -- C:\Windows\SysNative\drivers\vmkbd.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (ysusb_w10_64) -- C:\Windows\SysNative\drivers\ysusb_w10_64.sys (Yamaha Corporation)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (NVSWCFilter) -- C:\Windows\SysNative\drivers\nvswcfilter.sys (NVIDIA Corporation)
DRV:64bit: - (tapprotonvpn) -- C:\Windows\SysNative\drivers\tapprotonvpn.sys (The OpenVPN Project)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (smbdirect) -- C:\Windows\SysNative\drivers\smbdirect.sys (Microsoft Corporation)
DRV:64bit: - (UevAgentDriver) -- C:\Windows\SysNative\drivers\UevAgentDriver.sys (Microsoft Corporation)
DRV:64bit: - (SpatialGraphFilter) -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AppvVemgr) -- C:\Windows\SysNative\drivers\AppvVemgr.sys (Microsoft Corporation)
DRV:64bit: - (AppvVfs) -- C:\Windows\SysNative\drivers\AppvVfs.sys (Microsoft Corporation)
DRV:64bit: - (AppvStrm) -- C:\Windows\SysNative\drivers\AppVStrm.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (bam) -- C:\Windows\SysNative\drivers\bam.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (afunix) -- C:\Windows\SysNative\drivers\afunix.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (NetAdapterCx) -- C:\Windows\SysNative\drivers\NetAdapterCx.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (applockerfltr) -- C:\Windows\SysNative\drivers\applockerfltr.sys (Microsoft Corporation)
DRV:64bit: - (WdmCompanionFilter) -- C:\Windows\SysNative\drivers\WdmCompanionFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (UcmTcpciCx0101) -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys (Microsoft Corporation)
DRV:64bit: - (wcifs) -- C:\Windows\SysNative\drivers\wcifs.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (IndirectKmd) -- C:\Windows\SysNative\drivers\IndirectKmd.sys (Microsoft Corporation)
DRV:64bit: - (HwNClx0101) -- C:\Windows\SysNative\drivers\mshwnclx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SgrmAgent) -- C:\Windows\SysNative\drivers\SgrmAgent.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (Ramdisk) -- C:\Windows\SysNative\drivers\ramdisk.sys (Microsoft Corporation)
DRV:64bit: - (IPT) -- C:\Windows\SysNative\drivers\ipt.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (cht4vbd) -- C:\Windows\SysNative\drivers\cht4vx64.sys (Chelsio Communications)
DRV:64bit: - (iaStorAVC) -- C:\Windows\SysNative\drivers\iaStorAVC.sys (Intel Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek                                            )
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (mausbhost) -- C:\Windows\SysNative\drivers\mausbhost.sys (Microsoft Corporation)
DRV:64bit: - (cht4iscsi) -- C:\Windows\SysNative\drivers\cht4sx64.sys (Chelsio Communications)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (pmem) -- C:\Windows\SysNative\drivers\pmem.sys (Microsoft Corporation)
DRV:64bit: - (nvdimm) -- C:\Windows\SysNative\drivers\nvdimm.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (Avago Technologies)
DRV:64bit: - (mausbip) -- C:\Windows\SysNative\drivers\mausbip.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bttflt) -- C:\Windows\SysNative\drivers\bttflt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (hvcrash) -- C:\Windows\SysNative\drivers\hvcrash.sys (Microsoft Corporation)
DRV:64bit: - (SDFRd) -- C:\Windows\SysNative\drivers\SDFRd.sys (Microsoft Corporation)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
DRV:64bit: - (kmloop) -- C:\Windows\SysNative\drivers\loop.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (volume) -- C:\Windows\SysNative\drivers\volume.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (QLogic Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (ItSas35i) -- C:\Windows\SysNative\drivers\ItSas35i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (rhproxy) -- C:\Windows\SysNative\drivers\rhproxy.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (megasas35i) -- C:\Windows\SysNative\drivers\megasas35i.sys (Avago Technologies)
DRV:64bit: - (megasas2i) -- C:\Windows\SysNative\drivers\MegaSas2i.sys (Avago Technologies)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AcpiDev) -- C:\Windows\SysNative\drivers\AcpiDev.sys (Microsoft Corporation)
DRV:64bit: - (PNPMEM) -- C:\Windows\SysNative\drivers\pnpmem.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaLPSS2i_I2C_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2_BXT_P) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys (Intel Corporation)
DRV:64bit: - (iaLPSS2i_GPIO2) -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys (Intel Corporation)
DRV:64bit: - (CAD) -- C:\Windows\SysNative\drivers\CAD.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iagpio) -- C:\Windows\SysNative\drivers\iagpio.sys (Intel(R) Corporation)
DRV:64bit: - (RtlWlanu) -- C:\Windows\SysNative\drivers\rtwlanu.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (npf_wifi) -- C:\Windows\SysNative\drivers\npf.sys (Insecure.Com LLC.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (Insecure.Com LLC.)
DRV:64bit: - (npcap_wifi) -- C:\Windows\SysNative\drivers\npcap.sys (Insecure.Com LLC.)
DRV:64bit: - (npcap) -- C:\Windows\SysNative\drivers\npcap.sys (Insecure.Com LLC.)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys (Intel Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (CorsairCAHS1) -- C:\Windows\SysNative\drivers\CAHS164.sys (C-Media Electronics Inc)
DRV - (nvlddmkm) -- C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e59b844303b9907e\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BlueStacksDrv) -- C:\Programme\BlueStacks\BstkDrv.sys (Bluestack System Inc. )
DRV - (afunix) -- C:\Windows\SysWOW64\drivers\afunix.sys (Microsoft Corporation)
DRV - (swenum) -- C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys (Microsoft Corporation)
DRV - (NvStreamKms) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
         


Geändert von korato (17.12.2018 um 04:00 Uhr)

Alt 17.12.2018, 04:04   #6
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Part4

Code:
ATTFilter
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 0B 37 EE 9E AD 72 D4 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 33 00 00 00 B3 DF BC F1 C2 FF 00 85 FF 0C CF D0 1B A9 38 A4 04 AA 13 95 E1 17 14 D1 7A 6D B4 DB 1E 4B 19 A5 35 A2 11 04 9D 51 BB C5 C3 F1 F4 9A 81 F0 3F 04 BE 72 C5 02 00 00 00 0E 00 00 00 46 4F 63 50 68 52 51 37 46 6C 59 25 33 64  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.191.2: C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.191.2: C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 60.3.0 ESR\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 60.3.0 ESR\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 66.0a1\extensions\\Components: C:\PROGRAM FILES\FIREFOX NIGHTLY\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 66.0a1\extensions\\Plugins: C:\PROGRAM FILES\FIREFOX NIGHTLY\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 28.1.0\extensions\\Components: C:\PROGRAM FILES\PALE MOON\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 28.1.0\extensions\\Plugins: C:\PROGRAM FILES\PALE MOON\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 60.3.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 60.3.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}: D:\Progs\AllaSoft\Video Downloader Converter\extensions\3.16.4.6855\BVDFirefoxExt [2018.11.24 03:06:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Nightly 66.0a1\extensions\\Components: C:\Program Files\Firefox Nightly\components
FF - HKEY_CURRENT_USER\software\mozilla\Nightly 66.0a1\extensions\\Plugins: C:\Program Files\Firefox Nightly\plugins
 
[2018.11.02 22:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mortifer\AppData\Roaming\mozilla\Extensions
[2018.11.02 22:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mortifer\AppData\Roaming\mozilla\SystemExtensionsDev
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.2_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhancbnhabhandieicagelcddkdfgoif\3.16.4_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.7_1\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad\5.0_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.4_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Mortifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7018.903.0.0_0\
 
O1 HOSTS File: ([2018.11.22 12:08:57 | 000,003,907 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 a.ads1.msn.com
O1 - Hosts: 0.0.0.0 a.ads2.msads.net
O1 - Hosts: 0.0.0.0 a.ads2.msn.com
O1 - Hosts: 0.0.0.0 a.rad.msn.com
O1 - Hosts: 0.0.0.0 a-0001.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0002.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0003.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0004.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0005.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0006.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0007.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0008.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0009.a-msedge.net
O1 - Hosts: 0.0.0.0 ac3.msn.com
O1 - Hosts: 0.0.0.0 ad.doubleclick.net
O1 - Hosts: 0.0.0.0 adnexus.net
O1 - Hosts: 0.0.0.0 adnxs.com
O1 - Hosts: 0.0.0.0 ads.msn.com
O1 - Hosts: 0.0.0.0 ads1.msads.net
O1 - Hosts: 0.0.0.0 ads1.msn.com
O1 - Hosts: 0.0.0.0 aidps.atdmt.com
O1 - Hosts: 0.0.0.0 aka-cdn-ns.adtech.de
O1 - Hosts: 0.0.0.0 a-msedge.net
O1 - Hosts: 0.0.0.0 az361816.vo.msecnd.net
O1 - Hosts: 0.0.0.0 az512334.vo.msecnd.net
O1 - Hosts: 71 more lines...
O2:64bit: - BHO: (Reg Error: Value error.) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - Reg Error: Value error. File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_191\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_191\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype for Business Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SecurityHealth] C:\Programme\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CCEnhancer] C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vmware-tray.exe] D:\VMware Workstation\Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKLM..\Run: [WPSTool] C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe (TP-Link Technologies Co., Ltd)
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd)
O4 - HKCU..\Run: [CCleaner Smart Cleaning] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Software Ltd)
O4 - HKCU..\Run: [EADM] D:\Games\Origin\Origin.exe ()
O4 - HKCU..\Run: [EpicGamesLauncher] D:\Games\Fortnite\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe (Epic Games, Inc.)
O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [Steam] D:\Games\Steam\steam.exe ()
O4 - HKCU..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe ()
O4 - HKCU..\Run: [THPanel] C:\Program Files (x86)\Thunder Master\THPanel.exe (Palit Microsystems Ltd.)
O4 - HKCU..\Run: [VeraCrypt] C:\Program Files\VeraCrypt\VeraCrypt.exe (IDRIX)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFullTrustStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUwpStartupTasks = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportFullTrustStartupTasks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SupportUwpStartupTasks = 1
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000014 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000015 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3615a814-1cd2-4d8f-8a5c-417e21555e98}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Programme\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Programme\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Programme\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Programme\Microsoft Office\root\Office16\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-minsb-roaming.16 {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf.16 {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf-roaming.16 {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- C:\Windows\svchost.com "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- C:\Windows\svchost.com "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
         
Part5

Code:
ATTFilter
========== Files/Folders - Created Within 7 Days ==========
 
[2018.12.17 02:55:59 | 000,000,000 | ---D | C] -- C:\FRST
[2018.12.17 02:54:19 | 002,417,152 | ---- | C] (Farbar) -- C:\Users\Mortifer\Desktop\FRST64.exe
[2018.12.17 02:20:14 | 005,746,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsDesktopEngine.exe
[2018.12.17 02:20:14 | 004,529,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsDesktopEngine.exe
[2018.12.17 02:20:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsProxyStub.dll
[2018.12.17 02:12:57 | 000,845,488 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\Autoruns64.exe
[2018.12.17 02:12:57 | 000,743,600 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\autorunsc64.exe
[2018.12.17 02:12:57 | 000,716,968 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\Autoruns.exe
[2018.12.17 02:12:57 | 000,629,928 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\autorunsc.exe
[2018.12.17 02:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mortifer\Desktop\OTL.exe
[2018.12.17 02:04:35 | 000,063,768 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018.12.17 02:04:31 | 000,119,136 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018.12.17 02:04:30 | 000,111,152 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018.12.17 01:28:24 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\backups
[2018.12.17 01:20:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mortifer\Desktop\HijackThis.exe
[2018.12.17 01:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2018.12.17 01:10:07 | 000,032,168 | ---- | C] (Safer-Networking Ltd.) -- C:\Windows\SysNative\sdnclean64.exe
[2018.12.17 01:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2018.12.17 01:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2018.12.17 00:49:55 | 000,260,480 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018.12.17 00:47:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2018.12.17 00:46:54 | 007,321,808 | ---- | C] (Malwarebytes) -- C:\Users\Mortifer\Desktop\adwcleaner_7.2.5.0.exe
[2018.12.17 00:30:12 | 000,198,000 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018.12.17 00:25:57 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Visual Studio 2017
[2018.12.17 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Python Scripts
[2018.12.17 00:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
[2018.12.17 00:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
[2018.12.17 00:14:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Package Cache
[2018.12.17 00:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2018.12.17 00:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2018.12.17 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS2012Schemas
[2018.12.17 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS2010Schemas
[2018.12.17 00:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\dftmp
[2018.12.17 00:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
[2018.12.17 00:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2018.12.17 00:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone Kits
[2018.12.17 00:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
[2018.12.17 00:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2018.12.17 00:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2018.12.17 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2018.12.17 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2018.12.16 23:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2018.12.16 23:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2018.12.16 23:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2018.12.16 23:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits
[2018.12.16 23:48:23 | 017,871,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXCaptureReplay.dll
[2018.12.16 23:48:23 | 014,058,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXCaptureReplay.dll
[2018.12.16 23:48:23 | 004,858,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsRemoteEngine.exe
[2018.12.16 23:48:23 | 003,632,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsRemoteEngine.exe
[2018.12.16 23:48:23 | 002,818,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d12SDKLayers.dll
[2018.12.16 23:48:23 | 002,249,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d12SDKLayers.dll
[2018.12.16 23:48:23 | 002,000,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsOfflineAnalysis.dll
[2018.12.16 23:48:23 | 001,500,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsOfflineAnalysis.dll
[2018.12.16 23:48:23 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11_3SDKLayers.dll
[2018.12.16 23:48:23 | 001,178,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXCap.exe
[2018.12.16 23:48:23 | 001,100,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11_3SDKLayers.dll
[2018.12.16 23:48:23 | 000,921,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXCap.exe
[2018.12.16 23:48:23 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1debug3.dll
[2018.12.16 23:48:23 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1debug3.dll
[2018.12.16 23:48:23 | 000,402,944 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\DXCpl.exe
[2018.12.16 23:48:23 | 000,380,416 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysWow64\DXCpl.exe
[2018.12.16 23:48:23 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf_gputiming.dll
[2018.12.16 23:48:23 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXGIDebug.dll
[2018.12.16 23:48:23 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsExperiment.dll
[2018.12.16 23:48:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf_gputiming.dll
[2018.12.16 23:48:23 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXGIDebug.dll
[2018.12.16 23:48:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsExperiment.dll
[2018.12.16 23:48:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsMonitor.dll
[2018.12.16 23:48:23 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsReporting.dll
[2018.12.16 23:48:23 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsCapture.dll
[2018.12.16 23:48:23 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsMonitor.dll
[2018.12.16 23:48:23 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsCapture.dll
[2018.12.16 23:48:23 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsReporting.dll
[2018.12.16 23:48:23 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxToolsReportGenerator.dll
[2018.12.16 23:48:23 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxToolsReportGenerator.dll
[2018.12.16 23:48:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VSD3DWARPDebug.dll
[2018.12.16 23:48:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VSD3DWARPDebug.dll
[2018.12.16 23:48:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsProxyStub.dll
[2018.12.16 23:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2018.12.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2018.12.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2018.12.16 23:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
[2018.12.16 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2018.12.16 23:41:50 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.dotnet
[2018.12.16 23:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\dotnet
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3082
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\3082
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2052
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2052
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1055
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1055
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1049
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1049
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1046
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1046
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1045
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1045
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1042
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1042
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1041
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1041
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1040
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1040
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1036
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1036
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1029
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1029
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1028
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1028
[2018.12.16 23:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entity Framework Tools
[2018.12.16 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2018.12.16 23:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2018.12.16 23:34:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2018.12.16 23:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\vstelemetry
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Visual Studio Setup
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\ServiceHub
[2018.12.16 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Microsoft Visual Studio
[2018.12.16 23:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2018.12.16 23:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2018.12.16 23:16:27 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Users\Mortifer\Documents\vs_community.exe
[2018.12.16 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Netflix Checker Pack Moataz
[2018.12.16 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\All-in-One Checker
[2018.12.16 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Mail-Checker-2.0.0.1_1
[2018.12.16 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
[2018.12.16 14:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Npcap
[2018.12.16 14:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Npcap
[2018.12.16 14:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Npcap
[2018.12.16 14:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2018.12.16 07:03:13 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\BlackBullet
[2018.12.16 03:43:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\olly
[2018.12.16 01:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.pylint.d
[2018.12.16 01:00:32 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Python
[2018.12.16 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\pip
[2018.12.16 00:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.idlerc
[2018.12.16 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\AVAST Software
[2018.12.16 00:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVAST Software
[2018.12.16 00:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2018.12.15 12:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\assembly
[2018.12.15 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Deployment
[2018.12.15 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Apps
[2018.12.15 02:43:48 | 000,000,000 | ---D | C] -- C:\Python35
[2018.12.14 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2018.12.14 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Thunderbird
[2018.12.14 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Thunderbird
[2018.12.12 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2018.12.12 04:12:16 | 007,520,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Protection.PlayReady.dll
[2018.12.12 04:12:16 | 006,569,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2018.12.12 04:12:14 | 025,855,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\edgehtml.dll
[2018.12.12 04:12:07 | 022,016,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgehtml.dll
[2018.12.12 04:12:06 | 009,084,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2018.12.12 04:12:06 | 007,436,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\windows.storage.dll
[2018.12.12 04:12:06 | 001,213,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ClipUp.exe
[2018.12.12 04:12:05 | 007,573,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakra.dll
[2018.12.12 04:12:05 | 005,625,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StartTileData.dll
[2018.12.12 04:12:05 | 001,616,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2018.12.12 04:12:04 | 006,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\windows.storage.dll
[2018.12.12 04:12:04 | 004,710,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdp.dll
[2018.12.12 04:12:04 | 003,396,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2018.12.12 04:12:03 | 013,572,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2018.12.12 04:12:03 | 012,500,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2018.12.12 04:12:02 | 007,057,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mos.dll
[2018.12.12 04:12:02 | 005,775,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Chakra.dll
[2018.12.12 04:12:02 | 001,017,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2018.12.12 04:12:01 | 004,866,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2018.12.12 04:12:01 | 004,708,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.pcshell.dll
[2018.12.12 04:12:01 | 004,384,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EdgeContent.dll
[2018.12.12 04:12:01 | 002,371,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2018.12.12 04:12:01 | 002,331,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2018.12.12 04:12:01 | 000,861,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2018.12.12 04:12:00 | 006,586,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2018.12.12 04:12:00 | 003,649,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kfull.sys
[2018.12.12 04:12:00 | 003,392,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2018.12.12 04:11:59 | 006,032,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2018.12.12 04:11:59 | 003,090,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2018.12.12 04:11:59 | 002,739,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2018.12.12 04:11:59 | 002,364,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2018.12.12 04:11:58 | 004,789,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2018.12.12 04:11:58 | 004,404,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2018.12.12 04:11:58 | 001,826,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.CloudStore.dll
[2018.12.12 04:11:58 | 001,379,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2018.12.12 04:11:58 | 001,221,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvix64.exe
[2018.12.12 04:11:57 | 009,084,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BingMaps.dll
[2018.12.12 04:11:57 | 004,491,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsrchvw.exe
[2018.12.12 04:11:57 | 002,368,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebRuntimeManager.dll
[2018.12.12 04:11:57 | 002,307,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2018.12.12 04:11:57 | 001,457,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dosvc.dll
[2018.12.12 04:11:57 | 001,040,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ApplyTrustOffline.exe
[2018.12.12 04:11:56 | 005,657,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2018.12.12 04:11:56 | 003,179,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2018.12.12 04:11:56 | 002,966,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdp.dll
[2018.12.12 04:11:56 | 002,892,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32kfull.sys
[2018.12.12 04:11:56 | 002,571,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2018.12.12 04:11:56 | 002,394,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2018.12.12 04:11:55 | 008,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2018.12.12 04:11:55 | 005,883,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mos.dll
[2018.12.12 04:11:55 | 003,320,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2018.12.12 04:11:55 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFramework.dll
[2018.12.12 04:11:55 | 001,030,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvax64.exe
[2018.12.12 04:11:54 | 002,700,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2018.12.12 04:11:54 | 001,613,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3D12.dll
[2018.12.12 04:11:53 | 002,900,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2018.12.12 04:11:53 | 002,224,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kbase.sys
[2018.12.12 04:11:53 | 001,943,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2018.12.12 04:11:53 | 001,786,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntVirtualization.dll
[2018.12.12 04:11:53 | 001,627,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\enterprisecsps.dll
[2018.12.12 04:11:53 | 001,364,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpasvc.dll
[2018.12.12 04:11:53 | 001,188,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2018.12.12 04:11:53 | 000,943,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BingOnlineServices.dll
[2018.12.12 04:11:53 | 000,457,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2018.12.12 04:11:52 | 002,825,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapGeocoder.dll
[2018.12.12 04:11:52 | 002,417,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2018.12.12 04:11:52 | 002,258,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2018.12.12 04:11:52 | 001,487,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InstallService.dll
[2018.12.12 04:11:52 | 001,254,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemSettings.Handlers.dll
[2018.12.12 04:11:52 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2018.12.12 04:11:52 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2018.12.12 04:11:52 | 000,808,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EdgeManager.dll
[2018.12.12 04:11:52 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2018.12.12 04:11:52 | 000,416,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2018.12.12 04:11:51 | 006,647,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BingMaps.dll
[2018.12.12 04:11:51 | 003,381,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapRouter.dll
[2018.12.12 04:11:51 | 002,173,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.onecore.dll
[2018.12.12 04:11:51 | 002,161,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2018.12.12 04:11:51 | 001,935,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2018.12.12 04:11:51 | 001,454,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdi32full.dll
[2018.12.12 04:11:51 | 001,364,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcastdvruserservice.dll
[2018.12.12 04:11:51 | 001,209,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2018.12.12 04:11:51 | 001,032,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modernexecserver.dll
[2018.12.12 04:11:51 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ShareHost.dll
[2018.12.12 04:11:51 | 000,884,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapControlCore.dll
[2018.12.12 04:11:50 | 007,987,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2018.12.12 04:11:50 | 002,062,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2018.12.12 04:11:50 | 001,634,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32full.dll
[2018.12.12 04:11:50 | 001,469,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2018.12.12 04:11:50 | 001,299,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3D12.dll
[2018.12.12 04:11:50 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JpMapControl.dll
[2018.12.12 04:11:50 | 001,048,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Shell.Broker.dll
[2018.12.12 04:11:50 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webplatstorageserver.dll
[2018.12.12 04:11:50 | 000,884,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NMAA.dll
[2018.12.12 04:11:50 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PsmServiceExtHost.dll
[2018.12.12 04:11:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\daxexec.dll
[2018.12.12 04:11:50 | 000,491,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2018.12.12 04:11:49 | 003,397,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsrchvw.exe
[2018.12.12 04:11:49 | 002,449,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapRouter.dll
[2018.12.12 04:11:49 | 001,661,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2018.12.12 04:11:49 | 001,457,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2018.12.12 04:11:49 | 001,257,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2018.12.12 04:11:49 | 001,225,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapsStore.dll
[2018.12.12 04:11:49 | 001,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InstallService.dll
[2018.12.12 04:11:49 | 000,930,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2018.12.12 04:11:49 | 000,823,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.appcore.dll
[2018.12.12 04:11:49 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2018.12.12 04:11:49 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BingOnlineServices.dll
[2018.12.12 04:11:49 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2018.12.12 04:11:49 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2018.12.12 04:11:49 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EdgeManager.dll
[2018.12.12 04:11:49 | 000,594,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2018.12.12 04:11:49 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SppExtComObj.Exe
[2018.12.12 04:11:49 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthAvctpSvc.dll
[2018.12.12 04:11:48 | 001,551,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.desktop.dll
[2018.12.12 04:11:48 | 001,422,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntSubsystemController.dll
[2018.12.12 04:11:48 | 001,328,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpx.dll
[2018.12.12 04:11:48 | 001,140,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2018.12.12 04:11:48 | 001,069,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2018.12.12 04:11:48 | 001,038,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVPolicy.dll
[2018.12.12 04:11:48 | 000,982,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2018.12.12 04:11:48 | 000,829,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2018.12.12 04:11:48 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2018.12.12 04:11:48 | 000,777,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2018.12.12 04:11:48 | 000,766,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2018.12.12 04:11:48 | 000,723,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2018.12.12 04:11:48 | 000,550,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2018.12.12 04:11:48 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2018.12.12 04:11:48 | 000,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BTAGService.dll
[2018.12.12 04:11:48 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\edgeIso.dll
[2018.12.12 04:11:48 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll
[2018.12.12 04:11:47 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapGeocoder.dll
[2018.12.12 04:11:47 | 001,627,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVIntegration.dll
[2018.12.12 04:11:47 | 001,535,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2018.12.12 04:11:47 | 001,063,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SecConfig.efi
[2018.12.12 04:11:47 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JpMapControl.dll
[2018.12.12 04:11:47 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ShareHost.dll
[2018.12.12 04:11:47 | 000,830,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVOrchestration.dll
[2018.12.12 04:11:47 | 000,793,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms2.sys
[2018.12.12 04:11:47 | 000,750,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVReporting.dll
[2018.12.12 04:11:47 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2018.12.12 04:11:47 | 000,665,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2018.12.12 04:11:47 | 000,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2018.12.12 04:11:47 | 000,604,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\securekernel.exe
[2018.12.12 04:11:47 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcblaunch.exe
[2018.12.12 04:11:47 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2018.12.12 04:11:47 | 000,549,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppResolver.dll
[2018.12.12 04:11:47 | 000,537,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2018.12.12 04:11:47 | 000,419,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eeprov.dll
[2018.12.12 04:11:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\daxexec.dll
[2018.12.12 04:11:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.System.Diagnostics.dll
[2018.12.12 04:11:47 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ninput.dll
[2018.12.12 04:11:47 | 000,268,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserbroker.dll
[2018.12.12 04:11:47 | 000,260,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2018.12.12 04:11:47 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2018.12.12 04:11:46 | 001,348,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2018.12.12 04:11:46 | 001,150,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVP9DEC.dll
[2018.12.12 04:11:46 | 000,954,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVManifest.dll
[2018.12.12 04:11:46 | 000,895,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2018.12.12 04:11:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NMAA.dll
[2018.12.12 04:11:46 | 000,705,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapControlCore.dll
[2018.12.12 04:11:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.appcore.dll
[2018.12.12 04:11:46 | 000,670,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVCatalog.dll
[2018.12.12 04:11:46 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2018.12.12 04:11:46 | 000,565,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2018.12.12 04:11:46 | 000,530,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapConfiguration.dll
[2018.12.12 04:11:46 | 000,527,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2018.12.12 04:11:46 | 000,495,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TransportDSA.dll
[2018.12.12 04:11:46 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppResolver.dll
[2018.12.12 04:11:46 | 000,399,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVScripting.dll
[2018.12.12 04:11:46 | 000,368,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2018.12.12 04:11:46 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wc_storage.dll
[2018.12.12 04:11:46 | 000,272,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SgrmEnclave.dll
[2018.12.12 04:11:46 | 000,269,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SgrmEnclave_secure.dll
[2018.12.12 04:11:46 | 000,158,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vertdll.dll
[2018.12.12 04:11:46 | 000,130,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rmclient.dll
[2018.12.12 04:11:46 | 000,129,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2018.12.12 04:11:46 | 000,092,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bindflt.sys
[2018.12.12 04:11:45 | 002,590,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2018.12.12 04:11:45 | 001,397,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVP9DEC.dll
[2018.12.12 04:11:45 | 001,308,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVPXENC.dll
[2018.12.12 04:11:45 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVPXENC.dll
[2018.12.12 04:11:45 | 000,825,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntStreamingManager.dll
[2018.12.12 04:11:45 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2018.12.12 04:11:45 | 000,652,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVPublishing.dll
[2018.12.12 04:11:45 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webplatstorageserver.dll
[2018.12.12 04:11:45 | 000,567,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CoreMessaging.dll
[2018.12.12 04:11:45 | 000,555,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2018.12.12 04:11:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AcSpecfc.dll
[2018.12.12 04:11:45 | 000,421,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xbgmengine.dll
[2018.12.12 04:11:45 | 000,413,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2018.12.12 04:11:45 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dusmsvc.dll
[2018.12.12 04:11:45 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgeIso.dll
[2018.12.12 04:11:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ninput.dll
[2018.12.12 04:11:45 | 000,304,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mssecflt.sys
[2018.12.12 04:11:45 | 000,249,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\weretw.dll
[2018.12.12 04:11:45 | 000,231,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVShNotify.exe
[2018.12.12 04:11:45 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appsruprov.dll
[2018.12.12 04:11:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvloader.dll
[2018.12.12 04:11:45 | 000,128,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tm.sys
[2018.12.12 04:11:45 | 000,101,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rmclient.dll
[2018.12.12 04:11:45 | 000,076,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hvservice.sys
[2018.12.12 04:11:45 | 000,058,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iorate.sys
[2018.12.12 04:11:44 | 001,708,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSPhotography.dll
[2018.12.12 04:11:44 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ClipSp.sys
[2018.12.12 04:11:44 | 000,885,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CoreMessaging.dll
[2018.12.12 04:11:44 | 000,873,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2018.12.12 04:11:44 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2018.12.12 04:11:44 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcext.dll
[2018.12.12 04:11:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2018.12.12 04:11:44 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2018.12.12 04:11:44 | 000,413,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2018.12.12 04:11:44 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2018.12.12 04:11:44 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Search.ProtocolHandler.MAPI2.dll
[2018.12.12 04:11:44 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapConfiguration.dll
[2018.12.12 04:11:44 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2018.12.12 04:11:44 | 000,335,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\moshostcore.dll
[2018.12.12 04:11:44 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.System.Diagnostics.dll
[2018.12.12 04:11:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Search.ProtocolHandler.MAPI2.dll
[2018.12.12 04:11:44 | 000,258,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVFileSystemMetadata.dll
[2018.12.12 04:11:44 | 000,228,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVStreamMap.dll
[2018.12.12 04:11:44 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2018.12.12 04:11:44 | 000,201,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVStreamingUX.dll
[2018.12.12 04:11:44 | 000,180,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVDllSurrogate.exe
[2018.12.12 04:11:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2018.12.12 04:11:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2018.12.12 04:11:44 | 000,173,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVNice.exe
[2018.12.12 04:11:44 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\energyprov.dll
[2018.12.12 04:11:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2018.12.12 04:11:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserDataTimeUtil.dll
[2018.12.12 04:11:44 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthhfenum.sys
[2018.12.12 04:11:44 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSoftwareInstallationClient.dll
[2018.12.12 04:11:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserDataTimeUtil.dll
[2018.12.12 04:11:44 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wcnfs.sys
[2018.12.12 04:11:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2018.12.12 04:11:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2018.12.12 04:11:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll
[2018.12.12 04:11:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2018.12.12 04:11:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browser_broker.exe
[2018.12.12 04:11:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mmcss.sys
[2018.12.12 04:11:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnsruprov.dll
[2018.12.12 04:11:44 | 000,022,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hvsicontainerservice.dll
[2018.12.12 04:11:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2018.12.12 04:11:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storqosflt.sys
[2018.12.12 04:11:42 | 001,361,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSPhotography.dll
[2018.12.12 04:11:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2018.12.12 04:11:42 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DataUsageHandlers.dll
[2018.12.12 04:11:42 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\domgmt.dll
[2018.12.12 04:11:42 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msIso.dll
[2018.12.12 04:11:42 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXApplicabilityBlob.dll
[2018.12.12 04:11:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InstallServiceTasks.dll
[2018.12.12 04:11:42 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakradiag.dll
[2018.12.12 04:11:42 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMapi.dll
[2018.12.12 04:11:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InstallServiceTasks.dll
[2018.12.12 04:11:42 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Management.SecureAssessment.dll
[2018.12.12 04:11:42 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DataUsageLiveTileTask.exe
[2018.12.12 04:11:42 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\utcutil.dll
[2018.12.12 04:11:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winhttpcom.dll
[2018.12.12 04:11:42 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzautoupdate.dll
[2018.12.12 04:11:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFrameworkInternalPS.dll
[2018.12.12 04:11:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winhttpcom.dll
[2018.12.12 04:11:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dtdump.exe
[2018.12.12 04:11:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iemigplugin.dll
[2018.12.12 04:11:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2018.12.12 04:11:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\werdiagcontroller.dll
[2018.12.11 20:41:37 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\ProtonVPN
[2018.12.11 20:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ProtonVPN
[2018.12.11 20:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
[2018.12.11 20:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proton Technologies
[2018.12.11 20:41:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\ProtonVPN AG
[2018.12.11 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\gtk-2.0
[2018.12.11 08:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claws Mail
[2018.12.11 08:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Claws Mail
[2018.12.11 08:22:25 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\claws Mail
[2018.12.11 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Claws-mail
[2018.12.11 06:12:00 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\PyBitmessage
[2018.12.11 04:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\kleopatra
[2018.12.11 04:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\gnupg
[2018.12.11 04:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuPG
[2018.12.11 04:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gpg4win
[2018.12.11 04:29:35 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\PGP
[2018.12.10 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Bishop_Fox
[2018.12.10 23:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
[2018.12.10 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bishop Fox
[2018.12.10 15:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2018.12.10 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Sun
[2018.12.10 15:19:42 | 000,110,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2018.12.10 15:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oracle
[2018.12.10 15:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2018.12.10 15:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2018.12.10 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2018.12.10 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\ValidateCreditCard
         
Part5

Code:
ATTFilter
========== Files/Folders - Created Within 7 Days ==========
 
[2018.12.17 02:55:59 | 000,000,000 | ---D | C] -- C:\FRST
[2018.12.17 02:54:19 | 002,417,152 | ---- | C] (Farbar) -- C:\Users\Mortifer\Desktop\FRST64.exe
[2018.12.17 02:20:14 | 005,746,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsDesktopEngine.exe
[2018.12.17 02:20:14 | 004,529,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsDesktopEngine.exe
[2018.12.17 02:20:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsProxyStub.dll
[2018.12.17 02:12:57 | 000,845,488 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\Autoruns64.exe
[2018.12.17 02:12:57 | 000,743,600 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\autorunsc64.exe
[2018.12.17 02:12:57 | 000,716,968 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\Autoruns.exe
[2018.12.17 02:12:57 | 000,629,928 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mortifer\Desktop\autorunsc.exe
[2018.12.17 02:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mortifer\Desktop\OTL.exe
[2018.12.17 02:04:35 | 000,063,768 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018.12.17 02:04:31 | 000,119,136 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018.12.17 02:04:30 | 000,111,152 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018.12.17 01:28:24 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\backups
[2018.12.17 01:20:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mortifer\Desktop\HijackThis.exe
[2018.12.17 01:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2018.12.17 01:10:07 | 000,032,168 | ---- | C] (Safer-Networking Ltd.) -- C:\Windows\SysNative\sdnclean64.exe
[2018.12.17 01:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2018.12.17 01:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2018.12.17 00:49:55 | 000,260,480 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018.12.17 00:47:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2018.12.17 00:46:54 | 007,321,808 | ---- | C] (Malwarebytes) -- C:\Users\Mortifer\Desktop\adwcleaner_7.2.5.0.exe
[2018.12.17 00:30:12 | 000,198,000 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018.12.17 00:25:57 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Visual Studio 2017
[2018.12.17 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Python Scripts
[2018.12.17 00:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
[2018.12.17 00:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.6
[2018.12.17 00:14:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Package Cache
[2018.12.17 00:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2018.12.17 00:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2018.12.17 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS2012Schemas
[2018.12.17 00:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS2010Schemas
[2018.12.17 00:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\dftmp
[2018.12.17 00:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Azure
[2018.12.17 00:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2018.12.17 00:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone Kits
[2018.12.17 00:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
[2018.12.17 00:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2018.12.17 00:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2018.12.17 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2018.12.17 00:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2018.12.16 23:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2018.12.16 23:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2018.12.16 23:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2018.12.16 23:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Kits
[2018.12.16 23:48:23 | 017,871,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXCaptureReplay.dll
[2018.12.16 23:48:23 | 014,058,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXCaptureReplay.dll
[2018.12.16 23:48:23 | 004,858,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsRemoteEngine.exe
[2018.12.16 23:48:23 | 003,632,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsRemoteEngine.exe
[2018.12.16 23:48:23 | 002,818,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d12SDKLayers.dll
[2018.12.16 23:48:23 | 002,249,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d12SDKLayers.dll
[2018.12.16 23:48:23 | 002,000,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsOfflineAnalysis.dll
[2018.12.16 23:48:23 | 001,500,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsOfflineAnalysis.dll
[2018.12.16 23:48:23 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11_3SDKLayers.dll
[2018.12.16 23:48:23 | 001,178,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXCap.exe
[2018.12.16 23:48:23 | 001,100,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11_3SDKLayers.dll
[2018.12.16 23:48:23 | 000,921,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXCap.exe
[2018.12.16 23:48:23 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1debug3.dll
[2018.12.16 23:48:23 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1debug3.dll
[2018.12.16 23:48:23 | 000,402,944 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\DXCpl.exe
[2018.12.16 23:48:23 | 000,380,416 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysWow64\DXCpl.exe
[2018.12.16 23:48:23 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf_gputiming.dll
[2018.12.16 23:48:23 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXGIDebug.dll
[2018.12.16 23:48:23 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsExperiment.dll
[2018.12.16 23:48:23 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf_gputiming.dll
[2018.12.16 23:48:23 | 000,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXGIDebug.dll
[2018.12.16 23:48:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsExperiment.dll
[2018.12.16 23:48:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsMonitor.dll
[2018.12.16 23:48:23 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DXToolsReporting.dll
[2018.12.16 23:48:23 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VsGraphicsCapture.dll
[2018.12.16 23:48:23 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsMonitor.dll
[2018.12.16 23:48:23 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsCapture.dll
[2018.12.16 23:48:23 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DXToolsReporting.dll
[2018.12.16 23:48:23 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DxToolsReportGenerator.dll
[2018.12.16 23:48:23 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DxToolsReportGenerator.dll
[2018.12.16 23:48:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VSD3DWARPDebug.dll
[2018.12.16 23:48:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VSD3DWARPDebug.dll
[2018.12.16 23:48:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VsGraphicsProxyStub.dll
[2018.12.16 23:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2018.12.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2018.12.16 23:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2018.12.16 23:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET Core Runtime Package Store
[2018.12.16 23:42:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2018.12.16 23:41:50 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.dotnet
[2018.12.16 23:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\dotnet
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3082
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\3082
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\2052
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2052
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1055
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1055
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1049
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1049
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1046
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1046
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1045
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1045
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1042
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1042
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1041
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1041
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1040
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1040
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1036
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1036
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1031
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1031
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1029
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1029
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1028
[2018.12.16 23:38:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1028
[2018.12.16 23:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entity Framework Tools
[2018.12.16 23:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2018.12.16 23:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2018.12.16 23:34:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2018.12.16 23:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2018.12.16 23:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\vstelemetry
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Visual Studio Setup
[2018.12.16 23:18:26 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\ServiceHub
[2018.12.16 23:18:25 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Microsoft Visual Studio
[2018.12.16 23:18:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2018.12.16 23:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2018.12.16 23:16:27 | 001,281,536 | ---- | C] (Microsoft Corporation) -- C:\Users\Mortifer\Documents\vs_community.exe
[2018.12.16 21:26:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Netflix Checker Pack Moataz
[2018.12.16 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\All-in-One Checker
[2018.12.16 21:18:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\Mail-Checker-2.0.0.1_1
[2018.12.16 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
[2018.12.16 14:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Npcap
[2018.12.16 14:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Npcap
[2018.12.16 14:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Npcap
[2018.12.16 14:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2018.12.16 07:03:13 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Documents\BlackBullet
[2018.12.16 03:43:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\olly
[2018.12.16 01:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.pylint.d
[2018.12.16 01:00:32 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Python
[2018.12.16 01:00:24 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\pip
[2018.12.16 00:58:39 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\.idlerc
[2018.12.16 00:18:00 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\AVAST Software
[2018.12.16 00:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVAST Software
[2018.12.16 00:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2018.12.15 12:11:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\assembly
[2018.12.15 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Deployment
[2018.12.15 11:18:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Apps
[2018.12.15 02:43:48 | 000,000,000 | ---D | C] -- C:\Python35
[2018.12.14 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2018.12.14 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Thunderbird
[2018.12.14 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Thunderbird
[2018.12.12 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2018.12.12 04:12:16 | 007,520,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Protection.PlayReady.dll
[2018.12.12 04:12:16 | 006,569,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2018.12.12 04:12:14 | 025,855,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\edgehtml.dll
[2018.12.12 04:12:07 | 022,016,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgehtml.dll
[2018.12.12 04:12:06 | 009,084,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2018.12.12 04:12:06 | 007,436,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\windows.storage.dll
[2018.12.12 04:12:06 | 001,213,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ClipUp.exe
[2018.12.12 04:12:05 | 007,573,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakra.dll
[2018.12.12 04:12:05 | 005,625,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StartTileData.dll
[2018.12.12 04:12:05 | 001,616,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2018.12.12 04:12:04 | 006,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\windows.storage.dll
[2018.12.12 04:12:04 | 004,710,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdp.dll
[2018.12.12 04:12:04 | 003,396,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2018.12.12 04:12:03 | 013,572,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2018.12.12 04:12:03 | 012,500,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2018.12.12 04:12:02 | 007,057,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mos.dll
[2018.12.12 04:12:02 | 005,775,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Chakra.dll
[2018.12.12 04:12:02 | 001,017,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2018.12.12 04:12:01 | 004,866,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2018.12.12 04:12:01 | 004,708,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.pcshell.dll
[2018.12.12 04:12:01 | 004,384,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EdgeContent.dll
[2018.12.12 04:12:01 | 002,371,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2018.12.12 04:12:01 | 002,331,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2018.12.12 04:12:01 | 000,861,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2018.12.12 04:12:00 | 006,586,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2018.12.12 04:12:00 | 003,649,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kfull.sys
[2018.12.12 04:12:00 | 003,392,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2018.12.12 04:11:59 | 006,032,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2018.12.12 04:11:59 | 003,090,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagtrack.dll
[2018.12.12 04:11:59 | 002,739,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2018.12.12 04:11:59 | 002,364,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OpcServices.dll
[2018.12.12 04:11:58 | 004,789,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2018.12.12 04:11:58 | 004,404,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2018.12.12 04:11:58 | 001,826,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.CloudStore.dll
[2018.12.12 04:11:58 | 001,379,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2018.12.12 04:11:58 | 001,221,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvix64.exe
[2018.12.12 04:11:57 | 009,084,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BingMaps.dll
[2018.12.12 04:11:57 | 004,491,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsrchvw.exe
[2018.12.12 04:11:57 | 002,368,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebRuntimeManager.dll
[2018.12.12 04:11:57 | 002,307,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2018.12.12 04:11:57 | 001,457,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dosvc.dll
[2018.12.12 04:11:57 | 001,040,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ApplyTrustOffline.exe
[2018.12.12 04:11:56 | 005,657,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2018.12.12 04:11:56 | 003,179,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2018.12.12 04:11:56 | 002,966,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdp.dll
[2018.12.12 04:11:56 | 002,892,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32kfull.sys
[2018.12.12 04:11:56 | 002,571,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2018.12.12 04:11:56 | 002,394,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2018.12.12 04:11:55 | 008,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2018.12.12 04:11:55 | 005,883,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mos.dll
[2018.12.12 04:11:55 | 003,320,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2018.12.12 04:11:55 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFramework.dll
[2018.12.12 04:11:55 | 001,030,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvax64.exe
[2018.12.12 04:11:54 | 002,700,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2018.12.12 04:11:54 | 001,613,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3D12.dll
[2018.12.12 04:11:53 | 002,900,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2018.12.12 04:11:53 | 002,224,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32kbase.sys
[2018.12.12 04:11:53 | 001,943,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2018.12.12 04:11:53 | 001,786,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntVirtualization.dll
[2018.12.12 04:11:53 | 001,627,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\enterprisecsps.dll
[2018.12.12 04:11:53 | 001,364,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpasvc.dll
[2018.12.12 04:11:53 | 001,188,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2018.12.12 04:11:53 | 000,943,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BingOnlineServices.dll
[2018.12.12 04:11:53 | 000,457,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2018.12.12 04:11:52 | 002,825,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapGeocoder.dll
[2018.12.12 04:11:52 | 002,417,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2018.12.12 04:11:52 | 002,258,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2018.12.12 04:11:52 | 001,487,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InstallService.dll
[2018.12.12 04:11:52 | 001,254,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemSettings.Handlers.dll
[2018.12.12 04:11:52 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2018.12.12 04:11:52 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2018.12.12 04:11:52 | 000,808,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EdgeManager.dll
[2018.12.12 04:11:52 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2018.12.12 04:11:52 | 000,416,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2018.12.12 04:11:51 | 006,647,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BingMaps.dll
[2018.12.12 04:11:51 | 003,381,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapRouter.dll
[2018.12.12 04:11:51 | 002,173,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.onecore.dll
[2018.12.12 04:11:51 | 002,161,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2018.12.12 04:11:51 | 001,935,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2018.12.12 04:11:51 | 001,454,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdi32full.dll
[2018.12.12 04:11:51 | 001,364,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcastdvruserservice.dll
[2018.12.12 04:11:51 | 001,209,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2018.12.12 04:11:51 | 001,032,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modernexecserver.dll
[2018.12.12 04:11:51 | 001,023,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ShareHost.dll
[2018.12.12 04:11:51 | 000,884,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapControlCore.dll
[2018.12.12 04:11:50 | 007,987,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2018.12.12 04:11:50 | 002,062,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2018.12.12 04:11:50 | 001,634,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32full.dll
[2018.12.12 04:11:50 | 001,469,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2018.12.12 04:11:50 | 001,299,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3D12.dll
[2018.12.12 04:11:50 | 001,264,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JpMapControl.dll
[2018.12.12 04:11:50 | 001,048,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Shell.Broker.dll
[2018.12.12 04:11:50 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webplatstorageserver.dll
[2018.12.12 04:11:50 | 000,884,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NMAA.dll
[2018.12.12 04:11:50 | 000,623,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PsmServiceExtHost.dll
[2018.12.12 04:11:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\daxexec.dll
[2018.12.12 04:11:50 | 000,491,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2018.12.12 04:11:49 | 003,397,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsrchvw.exe
[2018.12.12 04:11:49 | 002,449,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapRouter.dll
[2018.12.12 04:11:49 | 001,661,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2018.12.12 04:11:49 | 001,457,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2018.12.12 04:11:49 | 001,257,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2018.12.12 04:11:49 | 001,225,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapsStore.dll
[2018.12.12 04:11:49 | 001,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InstallService.dll
[2018.12.12 04:11:49 | 000,930,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2018.12.12 04:11:49 | 000,823,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.appcore.dll
[2018.12.12 04:11:49 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2018.12.12 04:11:49 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BingOnlineServices.dll
[2018.12.12 04:11:49 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2018.12.12 04:11:49 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2018.12.12 04:11:49 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EdgeManager.dll
[2018.12.12 04:11:49 | 000,594,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2018.12.12 04:11:49 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SppExtComObj.Exe
[2018.12.12 04:11:49 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BthAvctpSvc.dll
[2018.12.12 04:11:48 | 001,551,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.desktop.dll
[2018.12.12 04:11:48 | 001,422,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntSubsystemController.dll
[2018.12.12 04:11:48 | 001,328,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpx.dll
[2018.12.12 04:11:48 | 001,140,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2018.12.12 04:11:48 | 001,069,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2018.12.12 04:11:48 | 001,038,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVPolicy.dll
[2018.12.12 04:11:48 | 000,982,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2018.12.12 04:11:48 | 000,829,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2018.12.12 04:11:48 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2018.12.12 04:11:48 | 000,777,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2018.12.12 04:11:48 | 000,766,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2018.12.12 04:11:48 | 000,723,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2018.12.12 04:11:48 | 000,550,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2018.12.12 04:11:48 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2018.12.12 04:11:48 | 000,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BTAGService.dll
[2018.12.12 04:11:48 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\edgeIso.dll
[2018.12.12 04:11:48 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll
[2018.12.12 04:11:47 | 001,986,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapGeocoder.dll
[2018.12.12 04:11:47 | 001,627,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVIntegration.dll
[2018.12.12 04:11:47 | 001,535,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2018.12.12 04:11:47 | 001,063,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SecConfig.efi
[2018.12.12 04:11:47 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JpMapControl.dll
[2018.12.12 04:11:47 | 000,848,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ShareHost.dll
[2018.12.12 04:11:47 | 000,830,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVOrchestration.dll
[2018.12.12 04:11:47 | 000,793,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms2.sys
[2018.12.12 04:11:47 | 000,750,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVReporting.dll
[2018.12.12 04:11:47 | 000,693,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2018.12.12 04:11:47 | 000,665,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2018.12.12 04:11:47 | 000,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2018.12.12 04:11:47 | 000,604,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\securekernel.exe
[2018.12.12 04:11:47 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcblaunch.exe
[2018.12.12 04:11:47 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2018.12.12 04:11:47 | 000,549,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppResolver.dll
[2018.12.12 04:11:47 | 000,537,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2018.12.12 04:11:47 | 000,419,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eeprov.dll
[2018.12.12 04:11:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\daxexec.dll
[2018.12.12 04:11:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.System.Diagnostics.dll
[2018.12.12 04:11:47 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ninput.dll
[2018.12.12 04:11:47 | 000,268,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserbroker.dll
[2018.12.12 04:11:47 | 000,260,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2018.12.12 04:11:47 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2018.12.12 04:11:46 | 001,348,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\OpcServices.dll
[2018.12.12 04:11:46 | 001,150,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVP9DEC.dll
[2018.12.12 04:11:46 | 000,954,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVManifest.dll
[2018.12.12 04:11:46 | 000,895,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2018.12.12 04:11:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NMAA.dll
[2018.12.12 04:11:46 | 000,705,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapControlCore.dll
[2018.12.12 04:11:46 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.appcore.dll
[2018.12.12 04:11:46 | 000,670,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVCatalog.dll
[2018.12.12 04:11:46 | 000,573,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2018.12.12 04:11:46 | 000,565,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2018.12.12 04:11:46 | 000,530,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MapConfiguration.dll
[2018.12.12 04:11:46 | 000,527,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2018.12.12 04:11:46 | 000,495,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TransportDSA.dll
[2018.12.12 04:11:46 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppResolver.dll
[2018.12.12 04:11:46 | 000,399,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVScripting.dll
[2018.12.12 04:11:46 | 000,368,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thumbcache.dll
[2018.12.12 04:11:46 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wc_storage.dll
[2018.12.12 04:11:46 | 000,272,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SgrmEnclave.dll
[2018.12.12 04:11:46 | 000,269,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SgrmEnclave_secure.dll
[2018.12.12 04:11:46 | 000,158,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vertdll.dll
[2018.12.12 04:11:46 | 000,130,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rmclient.dll
[2018.12.12 04:11:46 | 000,129,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2018.12.12 04:11:46 | 000,092,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bindflt.sys
[2018.12.12 04:11:45 | 002,590,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2018.12.12 04:11:45 | 001,397,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVP9DEC.dll
[2018.12.12 04:11:45 | 001,308,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVPXENC.dll
[2018.12.12 04:11:45 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVPXENC.dll
[2018.12.12 04:11:45 | 000,825,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVEntStreamingManager.dll
[2018.12.12 04:11:45 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2018.12.12 04:11:45 | 000,652,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVPublishing.dll
[2018.12.12 04:11:45 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webplatstorageserver.dll
[2018.12.12 04:11:45 | 000,567,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CoreMessaging.dll
[2018.12.12 04:11:45 | 000,555,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2018.12.12 04:11:45 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AcSpecfc.dll
[2018.12.12 04:11:45 | 000,421,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xbgmengine.dll
[2018.12.12 04:11:45 | 000,413,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2018.12.12 04:11:45 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dusmsvc.dll
[2018.12.12 04:11:45 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\edgeIso.dll
[2018.12.12 04:11:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ninput.dll
[2018.12.12 04:11:45 | 000,304,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mssecflt.sys
[2018.12.12 04:11:45 | 000,249,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\weretw.dll
[2018.12.12 04:11:45 | 000,231,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVShNotify.exe
[2018.12.12 04:11:45 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appsruprov.dll
[2018.12.12 04:11:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hvloader.dll
[2018.12.12 04:11:45 | 000,128,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tm.sys
[2018.12.12 04:11:45 | 000,101,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rmclient.dll
[2018.12.12 04:11:45 | 000,076,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hvservice.sys
[2018.12.12 04:11:45 | 000,058,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\iorate.sys
[2018.12.12 04:11:44 | 001,708,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSPhotography.dll
[2018.12.12 04:11:44 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ClipSp.sys
[2018.12.12 04:11:44 | 000,885,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CoreMessaging.dll
[2018.12.12 04:11:44 | 000,873,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2018.12.12 04:11:44 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2018.12.12 04:11:44 | 000,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppcext.dll
[2018.12.12 04:11:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2018.12.12 04:11:44 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdedit.exe
[2018.12.12 04:11:44 | 000,413,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2018.12.12 04:11:44 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2018.12.12 04:11:44 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Search.ProtocolHandler.MAPI2.dll
[2018.12.12 04:11:44 | 000,392,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MapConfiguration.dll
[2018.12.12 04:11:44 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2018.12.12 04:11:44 | 000,335,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\moshostcore.dll
[2018.12.12 04:11:44 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.System.Diagnostics.dll
[2018.12.12 04:11:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Search.ProtocolHandler.MAPI2.dll
[2018.12.12 04:11:44 | 000,258,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVFileSystemMetadata.dll
[2018.12.12 04:11:44 | 000,228,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVStreamMap.dll
[2018.12.12 04:11:44 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2018.12.12 04:11:44 | 000,201,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVStreamingUX.dll
[2018.12.12 04:11:44 | 000,180,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVDllSurrogate.exe
[2018.12.12 04:11:44 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2018.12.12 04:11:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2018.12.12 04:11:44 | 000,173,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppVNice.exe
[2018.12.12 04:11:44 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\energyprov.dll
[2018.12.12 04:11:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2018.12.12 04:11:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserDataTimeUtil.dll
[2018.12.12 04:11:44 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\bthhfenum.sys
[2018.12.12 04:11:44 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSoftwareInstallationClient.dll
[2018.12.12 04:11:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserDataTimeUtil.dll
[2018.12.12 04:11:44 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wcnfs.sys
[2018.12.12 04:11:44 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2018.12.12 04:11:44 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2018.12.12 04:11:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll
[2018.12.12 04:11:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2018.12.12 04:11:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browser_broker.exe
[2018.12.12 04:11:44 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mmcss.sys
[2018.12.12 04:11:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnsruprov.dll
[2018.12.12 04:11:44 | 000,022,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hvsicontainerservice.dll
[2018.12.12 04:11:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2018.12.12 04:11:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storqosflt.sys
[2018.12.12 04:11:42 | 001,361,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSPhotography.dll
[2018.12.12 04:11:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2018.12.12 04:11:42 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DataUsageHandlers.dll
[2018.12.12 04:11:42 | 000,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\domgmt.dll
[2018.12.12 04:11:42 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msIso.dll
[2018.12.12 04:11:42 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXApplicabilityBlob.dll
[2018.12.12 04:11:42 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InstallServiceTasks.dll
[2018.12.12 04:11:42 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Chakradiag.dll
[2018.12.12 04:11:42 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMapi.dll
[2018.12.12 04:11:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InstallServiceTasks.dll
[2018.12.12 04:11:42 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Internal.Management.SecureAssessment.dll
[2018.12.12 04:11:42 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DataUsageLiveTileTask.exe
[2018.12.12 04:11:42 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\utcutil.dll
[2018.12.12 04:11:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winhttpcom.dll
[2018.12.12 04:11:42 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzautoupdate.dll
[2018.12.12 04:11:42 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationFrameworkInternalPS.dll
[2018.12.12 04:11:42 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winhttpcom.dll
[2018.12.12 04:11:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dtdump.exe
[2018.12.12 04:11:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iemigplugin.dll
[2018.12.12 04:11:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2018.12.12 04:11:42 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\werdiagcontroller.dll
[2018.12.11 20:41:37 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\ProtonVPN
[2018.12.11 20:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ProtonVPN
[2018.12.11 20:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
[2018.12.11 20:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proton Technologies
[2018.12.11 20:41:05 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\ProtonVPN AG
[2018.12.11 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\gtk-2.0
[2018.12.11 08:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claws Mail
[2018.12.11 08:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Claws Mail
[2018.12.11 08:22:25 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\claws Mail
[2018.12.11 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Claws-mail
[2018.12.11 06:12:00 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\PyBitmessage
[2018.12.11 04:51:20 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\kleopatra
[2018.12.11 04:46:10 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\gnupg
[2018.12.11 04:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuPG
[2018.12.11 04:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gpg4win
[2018.12.11 04:29:35 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\PGP
[2018.12.10 23:10:54 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Local\Bishop_Fox
[2018.12.10 23:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bishop Fox
[2018.12.10 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bishop Fox
[2018.12.10 15:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2018.12.10 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\AppData\Roaming\Sun
[2018.12.10 15:19:42 | 000,110,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2018.12.10 15:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oracle
[2018.12.10 15:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2018.12.10 15:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2018.12.10 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2018.12.10 15:10:28 | 000,000,000 | ---D | C] -- C:\Users\Mortifer\Desktop\ValidateCreditCard
         

Geändert von korato (17.12.2018 um 04:12 Uhr)

Alt 17.12.2018, 04:16   #7
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



part6

Code:
ATTFilter
========== Files - Modified Within 7 Days ==========
 
[2018.12.17 04:23:42 | 000,000,000 | ---- | M] () -- C:\Windows\directx.sys
[2018.12.17 02:54:19 | 002,417,152 | ---- | M] (Farbar) -- C:\Users\Mortifer\Desktop\FRST64.exe
[2018.12.17 02:12:08 | 001,107,968 | ---- | M] () -- C:\Users\Mortifer\Desktop\RSIT.exe
[2018.12.17 02:10:22 | 001,837,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018.12.17 02:10:22 | 000,786,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2018.12.17 02:10:22 | 000,737,688 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018.12.17 02:10:22 | 000,168,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2018.12.17 02:10:22 | 000,148,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018.12.17 02:09:52 | 001,306,150 | ---- | M] () -- C:\Users\Mortifer\Desktop\Autoruns.zip
[2018.12.17 02:07:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mortifer\Desktop\OTL.exe
[2018.12.17 02:06:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018.12.17 02:04:35 | 000,063,768 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018.12.17 02:04:31 | 000,119,136 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018.12.17 02:04:30 | 000,111,152 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018.12.17 02:04:22 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2018.12.17 02:04:21 | 2560,823,295 | -HS- | M] () -- C:\hiberfil.sys
[2018.12.17 01:20:04 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mortifer\Desktop\HijackThis.exe
[2018.12.17 01:10:10 | 000,001,452 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2018.12.17 00:49:55 | 000,260,480 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018.12.17 00:46:54 | 007,321,808 | ---- | M] (Malwarebytes) -- C:\Users\Mortifer\Desktop\adwcleaner_7.2.5.0.exe
[2018.12.17 00:30:12 | 000,198,000 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018.12.16 23:16:27 | 001,281,536 | ---- | M] (Microsoft Corporation) -- C:\Users\Mortifer\Documents\vs_community.exe
[2018.12.16 14:55:09 | 000,001,036 | ---- | M] () -- C:\Users\Mortifer\Desktop\Nmap - Zenmap GUI.lnk
[2018.12.16 07:02:59 | 024,203,365 | ---- | M] () -- C:\Users\Mortifer\Documents\BlackBullet.zip
[2018.12.16 04:41:45 | 000,000,810 | ---- | M] () -- C:\Users\Mortifer\Documents\Downloads - Verknüpfung.lnk
[2018.12.16 01:53:12 | 000,002,157 | ---- | M] () -- C:\Users\Mortifer\Desktop\PUBG MOBILE.lnk
[2018.12.16 00:55:57 | 000,008,933 | ---- | M] () -- C:\Users\Mortifer\Desktop\recommender.py
[2018.12.15 22:07:13 | 000,031,886 | ---- | M] () -- C:\Users\Mortifer\Documents\Datenbank.kdbx
[2018.12.15 04:06:58 | 000,000,000 | ---- | M] () -- C:\Users\Mortifer\Desktop\firstTry
[2018.12.14 17:41:58 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2018.12.14 14:39:32 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield™ V.lnk
[2018.12.12 09:44:20 | 000,407,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018.12.11 20:41:30 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\ProtonVPN.lnk
[2018.12.11 17:01:47 | 000,003,199 | ---- | M] () -- C:\Users\Mortifer\Desktop\E52CD47FB3A7B96D5551EB48B7E0C348D07561BE.asc
[2018.12.11 17:01:11 | 000,000,735 | ---- | M] () -- C:\Users\Mortifer\AppData\Local\recently-used.xbel
[2018.12.11 08:35:27 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Claws-Mail.lnk
[2018.12.11 07:36:00 | 000,004,938 | ---- | M] () -- C:\Users\Mortifer\Desktop\test123456.gpg
[2018.12.11 04:46:11 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Kleopatra.lnk
[2018.12.11 04:46:11 | 000,001,338 | ---- | M] () -- C:\Users\Public\Desktop\GPA.lnk
[2018.12.11 03:21:52 | 000,330,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wd\WdFilter.sys
[2018.12.11 03:21:52 | 000,062,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wd\WdNisDrv.sys
[2018.12.11 03:21:52 | 000,046,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wd\WdBoot.sys
[2018.12.11 02:42:13 | 001,269,132 | ---- | M] () -- C:\Users\Mortifer\Desktop\SQLi Dorks By The N3RoX.rar
[2018.12.10 23:25:41 | 019,833,350 | ---- | M] () -- C:\Users\Mortifer\Desktop\10.12.18.html
[2018.12.10 23:09:29 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\SearchDiggity.lnk
[2018.12.10 15:19:38 | 000,110,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2018.12.10 05:44:35 | 003,260,163 | ---- | M] () -- C:\Users\Mortifer\Documents\Journey-Into-the-Hidden-Web-A-Guide-For-New-Researchers.pdf
 
========== Files Created - No Company Name ==========
 
[2018.12.17 02:12:57 | 000,050,512 | ---- | C] () -- C:\Users\Mortifer\Desktop\autoruns.chm
[2018.12.17 02:12:08 | 001,107,968 | ---- | C] () -- C:\Users\Mortifer\Desktop\RSIT.exe
[2018.12.17 02:09:52 | 001,306,150 | ---- | C] () -- C:\Users\Mortifer\Desktop\Autoruns.zip
[2018.12.17 01:10:10 | 000,001,464 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2018.12.17 01:10:10 | 000,001,452 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2018.12.16 23:38:16 | 000,001,697 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2017.lnk
[2018.12.16 23:33:27 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
[2018.12.16 23:18:29 | 000,001,359 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
[2018.12.16 22:23:30 | 000,000,000 | ---- | C] () -- C:\Windows\directx.sys
[2018.12.16 21:26:13 | 016,792,060 | ---- | C] () -- C:\Users\Mortifer\Documents\Netflix Checker Pack Moataz.zip
[2018.12.16 21:20:58 | 002,078,383 | ---- | C] () -- C:\Users\Mortifer\Documents\All-in-One Checker.rar
[2018.12.16 21:18:20 | 002,769,828 | ---- | C] () -- C:\Users\Mortifer\Documents\Mail-Checker-2.0.0.1_1.7z
[2018.12.16 14:55:09 | 000,001,036 | ---- | C] () -- C:\Users\Mortifer\Desktop\Nmap - Zenmap GUI.lnk
[2018.12.16 07:02:58 | 024,203,365 | ---- | C] () -- C:\Users\Mortifer\Documents\BlackBullet.zip
[2018.12.16 04:41:45 | 000,000,810 | ---- | C] () -- C:\Users\Mortifer\Documents\Downloads - Verknüpfung.lnk
[2018.12.16 01:53:12 | 000,002,157 | ---- | C] () -- C:\Users\Mortifer\Desktop\PUBG MOBILE.lnk
[2018.12.16 00:55:57 | 000,008,933 | ---- | C] () -- C:\Users\Mortifer\Desktop\recommender.py
[2018.12.15 19:44:06 | 000,000,000 | ---- | C] () -- C:\Users\Mortifer\Desktop\firstTry
[2018.12.14 17:41:57 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2018.12.14 17:41:57 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2018.12.12 04:11:46 | 000,034,104 | ---- | C] () -- C:\Windows\SysNative\SyncAppvPublishingServer.exe
[2018.12.12 04:11:42 | 000,001,310 | ---- | C] () -- C:\Windows\SysNative\tcbres.wim
[2018.12.11 20:41:30 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\ProtonVPN.lnk
[2018.12.11 17:01:47 | 000,003,199 | ---- | C] () -- C:\Users\Mortifer\Desktop\E52CD47FB3A7B96D5551EB48B7E0C348D07561BE.asc
[2018.12.11 17:01:11 | 000,000,735 | ---- | C] () -- C:\Users\Mortifer\AppData\Local\recently-used.xbel
[2018.12.11 08:35:27 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Claws-Mail.lnk
[2018.12.11 07:34:53 | 000,004,938 | ---- | C] () -- C:\Users\Mortifer\Desktop\test123456.gpg
[2018.12.11 04:46:11 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk
[2018.12.11 04:46:11 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Kleopatra.lnk
[2018.12.11 04:46:11 | 000,001,350 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPA.lnk
[2018.12.11 04:46:11 | 000,001,338 | ---- | C] () -- C:\Users\Public\Desktop\GPA.lnk
[2018.12.11 02:42:12 | 001,269,132 | ---- | C] () -- C:\Users\Mortifer\Desktop\SQLi Dorks By The N3RoX.rar
[2018.12.10 23:25:33 | 019,833,350 | ---- | C] () -- C:\Users\Mortifer\Desktop\10.12.18.html
[2018.12.10 23:09:29 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\SearchDiggity.lnk
[2018.12.10 15:10:28 | 000,411,003 | ---- | C] () -- C:\Users\Mortifer\Desktop\ValidateCreditCard.jar
[2018.12.10 05:44:35 | 003,260,163 | ---- | C] () -- C:\Users\Mortifer\Documents\Journey-Into-the-Hidden-Web-A-Guide-For-New-Researchers.pdf
[2018.12.03 11:55:59 | 011,011,136 | ---- | C] () -- C:\Windows\SysWow64\WSPECRT.dll
[2018.11.27 11:47:46 | 000,845,008 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-999-0-0-0.dll
[2018.11.27 11:47:46 | 000,845,008 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2018.11.27 11:47:46 | 000,243,408 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-999-0-0-0.exe
[2018.11.27 11:47:46 | 000,243,408 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2018.11.07 05:56:19 | 000,007,621 | ---- | C] () -- C:\Users\Mortifer\AppData\Local\Resmon.ResmonCfg
[2018.11.04 19:04:44 | 000,059,232 | ---- | C] () -- C:\Windows\runSW.exe
[2018.11.02 21:44:38 | 001,747,288 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2018.11.02 00:10:08 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2018.11.02 00:04:35 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2018.11.02 00:04:35 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2018.10.06 22:08:16 | 002,841,312 | ---- | C] () -- C:\Windows\SysWow64\Windows.Mirage.dll
[2018.10.06 22:08:16 | 000,018,716 | ---- | C] () -- C:\Windows\SysWow64\srms-apr.dat
[2018.04.19 23:57:10 | 000,116,488 | ---- | C] () -- C:\Windows\SysWow64\appverifUI.dll
[2018.04.12 00:35:13 | 000,034,304 | ---- | C] () -- C:\Windows\SysWow64\vmstaging.dll
[2018.04.12 00:34:55 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2018.04.12 00:34:50 | 000,054,272 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2018.04.12 00:34:49 | 000,002,404 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2018.04.12 00:34:47 | 000,364,200 | ---- | C] () -- C:\Windows\SysWow64\InputHost.dll
[2018.04.12 00:34:46 | 003,575,808 | ---- | C] () -- C:\Windows\SysWow64\Windows.UI.Input.Inking.Analysis.dll
[2018.04.12 00:34:46 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\Windows.WARP.JITService.exe
[2018.04.12 00:34:45 | 000,329,216 | ---- | C] () -- C:\Windows\SysWow64\ssdm.dll
[2018.04.12 00:34:45 | 000,223,232 | ---- | C] () -- C:\Windows\SysWow64\HeatCore.dll
[2018.04.12 00:34:45 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat
[2018.04.12 00:34:45 | 000,111,616 | ---- | C] () -- C:\Windows\SysWow64\WindowsDefaultHeatProcessor.dll
[2018.04.12 00:34:45 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\xboxgipsynthetic.dll
[2018.04.12 00:34:36 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2018.04.12 00:34:30 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2017.08.17 05:00:00 | 000,003,667 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== ZeroAccess Check ==========
 
[2018.11.03 02:16:56 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2018.12.08 09:05:08 | 007,436,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2018.12.08 08:45:52 | 006,043,496 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2018.04.12 00:34:40 | 000,973,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2018.04.12 00:34:55 | 000,785,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2018.04.12 00:34:40 | 000,524,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
OTL EXTRA:

Code:
ATTFilter
OTL Extras logfile created on: 17.12.2018 04:49:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mortifer\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 11,70 Gb Available Physical Memory | 73,31% Memory free
24,96 Gb Paging File | 18,59 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,35 Gb Total Space | 76,52 Gb Free Space | 32,93% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 164,25 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-HP1IRVV | User Name: Mortifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- C:\Windows\svchost.com "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- C:\Windows\svchost.com "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = D5 DD 10 46 39 72 D4 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08274920-8908-45c2-9258-8ad67ff77b09}.sdb" = IIS Express Application Compatibility Database for x64
"{086C537B-DE1A-4A11-8441-6AAF076174B8}" = Microsoft Azure Authoring Tools - v2.9.5.3
"{09472AF9-4E5C-419F-8AFC-E42DE3C00062}" = Python 3.6.6 Core Interpreter (64-bit symbols)
"{09E18595-3DF3-4EA3-90C5-B15FCC49302F}" = Microsoft .NET Core Host FX Resolver - 2.1.6 (x64)
"{0B28A1DB-A543-45FB-8767-DF71EE5A9323}" = Microsoft .NET Core Host - 2.0.9 (x64)
"{0EC8A4AE-29FE-43B9-90C8-4D8D7D62393C}" = Microsoft .NET Core SDK - 2.1.202 (x64)
"{13428472-D58E-476D-932F-5B1B0C1397BE}" = Python 3.6.6 Core Interpreter (64-bit)
"{14AF842C-675E-4268-B493-EB76D9B465A8}" = VS WCF Debugging
"{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}" = Python 3.6.6 Documentation (64-bit)
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20F0B3BE-3E51-4536-BE6E-451359FD5432}" = Python 3.6.6 Tcl/Tk Support (64-bit symbols)
"{26A24AE4-039D-4CA4-87B4-2F64180191F0}" = Java 8 Update 191 (64-bit)
"{33B8D051-4DF5-4103-8FDB-8663E468A204}" = Microsoft SQL Server 2016 LocalDB 
"{33E08F6D-31B5-462C-8DD1-335DA8A88B91}" = Microsoft .NET Core Host - 2.1.6 (x64)
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes Version 3.6.1.2711
"{3ECD99CB-EDAF-45DA-AD9C-2C4875F375FB}" = Microsoft Visual C++ 2017 X64 Minimum Runtime - 14.16.27012
"{440C5592-4EA5-4772-B256-969D66068843}" = DiagnosticsHub_CollectionService
"{44EC13CA-E201-433B-B2D3-386B9609B859}" = Python 3.6.6 Tcl/Tk Support (64-bit)
"{45885E89-108E-2590-C1D5-D3532C2435F7}" = Windows SDK for Windows Store Apps DirectX x64 Remote
"{47683492-C5A1-4BF2-88A7-B8029553ACE6}" = Microsoft .NET Core Runtime - 2.1.6 (x64)
"{4A656C6C-D24A-473F-9747-3A8D00907A04}" = Python 2.7.13 (64-bit)
"{4B816AD0-D12B-498A-8148-7CBE3ED328DE}" = VS JIT Debugger
"{4D137679-6FB4-446B-9BDB-279292FA2D2C}" = Python 3.6.6 Standard Library (64-bit)
"{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}" = IIS 10.0 Express
"{52334BD5-E3B4-3432-AFD5-4C6E408A0110}" = Microsoft Visual Studio Team Foundation Server 2017 RC Office Integration (x64)
"{56ABDBF0-0187-3A3B-8528-DEFCBABF2E2B}" = Microsoft Visual Studio Team Foundation Server 2017 RC Office Integration Language Pack (x64) - ENU
"{598EF772-9320-43B6-9D3C-A60A1F6A804E}" = Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6
"{5ABDD743-82EB-444C-913F-F2BC033AEAE6}" = Microsoft .NET Core Host FX Resolver - 2.0.9 (x64)
"{5AE8DFF5-F9A2-4B59-9875-45BFF82DC1DA}" = Active Directory Authentication Library für SQL Server
"{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}" = Python 3.6.6 Executables (64-bit)
"{5D1BFBB8-4923-4388-9559-C86F5D9E2740}" = Intel(R) Management Engine Components
"{5F42C347-0A33-4BCE-B9D7-CCD1082C3187}" = IntelliTraceProfilerProxy
"{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}" = Application Verifier x64 External Package
"{66C5838F-B854-4A55-89E6-A6138747A4DF}" = Epic Games Launcher Prerequisites (x64)
"{6D4E3F1B-27CF-88EA-1FAA-D0F6E313F23B}" = Windows SDK DirectX x64 Remote
"{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}" = Microsoft Visual Studio Installer
"{7D84E343-A23D-451C-B123-0195B2D903A6}" = Intel® Trusted Connect Service Client
"{88072DD5-CE0A-3AB3-A9DF-53031BFE8BA0}" = Microsoft ASP.NET Core 2.0.9 Runtime Package Store (x64)
"{8B657335-3813-4CF4-A6FE-2AA44BE23F94}" = VS Script Debugging Common
"{90160000-007E-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-008C-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0407-1000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{9198AD57-6396-4DF8-8D0C-20EA764F7986}" = Microsoft SQL Server 2012 Command Line Utilities 
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{9D8D733D-3822-4808-B382-6291910081B2}" = Python 3.6.6 pip Bootstrap (64-bit)
"{A2199A06-89C4-4187-AA4A-3A9676FB799D}" = SlimDX Runtime .NET 4.0 x64 (January 2012)
"{A2BEBCDF-1133-3799-A7DE-CC381FDBDAA1}" = Microsoft ASP.NET Core 2.1.6 Shared Framework (x64)
"{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}" = Python 3.6.6 Standard Library (64-bit symbols)
"{A6D7B449-8F4F-4FA9-B80A-101345AA998A}" = VMware Workstation
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A75E492B-1D84-4E86-BDCA-077B4C536B6D}" = Microsoft .NET Core Runtime - 2.0.9 (x64)
"{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb" = IIS Express Application Compatibility Database for x86
"{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}" = Microsoft Web Deploy 4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.10.0.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 390.41
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 29.1.0.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.18.0907
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 29.1.0.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer" = DisplayDriverAnalyzer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = NVIDIA SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.38.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper" = NVIDIA TelemetryApi helper for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NVIDIA NodeJS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NVIDIA Telemetry Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer" = NVIDIA Telemetry Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci" = NVIDIA Virtual Host Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 3.10.0.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = NVIDIA SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 4.02.2
"{B434599E-E35F-4612-9803-A2FB7A8E066B}" = Intel(R) Management Engine Components
"{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29}" = Intel(R) Chipset Device Software
"{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}" = vs_Graphics_Singletonx64
"{BA468311-E7D1-4226-9F27-61EC895EB46F}" = Microsoft .NET Core SDK 2.1.502 (x64)
"{BA6F1D53-C3F2-F9D5-80CE-CEF608E36AD3}" = Universal CRT Tools x64
"{BB44C8F9-C555-45CF-B6DA-80131B139165}" = Microsoft Azure Compute Emulator - v2.9.5.3
"{BC1F17EB-F70C-4A9D-BAFE-BFFCF3DE24E2}" = Microsoft Visual C++ 2017 X64 Debug Runtime - 14.16.27012
"{C4752757-9240-4518-BE22-A7E2E7CC7D7B}" = Python 3.6.6 Development Libraries (64-bit)
"{C5BD9A00-9221-486E-94BF-9B1553B215AF}" = Python 3.6.6 Test Suite (64-bit symbols)
"{C5C91AA6-3E83-430E-8B7A-6B790083F28D}" = Microsoft Azure Libraries for .NET – v2.9
"{C9596636-022D-4123-B369-98819F772985}" = Python 3.6.6 Test Suite (64-bit)
"{D1DCF56C-C29C-436A-9764-DEA45032EC46}" = Python 3.6.6 Executables (64-bit symbols)
"{DF5B1280-A057-4536-9D03-3BCAA0D4C6F0}" = Microsoft Visual C++ 2017 X64 Additional Runtime - 14.16.27012
"{E524832A-C567-499A-8872-0D79596E4DEE}" = icecap_collection_x64
"{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}" = Python 3.6.6 Utility Scripts (64-bit)
"{E96B47FB-9BB8-2C34-84B7-82F25DE6DCE7}" = Windows App Certification Kit Native Components
"{E9AD0F97-5DF2-4F5B-BC5B-F524D21BF165}" = Microsoft SQL Server 2012 Native Client 
"{ECA145AF-55D0-42BA-870F-4213F0198A46}" = Intel(R) ME UninstallLegacy
"{F1DC3768-6945-4329-A072-F855FA253454}" = Microsoft ASP.NET Core Module V2 for IIS Express
"{FAFEE5E3-E00A-4CE8-B495-8F66A5FAB236}" = Microsoft ASP.NET Core Module for IIS Express
"BlueStacks" = BlueStacks App Player
"CCleaner" = CCleaner
"IDA Demo_is1" = IDA Demo v7.2
"Microsoft Azure Compute Emulator - v2.9.5.3" = Microsoft Azure Compute Emulator - v2.9.5.3
"Mozilla Firefox 60.3.0 ESR (x64 de)" = Mozilla Firefox 60.3.0 ESR (x64 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nightly 66.0a1 (x64 de)" = Nightly 66.0a1 (x64 de)
"Notepad++" = Notepad++ (64-bit x64)
"Pale Moon 28.1.0 (x64 en-US)" = Pale Moon 28.1.0 (x64 en-US)
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2016 - de-de
"Python 3.6.5 (Anaconda3 5.2.0 64-bit)" = Python 3.6.5 (Anaconda3 5.2.0 64-bit)
"Recuva" = Recuva
"Steam App 644930" = They Are Billions
"Steam App 730" = Counter-Strike: Global Offensive
"WinRAR archiver" = WinRAR 5.61 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C0E6F-EFBE-37B2-B4A5-F25E28B56549}" = Visual C++ Compiler/Tools X86 X64 Cross Resource Package
"{008E7522-C30C-1954-BBED-1F8E65094A5B}" = Windows SDK Desktop Libs arm64
"{02078319-BC7B-218A-7690-53692709C041}" = Windows SDK Desktop Libs x86
"{046D36A5-1ADC-E573-1078-5C8602994B1F}" = Windows IoT Extension SDK
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us
"{06b884b0-4947-4439-859f-098e431012d6}" = Microsoft .NET Core SDK - 2.1.202 (x64)
"{07DAE614-3764-32F7-97E2-37D2D7896DCB}" = Visual C++ Compiler/Tools X64 ARM Cross Package
"{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}" = vs_minshellmsires
"{0D6B41AF-D117-8944-A059-3F9346A896C5}" = Universal CRT Headers Libraries and Sources
"{104CBBE4-1D61-05DD-38D2-C3BBA1C212E5}" = Windows SDK for Windows Store Apps Libs
"{10CEAB0E-1842-3AB4-9C91-01D6BEFFD269}" = Visual C++ Compiler/Tools Premium ARM Base Resource Package
"{12702494-9E6A-3F5E-9441-2B7D258A639B}" = Microsoft .NET CoreRuntime SDK
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13F79D3A-88C2-3A1C-9035-6A99EE478DF2}" = Microsoft .NET Native SDK
"{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}" = Microsoft .NET Framework 4.7.2 Targeting Pack
"{18380907-0DDE-C70B-74D1-46F0144502CD}" = Windows SDK EULA
"{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}" = Universal CRT Extension SDK
"{19E8AE59-4D4A-3534-B567-6CC08FA4102E}" = Microsoft .NET Framework 4.5.2 Multi-Targeting Pack
"{1AC6CC3D-7724-4D84-9270-798A2191AB1C}" = vs_tipsmsi
"{1D31A32A-38C5-338B-A990-15DF13A2E519}" = Visual C++ Compiler/Tools Premium X64 Base Resource Package
"{1E406B46-65F4-91CE-65DA-DB66D5443B68}" = MSI Development Tools
"{1F42A73E-CF26-4D67-BA79-752CA56B639F}" = vs_filehandler_x86
"{1FBCBC17-4527-2340-0832-B1D49C41FF67}" = Universal CRT Extension SDK
"{204D6E69-3D06-3ED5-B40F-272368154769}" = Visual C++ Library CRT X86 Desktop Package
"{20FA55A7-3612-46EB-A6EE-73FE4AAD174D}" = Microsoft Azure Storage Emulator - v5.7
"{2148F771-784E-36E7-B467-DED9EC138735}" = Visual C++ Compiler/Tools Premium X64 X86 Cross Package
"{21603239-9380-AE0E-DCDF-FF910036043C}" = Windows SDK for Windows Store Apps Contracts
"{22551B1F-755C-3F8B-9B66-66FF38394B6F}" = Visual C++ Library CRT ARM Redist Package
"{22DC8AC8-D9DC-8989-C12D-C74C3676BDB1}" = Windows SDK Desktop Headers x64
"{23B8EFE9-8716-4560-B3D7-EBAFCDFD25A2}" = Microsoft Visual Studio Setup Configuration
"{241CF4B0-1FCB-C443-433B-B663D59408A7}" = Windows SDK Desktop Tools x86
"{25FC21EA-20C7-45E8-AF72-19FCD56C4047}" = Microsoft UniversalWindowsPlatform SDK
"{26A57173-47DF-4B2A-AA67-0AFBAC313942}" = Microsoft .NET Framework 4.7.2 SDK (Deutsch)
"{2757496A-3E74-320A-B007-36120A9F126D}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706
"{2773DECE-0FE5-4CA9-96A8-621E0185388F}" = Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6
"{28FE86CA-745A-6C3B-3279-2879991FCF24}" = Windows SDK Desktop Tools arm64
"{2AFBA9CE-EFDC-3BB6-9850-26F9B117ED78}" = Visual C++ Library MFC X86 Package
"{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}" = Microsoft .NET Framework 4.6 Targeting Pack
"{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}" = Microsoft .NET Framework 4.6.1 SDK
"{30624D59-9F75-3EC0-8A9A-E2F0AA5EC64F}" = Visual C++ Extra Files
"{31362D53-8B8F-3C23-9E45-4FFBDAF6F6E0}" = Visual C++ Library CRT X86 Redist Package
"{3161DA68-DD37-4798-82DB-B3A0BD6BA233}" = vs_Graphics_Singletonx86
"{316A3FC9-2378-314E-AEE2-3D89A1B4DD21}" = Visual C++ Compiler/Tools Premium X64 X86 Cross Resource Package
"{32593C5B-EEAD-49F1-8968-211C5C311072}" = SearchDiggity
"{34444137-7EA0-3BC1-B658-1EBD0FE81B8F}" = Visual C++ Compiler/Tools X64 Native Resource Package
"{346B2C02-CC0D-6E09-8B9D-CAA2821473CF}" = SDK ARM Additions
"{366FE23C-D417-99CF-9606-130F37CC6C3F}" = Windows SDK Desktop Headers arm64
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{3755CD99-C62E-3312-DDD3-29A4F259270D}" = WinRT Intellisense Mobile - en-us
"{389D182F-0ADA-5C7E-FF32-2573A821592C}" = WinRT Intellisense Desktop - en-us
"{39E15475-23F2-345D-8977-B5DC47A94E26}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706
"{3A5BBDEC-5254-43DA-F809-443771DBCB85}" = Windows SDK for Windows Store Apps Tools
"{3A78DA3D-C8D4-429D-B536-6E59A0088451}" = vs_minshellinteropmsi
"{3A971391-8100-F9CB-06EB-6510C6B68937}" = Windows SDK Facade Windows WinMD Versioned
"{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}" = TypeScript SDK
"{4095D263-6A13-78D3-DEDA-AA3452011F6E}" = WinRT Intellisense UAP - en-us
"{40A1FE86-43BB-FE81-2A71-B71E13F8167A}" = Windows SDK for Windows Store Apps Headers
"{40A614D0-87A0-3B22-AE11-23A1917ADEF5}" = Visual C++ Compiler/Tools X64 ARM Cross Resource Package
"{427ada59-85e7-4bc8-b8d5-ebf59db60423}" = Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012
"{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}" = Epic Games Launcher
"{42ED6C21-EA96-3FF8-851E-F4A08951A3BB}" = Visual C++ Library CRT X86 OneCore For Desktop Package
"{445D4B64-9E1D-C610-50B5-BAF5B11D7E70}" = Windows SDK ARM Desktop Tools
"{46AA143E-E3A6-3067-9DA5-F0737566F898}" = Visual C++ Compiler/Tools X64 X86 Cross Resource Package
"{4805DC86-DEBF-4A5C-B9C4-291FA6441548}" = TP-Link Archer T4U Driver
"{4808DE19-ED88-39E0-8824-85A4AC1BFF86}" = Visual C++ Library CRT X64 Store Package
"{48A8F171-52F2-372B-8414-EA50617708BE}" = Microsoft .NET CoreRuntime For CoreCon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B16F2E6-8A76-5A63-2890-329FB7C98C70}" = Windows Team Extension SDK
"{4B230374-6475-4A73-BA6E-41015E9C5013}" = Intel® Security Assist
"{4B691388-E031-4268-A096-95173D1E6E0F}" = icecap_collectionresources
"{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}" = Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch)
"{4FCD7550-A8CF-47FF-AEA9-E0B03F9E82E7}" = Microsoft Visual C++ 2017 X86 Debug Runtime - 14.16.27012
"{5073B1D2-656B-F677-AC77-5F8DAA8888B2}" = Windows SDK Modern Versioned Developer Tools
"{50C05B8C-47A8-FD93-B84E-6AAA99732700}" = Windows Mobile Extension SDK
"{5297D80E-CD92-48D8-9DB0-301AB3205772}" = vs_communitymsires
"{529EFF09-750D-48B9-A47A-34A3B6248C3F}" = Microsoft .NET Framework 4.6.1 SDK (Deutsch)
"{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1" = Wondershare Helper Compact 2.5.2
"{53CD5D4F-2577-3DEA-BED9-B4D9E8F3530E}" = Visual C++ MSBuild X64 Package
"{53DDD18E-A6F4-3EEE-84A2-848830B469AA}" = Visual C++ Compiler/Tools Premium X86 ARM Cross Package
"{54B0FCDB-D20D-3C6C-ACEB-41589846CA90}" = Visual C++ Library CRT Redist Resource Package
"{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}" = VS Immersive Activate Helper
"{5686C5E9-A3B3-451E-A2EA-4C246CDE5CC9}" = Microsoft .NET Framework 4.7.1 Targeting Pack
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}" = vs_SQLClickOnceBootstrappermsi
"{586380AB-3003-92AB-EB8E-3C33020ED8C3}" = Windows SDK Desktop Libs arm
"{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}" = icecap_collectionresourcesx64
"{5AD4A604-B476-1578-2A20-6B02FC6258BE}" = WinAppDeploy
"{5B970BE4-A2F2-41BD-8B91-FEA8DAA1DB9B}" = Paket zur Festlegung von "Doc Redirected"-Zielversionen von Microsoft .NET Framework 4.7.1 (Deutsch)
"{5F064AC5-47B1-3A1B-8DCE-8964FFB4185C}" = Windows Espc Package
"{5F195F7B-9D18-3AEB-A5A7-FAF1FEE0F216}" = Visual C++ Compiler/Tools Premium X86 Base Package
"{5F3A2896-3E91-3770-92F7-33EBA12C54B8}" = Visual C++ Library MFC MBCS Package
"{5f83ccda-0498-4b97-a298-16a642bf49f2}" = Windows Software Development Kit - Windows 10.0.17134.12
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{664F529C-8856-4B9B-BF90-3B3F7C047ABE}" = windows_toolscorepkg
"{66CEB5CD-2D62-66EA-8969-BDC63E71D7B6}" = Windows Desktop Extension SDK
"{66EEDDAB-DF4D-424D-8E15-2D9B41C90397}" = Visual C++ Library CRT Appx Resource Package
"{6730F3AB-D022-B4A6-29C0-C95A7836EED4}" = Windows SDK Desktop Headers x86
"{6761B3E3-73CF-3E71-8149-173B9CE0BBCF}" = Visual C++ Library CRT X64 OneCore For Desktop Package
"{685EFF87-B126-49E4-8213-70C56625C5B5}" = TP-Link Wireless Adapter WPS Tool
"{68B8AD33-CE97-4C3D-9583-669C39D21BA5}" = vs_minshellmsi
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}" = vs_clickoncesigntoolmsi
"{6D32EAF4-6F3E-3A53-9828-42737546C2CA}" = Visual C++ Library MFC Source Package
"{6E43CA0C-046E-4F38-A0A2-3B1BA139B661}" = Universal CRT Tools x86
"{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}" = Microsoft .NET Core SDK 2.1.502 (x64)
"{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1" = Allavsoft 3.16.4.6855
"{6EFCFA87-BB5E-7BE5-3936-BCADCFBFADEB}" = Windows SDK for Windows Store Apps Metadata
"{6F49EB9D-D176-3DFB-8ABF-383C8BC7758A}" = Visual C++ Library CRT X64 Desktop Package
"{6F502640-B753-C101-FFA5-B38C3FA5B29A}" = Kits Configuration Installer
"{71797C29-380A-492C-B35A-F5E4A7B57BDC}" = vs_communitymsi
"{72309557-BB7B-3973-965F-04A5E109FF2A}" = Visual C++ Compiler/Tools Premium X64 ARM Cross Package
"{729DA966-8590-2C1F-2178-16C1D32FD7FD}" = WinRT Intellisense PPI - en-us
"{737FDDA7-B944-4CB5-92D9-3D56373BD301}" = Microsoft NetStandard SDK
"{758FC6C4-4304-3875-9755-9A882F773CCB}" = Visual C++ Library ATL Headers Package
"{763488F5-EAB7-3BB4-597F-81CA2F11535F}" = Windows SDK
"{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}" = Universal General MIDI DLS Extension SDK
"{77B667B9-36B3-4712-AD45-28EA1A278D8B}" = vcpp_crt.redist.clickonce
"{78800DB3-0AB5-309D-B66B-D8CFDD5D8498}" = Visual C++ Library PGO X86 Package
"{7AC3A0BD-7780-3FD5-B3C4-ED508C1ABDA2}" = Visual C++ Library ATL Source Package
"{7BF236AF-F460-3FF6-8F27-8C017FAB7BB2}" = Visual C++ Compiler/Tools X64 Base Resource Package
"{7D80B045-3223-3481-AC8F-B0BBA3A25B6F}" = Windows Phone SDK 8.0 Assemblies for Visual Studio 2017
"{7e9fae12-5bbf-47fb-b944-09c49e75c061}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706
"{8068A09D-0DDA-BCD5-1CDB-7D30D78F1BBC}" = Windows App Certification Kit x64
"{812F31DC-FAA6-3979-B3D6-5D6BAAF2945D}" = Microsoft Portable Library Multi-Targeting Pack
"{825784BB-114D-ADB3-B65F-E1EB2A63C3BC}" = SDK ARM Redistributables
"{833F02C5-2C39-49F6-BD64-91D351081274}" = Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86
"{83707B3E-47D2-4839-D1CF-FEC213D3C8E7}" = Windows SDK Desktop Headers arm
"{83D25813-8527-4DA7-A514-969B674269BC}" = Visual C++ Library CRT Appx Package
"{8441D87D-26E6-359C-83A6-E8F57834365E}" = Visual C++ Library MFC X64 Package
"{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}" = WinRT Intellisense IoT - Other Languages
"{87BEA0C8-090C-3524-A892-A8B9BA022CD0}" = Visual C++ Library CRT ARM Desktop Package
"{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}" = Microsoft .NET Framework 4.6.1 Targeting Pack
"{8BFBEC30-33CC-13B4-849F-3B036F27466A}" = Universal CRT Headers Libraries and Sources
"{8C4160A1-6C94-FC27-A086-D0FC3A297153}" = Windows SDK Signing Tools
"{8DC0F281-CB76-3312-A70F-4412DF16A389}" = Visual C++ Compiler/Tools Premium X64 Native Resource Package
"{8E2E3B52-9B5B-35E3-AA96-D2AFAAAFBBBE}" = Visual C++ Compiler/Tools Premium X86 X64 Cross Package
"{8E7E7557-189B-3C59-AA06-724E09A84AC7}" = Visual C++ Library ATL X64 Package
"{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}" = vs_clickoncebootstrappermsires
"{952DF9DB-DFC2-37BD-A3D6-5102676B3D38}" = Visual C++ MSBuild ARM Package
"{9608BC32-8492-3DEF-A273-C3F0B6B7525F}" = Visual C++ Library ATL ARM Package
"{965D1746-D94A-49B9-2A48-A14914CA3B57}" = WinRT Intellisense IoT - en-us
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}" = Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch)
"{993BDCB0-D41A-35E0-BFAA-D085324DBD27}" = Visual C++ MSBuild X86 Package
"{99981895-4C1B-3C96-B5F6-5403FC1ECFD2}" = Windows Espc Package
"{99E0F2B6-0FEC-3CCD-E857-55B91C73D1D4}" = Windows SDK Modern Non-Versioned Developer Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC65F8A-4F7F-A9FC-222F-CC43ED464041}" = Windows Mobile Extension SDK Contracts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E49E95C-CF02-412D-AD53-FB1F37D8BDD8}" = Visual C++ Library CRT Appx Package
"{9FBE255F-D222-360D-815A-D6F93C5E0004}" = Visual C++ Compiler/Tools X64 Native Package
"{A0B6B6D7-5ECA-4A37-182A-05D4F5A4E530}" = Windows SDK Desktop Libs x64
"{A254DA0E-26A1-43C3-95BE-7A24D5599473}" = vs_filehandler_amd64
"{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}" = icecap_collection_neutral
"{A3E5E1F9-E197-3FC1-8281-E5D7E5F67E5D}" = Microsoft ASP.NET Diagnostic Pack for Visual Studio
"{A41E138F-5A3F-443C-B72D-957AB994FB5A}" = vs_FileTracker_Singleton
"{A43BB303-0D57-388C-90F6-D31051BAE373}" = Visual C++ Compiler/Tools X64 Base Package
"{A4646537-CE71-480A-9A2B-AAFE03334996}" = Windows Simulator - ENU
"{A68D7884-F036-4A0D-AE1A-410E0311E135}" = vs_clickoncebootstrappermsi
"{A80EAEBE-3D72-3036-B59A-FB271F4E4FAF}" = Visual C++ Library MFC Headers Package
"{A84B4CAC-C89B-FAD4-87CC-B2B547E4AFDF}" = Windows SDK Desktop Tools x64
"{A888FB75-64CE-3873-9081-F89C0A7C4AF7}" = Microsoft HTML Help Workshop Package
"{A9DED8BE-05DF-45D5-81A0-3743A44CC0C9}" = Python Launcher
"{AA3C92F9-B461-38F3-B2A4-2BC4B23F2760}" = Visual C++ MSBuild Base Package
"{AB983959-4788-48B2-ACF8-265066468962}" = Microsoft TestPlatform SDK Local Feed
"{ACBAA378-519A-441D-9349-C0AAD8DEAD04}" = IntelliTraceProfilerProxy
"{AD78A791-4D84-33A1-8AC1-744DCA6E8A36}" = Visual C++ Library CRT X64 Redist Package
"{AE7F2995-C92B-3DC0-A731-5CAC09CD4686}" = Visual C++ Library ATL X86 Package
"{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1" = Wondershare PDFelement 6 Pro(Build 6.8.6)
"{B3CA5EDB-F084-325C-AA50-247A3A476496}" = Microsoft ASP.NET Web Tools Packages 15.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4A4856F-7A4F-3BC4-A469-690D3CA52894}" = Microsoft Windows Communication Foundation Diagnostic Pack for x86
"{B6273353-8B54-1F89-1A16-5940925104CE}" = Universal CRT Redistributable
"{B7574D02-C603-4A63-B631-38C7CBC6ED2D}" = Microsoft .NET Framework 4.7.1 SDK (Deutsch)
"{B767B9B3-B9DD-31C6-A078-3230DE821169}" = Visual C++ Compiler/Tools Premium X64 Base Package
"{B843915F-00A1-44B1-994C-1AE0A6400AE3}" = Entity Framework 6.2.0 Tools  for Visual Studio 2017
"{B9DCCDB9-FCE9-48AD-B534-A7AD270BD52B}" = Microsoft .NET Framework 4.7.1 SDK
"{BA1A3E58-C932-301E-921B-8BBB47C061DB}" = Visual C++ Compiler/Tools Premium X86 Native Resource Package
"{BD02E127-2F24-3D72-89A2-453501D223EF}" = Visual C++ Compiler/Tools X86 Base Resource Package
"{BDE574B5-6CFE-32B2-9854-C827567E9D6F}" = Visual C++ CRT Headers Package
"{BF709278-AFEB-3DDB-985D-477C09FEF57B}" = Visual C++ Library PGO Headers Package
"{BFFA2FFB-1095-4ADD-A352-368806D2412B}" = vs_devenvmsi
"{C0743982-09E0-30B3-A413-C3984C7EAE5A}" = Visual C++ Compiler/Tools Premium X86 Native Package
"{C12887C1-91E2-4C05-5D06-7DC02AE4A627}" = Windows Desktop Extension SDK Contracts
"{C20A5080-9391-4126-A953-D362BD8B5240}" = Visual C++ Library CRT Desktop Appx Package
"{C23BCE3A-FD25-48BA-948E-2CE94576F983}" = ProtonVPNTap
"{C3243E23-2EB6-4419-2692-40944923B112}" = WinRT Intellisense UAP - Other Languages
"{C3776B36-B34E-00E2-3009-95A6F1870B58}" = WinRT Intellisense Desktop - Other Languages
"{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}" = vs_BlendMsi
"{C63E9058-B5E7-6637-9EC6-4953A7D54F77}" = Windows SDK for Windows Store Apps
"{c6c5a357-c7ca-4a5f-9789-3bb1af579253}" = Launcher Prerequisites (x64)
"{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}" = Intel® Chipsatz-Gerätesoftware
"{C7044A34-8FC9-4691-9BBF-7627BC21E0D0}" = Visual C++ Library CRT Desktop Appx Package
"{C8FE2B4D-9C81-DD3B-D414-0E0B3BFE51D1}" = Windows SDK for Windows Store Apps DirectX x86 Remote
"{CADBB4F8-67D8-3DDC-BAE4-05FBAC4FDA1E}" = Visual C++ Compiler/Tools X86 X64 Cross Package
"{CD5BBB14-A83E-3053-8042-C858E593077E}" = Visual C++ Compiler/Tools X86 Native Resource Package
"{CF697B62-D5AC-3628-9EE7-25B1D210B7BC}" = Visual C++ Library CRT X86 Store Package
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D076C56D-9DDE-462F-A1E8-2C7DF2C0E7A6}" = Visual C++ Library CRT ARM64 Appx Package
"{D0B1228A-01B7-31F5-8E40-E2F723BF8EEF}" = Visual C++ Extra Resource Files
"{D2228FC7-758B-3897-A961-576903E7A549}" = Visual C++ Library PGO ARM Package
"{D256A5B9-68DA-4F6C-A447-A93E5639A46D}" = ClickOnce Bootstrapper Package for Microsoft .NET Framework
"{D3A63893-9B6A-3DC2-BD7B-31BD85665988}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{D49DF187-7968-A39D-CF62-EBE13CAE9068}" = Windows IoT Extension SDK Contracts
"{D621766C-B5EC-42BD-9E10-774C02C17B44}_is1" = CCEnhancer Version 4.5.3
"{D86E4022-2886-808F-BA10-9C0EE9956860}" = Windows SDK Redistributables
"{DA04B988-3F1E-3BAB-9FB1-92DD6C5EF3F9}" = Visual C++ Compiler/Tools X64 X86 Cross Package
"{DA89A82E-D909-41F5-AB28-7E5F612DC386}" = Simple DNSCrypt
"{DF1CF60D-3193-4602-970E-8B0D776D0E31}" = calibre
"{DF7289E5-748F-3BA9-BB53-81A457FF38AB}" = Visual C++ Library PGO X64 Package
"{E111CC42-35B5-340F-9F6B-D1C253D48C80}" = Visual C++ Library CRT Source Package
"{E2389F75-ADB6-37F3-8B72-BCFF202C12E8}" = Visual C++ Compiler/Tools Premium X64 Native Package
"{e26b382f-e945-4f70-9318-121b683f1d61}" = Battlefield™ V
"{E3B98FCC-416A-A89A-E672-333BF429632F}" = Windows SDK for Windows Store Managed Apps Libs
"{E4A7A76F-DD0B-3F5A-A3B7-390462095FFE}" = Visual C++ Compiler/Tools X86 Native Package
"{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}" = Windows SDK AddOn
"{E9F681ED-91E0-3B2C-9D33-627177C16E98}" = Visual C++ Compiler/Tools Premium X64 ARM Cross Resource Package
"{EA7B1A5F-B0EE-3272-9E06-65E8DDF225B0}" = Visual C++ Compiler/Tools Premium X86 ARM Cross Resource Package
"{EBB3E59D-2737-3036-A9EA-D4D89AB78C20}" = Visual C++ Library CRT ARM Store Package
"{EBDD1E15-8456-3618-9918-53202552C855}" = Visual C++ MSBuild Base Resource Package
"{ECBAA450-EF0A-3CC6-BFBB-68CB7CD174B8}" = Visual C++ Compiler/Tools X86 Base Package
"{ED11FFD4-61B3-4329-870E-8F4DAC7D5A0D}" = ProtonVPN
"{EDFE6563-C07A-358B-9CE6-B508FCAB9354}" = Visual C++ Compiler/Tools X86 ARM Cross Resource Package
"{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1" = Thunder Master v3.2
"{EE8E3A6F-702F-3DD0-85C3-A102FE141620}" = Visual C++ Compiler/Tools Premium ARM Base Package
"{EEAD071F-AC16-42DB-9EBA-FC8A466C9382}" = Visual C++ Library CRT Desktop Appx Package
"{EFF541C0-AEB7-3997-88A7-EADC6ED182DA}" = Visual C++ Compiler/Tools Premium X86 Base Resource Package
"{F07C11B7-C8D8-310C-A249-0105F38B6EED}" = Visual C++ Compiler/Tools X86 Base Package
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F133B6FC-6771-34F5-846C-8B7889BBBB8A}" = Visual C++ Library CRT ARM OneCore For Desktop Package
"{F1C18506-3168-A9D9-E2D9-D23A512A326E}" = WinRT Intellisense PPI - Other Languages
"{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}" = Microsoft .NET Framework 4.7.2 SDK
"{F44F995E-85EF-3B51-8DD6-0E54047541D6}" = Visual C++ Compiler/Tools Premium X86 X64 Cross Resource Package
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F75FCECF-133E-319D-9DC1-FF2E1CF67E79}" = Visual C++ Compiler/Tools X86 ARM Cross Package
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9F1A5B3-D8DE-4995-B14B-1ED4AFA7A003}" = Windows Simulator
"{FA57EACC-E7E8-406A-83FA-168A812BD079}" = Windows Team Extension SDK Contracts
"{FD2628C1-320F-3E11-8D19-6ABA6B56E67E}" = Visual C++ Library PGO X86 Package
"{FDB3AB25-DEE7-3438-9E2A-571F9F23F26E}" = Microsoft ASP.NET Web Tools Packages 15.0 - DEU
"{FDBB1A62-A051-92FA-DB8F-206BA077F7E1}" = Windows SDK DirectX x86 Remote
"{FDCFD759-BA24-F0C8-FE83-43513EE6D443}" = Windows App Certification Kit SupportedApiList x86
"47418da4" = Visual Studio Community 2017
"Battle.net" = Battle.net
"ClawsMail" = Claws Mail
"Destiny 2" = Destiny 2
"Diablo III" = Diablo III
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"Gpg4win" = Gpg4win (3.1.5)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.40
"Microsoft Azure Storage Emulator - v5.7" = Microsoft Azure Storage Emulator - v5.7
"Mozilla Thunderbird 60.3.3 (x86 de)" = Mozilla Thunderbird 60.3.3 (x86 de)
"Nmap" = Nmap 7.70
"NpcapInst" = Npcap 0.99-r2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ProtonVPN 1.6.4" = ProtonVPN
"Razer Synapse" = Razer Synapse
"Steam" = Steam
"VeraCrypt" = VeraCrypt
"VLC media player" = VLC media player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1" = Microsoft Visual Studio Code (User)
"{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}" = Python 3.6.6 (64-bit)
"03B29BC83A87B7C74EBC6B73E82B25E3D70320ED" = Word_Add_In_Microsoft_Programmierer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2018 20:32:15 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 15.12.2018 20:32:15 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 15.12.2018 20:32:16 | Computer Name = DESKTOP-HP1IRVV | Source = PerfNet | ID = 2004
Description = 
 
Error - 15.12.2018 20:32:16 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 16.12.2018 09:53:47 | Computer Name = DESKTOP-HP1IRVV | Source = VSS | ID = 8193
Description = 
 
Error - 16.12.2018 18:33:06 | Computer Name = DESKTOP-HP1IRVV | Source = VSS | ID = 8194
Description = 
 
Error - 16.12.2018 19:41:26 | Computer Name = DESKTOP-HP1IRVV | Source = Application Hang | ID = 1002
Description = Programm notepad.exe, Version 10.0.17134.131 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen 
zum Problem zu suchen.    Prozess-ID: 1634    Startzeit: 01d49598ccf93526    Beendigungszeit:
 4    Anwendungspfad: C:\Windows\System32\notepad.exe    Berichts-ID: d30c3632-cd3f-4911-aabd-70194907200e

Vollständiger
 Name des fehlerhaften Pakets: ?    Auf das fehlerhafte Paket bezogene Anwendungs-ID:
 ?  
 
Error - 16.12.2018 22:06:31 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
Error - 16.12.2018 22:17:28 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
Error - 16.12.2018 22:40:42 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
[ isaAgentLog Events ]
Error - 01.11.2018 20:28:05 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 08.11.2018 20:35:50 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 15.11.2018 20:35:51 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 22.11.2018 20:35:51 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 30.11.2018 02:59:12 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 07.12.2018 19:02:21 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 14.12.2018 19:02:21 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
[ System Events ]
Error - 16.12.2018 22:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 22:24:54 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 22:39:34 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 22:39:34 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 22:55:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 23:24:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:40:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:40:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >
         
OTL EXTRA:

Code:
ATTFilter
OTL Extras logfile created on: 17.12.2018 04:49:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mortifer\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.17134.0)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 11,70 Gb Available Physical Memory | 73,31% Memory free
24,96 Gb Paging File | 18,59 Gb Available in Paging File | 74,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,35 Gb Total Space | 76,52 Gb Free Space | 32,93% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 164,25 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-HP1IRVV | User Name: Mortifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\Windows\svchost.com "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- C:\Windows\svchost.com "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- C:\Windows\svchost.com "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Powershell] -- powershell.exe -noexit -command Set-Location -literalPath '%V' (Microsoft Corporation)
Directory [UpdateEncryptionSettings] -- Reg Error: Key error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = D5 DD 10 46 39 72 D4 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\CBP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\DPA]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08274920-8908-45c2-9258-8ad67ff77b09}.sdb" = IIS Express Application Compatibility Database for x64
"{086C537B-DE1A-4A11-8441-6AAF076174B8}" = Microsoft Azure Authoring Tools - v2.9.5.3
"{09472AF9-4E5C-419F-8AFC-E42DE3C00062}" = Python 3.6.6 Core Interpreter (64-bit symbols)
"{09E18595-3DF3-4EA3-90C5-B15FCC49302F}" = Microsoft .NET Core Host FX Resolver - 2.1.6 (x64)
"{0B28A1DB-A543-45FB-8767-DF71EE5A9323}" = Microsoft .NET Core Host - 2.0.9 (x64)
"{0EC8A4AE-29FE-43B9-90C8-4D8D7D62393C}" = Microsoft .NET Core SDK - 2.1.202 (x64)
"{13428472-D58E-476D-932F-5B1B0C1397BE}" = Python 3.6.6 Core Interpreter (64-bit)
"{14AF842C-675E-4268-B493-EB76D9B465A8}" = VS WCF Debugging
"{16EF5AB7-4A89-4F06-B20B-209DA4FE0533}" = Python 3.6.6 Documentation (64-bit)
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20F0B3BE-3E51-4536-BE6E-451359FD5432}" = Python 3.6.6 Tcl/Tk Support (64-bit symbols)
"{26A24AE4-039D-4CA4-87B4-2F64180191F0}" = Java 8 Update 191 (64-bit)
"{33B8D051-4DF5-4103-8FDB-8663E468A204}" = Microsoft SQL Server 2016 LocalDB 
"{33E08F6D-31B5-462C-8DD1-335DA8A88B91}" = Microsoft .NET Core Host - 2.1.6 (x64)
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes Version 3.6.1.2711
"{3ECD99CB-EDAF-45DA-AD9C-2C4875F375FB}" = Microsoft Visual C++ 2017 X64 Minimum Runtime - 14.16.27012
"{440C5592-4EA5-4772-B256-969D66068843}" = DiagnosticsHub_CollectionService
"{44EC13CA-E201-433B-B2D3-386B9609B859}" = Python 3.6.6 Tcl/Tk Support (64-bit)
"{45885E89-108E-2590-C1D5-D3532C2435F7}" = Windows SDK for Windows Store Apps DirectX x64 Remote
"{47683492-C5A1-4BF2-88A7-B8029553ACE6}" = Microsoft .NET Core Runtime - 2.1.6 (x64)
"{4A656C6C-D24A-473F-9747-3A8D00907A04}" = Python 2.7.13 (64-bit)
"{4B816AD0-D12B-498A-8148-7CBE3ED328DE}" = VS JIT Debugger
"{4D137679-6FB4-446B-9BDB-279292FA2D2C}" = Python 3.6.6 Standard Library (64-bit)
"{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}" = IIS 10.0 Express
"{52334BD5-E3B4-3432-AFD5-4C6E408A0110}" = Microsoft Visual Studio Team Foundation Server 2017 RC Office Integration (x64)
"{56ABDBF0-0187-3A3B-8528-DEFCBABF2E2B}" = Microsoft Visual Studio Team Foundation Server 2017 RC Office Integration Language Pack (x64) - ENU
"{598EF772-9320-43B6-9D3C-A60A1F6A804E}" = Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6
"{5ABDD743-82EB-444C-913F-F2BC033AEAE6}" = Microsoft .NET Core Host FX Resolver - 2.0.9 (x64)
"{5AE8DFF5-F9A2-4B59-9875-45BFF82DC1DA}" = Active Directory Authentication Library für SQL Server
"{5CE3EB5B-1823-4B8E-BE10-95262BDD1148}" = Python 3.6.6 Executables (64-bit)
"{5D1BFBB8-4923-4388-9559-C86F5D9E2740}" = Intel(R) Management Engine Components
"{5F42C347-0A33-4BCE-B9D7-CCD1082C3187}" = IntelliTraceProfilerProxy
"{62CB44B2-8007-DBB2-1CBA-5CB7309EB3C3}" = Application Verifier x64 External Package
"{66C5838F-B854-4A55-89E6-A6138747A4DF}" = Epic Games Launcher Prerequisites (x64)
"{6D4E3F1B-27CF-88EA-1FAA-D0F6E313F23B}" = Windows SDK DirectX x64 Remote
"{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}" = Microsoft Visual Studio Installer
"{7D84E343-A23D-451C-B123-0195B2D903A6}" = Intel® Trusted Connect Service Client
"{88072DD5-CE0A-3AB3-A9DF-53031BFE8BA0}" = Microsoft ASP.NET Core 2.0.9 Runtime Package Store (x64)
"{8B657335-3813-4CF4-A6FE-2AA44BE23F94}" = VS Script Debugging Common
"{90160000-007E-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-008C-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0407-1000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{9198AD57-6396-4DF8-8D0C-20EA764F7986}" = Microsoft SQL Server 2012 Command Line Utilities 
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{9D8D733D-3822-4808-B382-6291910081B2}" = Python 3.6.6 pip Bootstrap (64-bit)
"{A2199A06-89C4-4187-AA4A-3A9676FB799D}" = SlimDX Runtime .NET 4.0 x64 (January 2012)
"{A2BEBCDF-1133-3799-A7DE-CC381FDBDAA1}" = Microsoft ASP.NET Core 2.1.6 Shared Framework (x64)
"{A44E9804-C2AA-40DD-9E6F-F53D96BDAD34}" = Python 3.6.6 Standard Library (64-bit symbols)
"{A6D7B449-8F4F-4FA9-B80A-101345AA998A}" = VMware Workstation
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A75E492B-1D84-4E86-BDCA-077B4C536B6D}" = Microsoft .NET Core Runtime - 2.0.9 (x64)
"{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb" = IIS Express Application Compatibility Database for x86
"{AEA6EBD0-7E59-46C0-8B5E-1715BC58DC45}" = Microsoft Web Deploy 4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 417.01
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 3.10.0.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 390.41
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 29.1.0.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.18.0907
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 29.1.0.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer" = DisplayDriverAnalyzer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = NVIDIA SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.38.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.ContainerTelemetryApiHelper" = NVIDIA TelemetryApi helper for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NVIDIA NodeJS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NVIDIA Telemetry Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer" = NVIDIA Telemetry Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci" = NVIDIA Virtual Host Controller
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 3.10.0.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = NVIDIA SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 4.02.2
"{B434599E-E35F-4612-9803-A2FB7A8E066B}" = Intel(R) Management Engine Components
"{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29}" = Intel(R) Chipset Device Software
"{B6BAC9A6-A70D-4E4D-B90A-7EE2B336E090}" = vs_Graphics_Singletonx64
"{BA468311-E7D1-4226-9F27-61EC895EB46F}" = Microsoft .NET Core SDK 2.1.502 (x64)
"{BA6F1D53-C3F2-F9D5-80CE-CEF608E36AD3}" = Universal CRT Tools x64
"{BB44C8F9-C555-45CF-B6DA-80131B139165}" = Microsoft Azure Compute Emulator - v2.9.5.3
"{BC1F17EB-F70C-4A9D-BAFE-BFFCF3DE24E2}" = Microsoft Visual C++ 2017 X64 Debug Runtime - 14.16.27012
"{C4752757-9240-4518-BE22-A7E2E7CC7D7B}" = Python 3.6.6 Development Libraries (64-bit)
"{C5BD9A00-9221-486E-94BF-9B1553B215AF}" = Python 3.6.6 Test Suite (64-bit symbols)
"{C5C91AA6-3E83-430E-8B7A-6B790083F28D}" = Microsoft Azure Libraries for .NET – v2.9
"{C9596636-022D-4123-B369-98819F772985}" = Python 3.6.6 Test Suite (64-bit)
"{D1DCF56C-C29C-436A-9764-DEA45032EC46}" = Python 3.6.6 Executables (64-bit symbols)
"{DF5B1280-A057-4536-9D03-3BCAA0D4C6F0}" = Microsoft Visual C++ 2017 X64 Additional Runtime - 14.16.27012
"{E524832A-C567-499A-8872-0D79596E4DEE}" = icecap_collection_x64
"{E95CEC86-EFB3-47B8-A5F6-C8FB757AD060}" = Python 3.6.6 Utility Scripts (64-bit)
"{E96B47FB-9BB8-2C34-84B7-82F25DE6DCE7}" = Windows App Certification Kit Native Components
"{E9AD0F97-5DF2-4F5B-BC5B-F524D21BF165}" = Microsoft SQL Server 2012 Native Client 
"{ECA145AF-55D0-42BA-870F-4213F0198A46}" = Intel(R) ME UninstallLegacy
"{F1DC3768-6945-4329-A072-F855FA253454}" = Microsoft ASP.NET Core Module V2 for IIS Express
"{FAFEE5E3-E00A-4CE8-B495-8F66A5FAB236}" = Microsoft ASP.NET Core Module for IIS Express
"BlueStacks" = BlueStacks App Player
"CCleaner" = CCleaner
"IDA Demo_is1" = IDA Demo v7.2
"Microsoft Azure Compute Emulator - v2.9.5.3" = Microsoft Azure Compute Emulator - v2.9.5.3
"Mozilla Firefox 60.3.0 ESR (x64 de)" = Mozilla Firefox 60.3.0 ESR (x64 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nightly 66.0a1 (x64 de)" = Nightly 66.0a1 (x64 de)
"Notepad++" = Notepad++ (64-bit x64)
"Pale Moon 28.1.0 (x64 en-US)" = Pale Moon 28.1.0 (x64 en-US)
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2016 - de-de
"Python 3.6.5 (Anaconda3 5.2.0 64-bit)" = Python 3.6.5 (Anaconda3 5.2.0 64-bit)
"Recuva" = Recuva
"Steam App 644930" = They Are Billions
"Steam App 730" = Counter-Strike: Global Offensive
"WinRAR archiver" = WinRAR 5.61 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C0E6F-EFBE-37B2-B4A5-F25E28B56549}" = Visual C++ Compiler/Tools X86 X64 Cross Resource Package
"{008E7522-C30C-1954-BBED-1F8E65094A5B}" = Windows SDK Desktop Libs arm64
"{02078319-BC7B-218A-7690-53692709C041}" = Windows SDK Desktop Libs x86
"{046D36A5-1ADC-E573-1078-5C8602994B1F}" = Windows IoT Extension SDK
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us
"{06b884b0-4947-4439-859f-098e431012d6}" = Microsoft .NET Core SDK - 2.1.202 (x64)
"{07DAE614-3764-32F7-97E2-37D2D7896DCB}" = Visual C++ Compiler/Tools X64 ARM Cross Package
"{0D3A6730-43CE-4AF6-BDF7-4D0660296C60}" = vs_minshellmsires
"{0D6B41AF-D117-8944-A059-3F9346A896C5}" = Universal CRT Headers Libraries and Sources
"{104CBBE4-1D61-05DD-38D2-C3BBA1C212E5}" = Windows SDK for Windows Store Apps Libs
"{10CEAB0E-1842-3AB4-9C91-01D6BEFFD269}" = Visual C++ Compiler/Tools Premium ARM Base Resource Package
"{12702494-9E6A-3F5E-9441-2B7D258A639B}" = Microsoft .NET CoreRuntime SDK
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13F79D3A-88C2-3A1C-9035-6A99EE478DF2}" = Microsoft .NET Native SDK
"{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}" = Microsoft .NET Framework 4.7.2 Targeting Pack
"{18380907-0DDE-C70B-74D1-46F0144502CD}" = Windows SDK EULA
"{18ABFDF6-23D9-87E6-015E-FFE3C7F153D5}" = Universal CRT Extension SDK
"{19E8AE59-4D4A-3534-B567-6CC08FA4102E}" = Microsoft .NET Framework 4.5.2 Multi-Targeting Pack
"{1AC6CC3D-7724-4D84-9270-798A2191AB1C}" = vs_tipsmsi
"{1D31A32A-38C5-338B-A990-15DF13A2E519}" = Visual C++ Compiler/Tools Premium X64 Base Resource Package
"{1E406B46-65F4-91CE-65DA-DB66D5443B68}" = MSI Development Tools
"{1F42A73E-CF26-4D67-BA79-752CA56B639F}" = vs_filehandler_x86
"{1FBCBC17-4527-2340-0832-B1D49C41FF67}" = Universal CRT Extension SDK
"{204D6E69-3D06-3ED5-B40F-272368154769}" = Visual C++ Library CRT X86 Desktop Package
"{20FA55A7-3612-46EB-A6EE-73FE4AAD174D}" = Microsoft Azure Storage Emulator - v5.7
"{2148F771-784E-36E7-B467-DED9EC138735}" = Visual C++ Compiler/Tools Premium X64 X86 Cross Package
"{21603239-9380-AE0E-DCDF-FF910036043C}" = Windows SDK for Windows Store Apps Contracts
"{22551B1F-755C-3F8B-9B66-66FF38394B6F}" = Visual C++ Library CRT ARM Redist Package
"{22DC8AC8-D9DC-8989-C12D-C74C3676BDB1}" = Windows SDK Desktop Headers x64
"{23B8EFE9-8716-4560-B3D7-EBAFCDFD25A2}" = Microsoft Visual Studio Setup Configuration
"{241CF4B0-1FCB-C443-433B-B663D59408A7}" = Windows SDK Desktop Tools x86
"{25FC21EA-20C7-45E8-AF72-19FCD56C4047}" = Microsoft UniversalWindowsPlatform SDK
"{26A57173-47DF-4B2A-AA67-0AFBAC313942}" = Microsoft .NET Framework 4.7.2 SDK (Deutsch)
"{2757496A-3E74-320A-B007-36120A9F126D}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706
"{2773DECE-0FE5-4CA9-96A8-621E0185388F}" = Microsoft-System-CLR-Typen für SQL Server vNext CTP1.6
"{28FE86CA-745A-6C3B-3279-2879991FCF24}" = Windows SDK Desktop Tools arm64
"{2AFBA9CE-EFDC-3BB6-9850-26F9B117ED78}" = Visual C++ Library MFC X86 Package
"{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}" = Microsoft .NET Framework 4.6 Targeting Pack
"{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}" = Microsoft .NET Framework 4.6.1 SDK
"{30624D59-9F75-3EC0-8A9A-E2F0AA5EC64F}" = Visual C++ Extra Files
"{31362D53-8B8F-3C23-9E45-4FFBDAF6F6E0}" = Visual C++ Library CRT X86 Redist Package
"{3161DA68-DD37-4798-82DB-B3A0BD6BA233}" = vs_Graphics_Singletonx86
"{316A3FC9-2378-314E-AEE2-3D89A1B4DD21}" = Visual C++ Compiler/Tools Premium X64 X86 Cross Resource Package
"{32593C5B-EEAD-49F1-8968-211C5C311072}" = SearchDiggity
"{34444137-7EA0-3BC1-B658-1EBD0FE81B8F}" = Visual C++ Compiler/Tools X64 Native Resource Package
"{346B2C02-CC0D-6E09-8B9D-CAA2821473CF}" = SDK ARM Additions
"{366FE23C-D417-99CF-9606-130F37CC6C3F}" = Windows SDK Desktop Headers arm64
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{3755CD99-C62E-3312-DDD3-29A4F259270D}" = WinRT Intellisense Mobile - en-us
"{389D182F-0ADA-5C7E-FF32-2573A821592C}" = WinRT Intellisense Desktop - en-us
"{39E15475-23F2-345D-8977-B5DC47A94E26}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706
"{3A5BBDEC-5254-43DA-F809-443771DBCB85}" = Windows SDK for Windows Store Apps Tools
"{3A78DA3D-C8D4-429D-B536-6E59A0088451}" = vs_minshellinteropmsi
"{3A971391-8100-F9CB-06EB-6510C6B68937}" = Windows SDK Facade Windows WinMD Versioned
"{3CBDDAE8-99AE-4168-BDA7-8352BF15BE73}" = TypeScript SDK
"{4095D263-6A13-78D3-DEDA-AA3452011F6E}" = WinRT Intellisense UAP - en-us
"{40A1FE86-43BB-FE81-2A71-B71E13F8167A}" = Windows SDK for Windows Store Apps Headers
"{40A614D0-87A0-3B22-AE11-23A1917ADEF5}" = Visual C++ Compiler/Tools X64 ARM Cross Resource Package
"{427ada59-85e7-4bc8-b8d5-ebf59db60423}" = Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012
"{42ECB1DB-6B44-4AEC-B112-98ECFF460EF6}" = Epic Games Launcher
"{42ED6C21-EA96-3FF8-851E-F4A08951A3BB}" = Visual C++ Library CRT X86 OneCore For Desktop Package
"{445D4B64-9E1D-C610-50B5-BAF5B11D7E70}" = Windows SDK ARM Desktop Tools
"{46AA143E-E3A6-3067-9DA5-F0737566F898}" = Visual C++ Compiler/Tools X64 X86 Cross Resource Package
"{4805DC86-DEBF-4A5C-B9C4-291FA6441548}" = TP-Link Archer T4U Driver
"{4808DE19-ED88-39E0-8824-85A4AC1BFF86}" = Visual C++ Library CRT X64 Store Package
"{48A8F171-52F2-372B-8414-EA50617708BE}" = Microsoft .NET CoreRuntime For CoreCon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B16F2E6-8A76-5A63-2890-329FB7C98C70}" = Windows Team Extension SDK
"{4B230374-6475-4A73-BA6E-41015E9C5013}" = Intel® Security Assist
"{4B691388-E031-4268-A096-95173D1E6E0F}" = icecap_collectionresources
"{4DFD6FF3-9A29-4F31-AEE1-D44E016C5AD4}" = Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch)
"{4FCD7550-A8CF-47FF-AEA9-E0B03F9E82E7}" = Microsoft Visual C++ 2017 X86 Debug Runtime - 14.16.27012
"{5073B1D2-656B-F677-AC77-5F8DAA8888B2}" = Windows SDK Modern Versioned Developer Tools
"{50C05B8C-47A8-FD93-B84E-6AAA99732700}" = Windows Mobile Extension SDK
"{5297D80E-CD92-48D8-9DB0-301AB3205772}" = vs_communitymsires
"{529EFF09-750D-48B9-A47A-34A3B6248C3F}" = Microsoft .NET Framework 4.6.1 SDK (Deutsch)
"{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1" = Wondershare Helper Compact 2.5.2
"{53CD5D4F-2577-3DEA-BED9-B4D9E8F3530E}" = Visual C++ MSBuild X64 Package
"{53DDD18E-A6F4-3EEE-84A2-848830B469AA}" = Visual C++ Compiler/Tools Premium X86 ARM Cross Package
"{54B0FCDB-D20D-3C6C-ACEB-41589846CA90}" = Visual C++ Library CRT Redist Resource Package
"{54FBC9A9-CCA1-417E-ACA6-203A32A39F37}" = VS Immersive Activate Helper
"{5686C5E9-A3B3-451E-A2EA-4C246CDE5CC9}" = Microsoft .NET Framework 4.7.1 Targeting Pack
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5779B6DD-604A-41CE-BC3D-9D4BDDA22AD2}" = vs_SQLClickOnceBootstrappermsi
"{586380AB-3003-92AB-EB8E-3C33020ED8C3}" = Windows SDK Desktop Libs arm
"{5A86972C-9DB5-40AA-B4EB-0ACE96AFDF88}" = icecap_collectionresourcesx64
"{5AD4A604-B476-1578-2A20-6B02FC6258BE}" = WinAppDeploy
"{5B970BE4-A2F2-41BD-8B91-FEA8DAA1DB9B}" = Paket zur Festlegung von "Doc Redirected"-Zielversionen von Microsoft .NET Framework 4.7.1 (Deutsch)
"{5F064AC5-47B1-3A1B-8DCE-8964FFB4185C}" = Windows Espc Package
"{5F195F7B-9D18-3AEB-A5A7-FAF1FEE0F216}" = Visual C++ Compiler/Tools Premium X86 Base Package
"{5F3A2896-3E91-3770-92F7-33EBA12C54B8}" = Visual C++ Library MFC MBCS Package
"{5f83ccda-0498-4b97-a298-16a642bf49f2}" = Windows Software Development Kit - Windows 10.0.17134.12
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{664F529C-8856-4B9B-BF90-3B3F7C047ABE}" = windows_toolscorepkg
"{66CEB5CD-2D62-66EA-8969-BDC63E71D7B6}" = Windows Desktop Extension SDK
"{66EEDDAB-DF4D-424D-8E15-2D9B41C90397}" = Visual C++ Library CRT Appx Resource Package
"{6730F3AB-D022-B4A6-29C0-C95A7836EED4}" = Windows SDK Desktop Headers x86
"{6761B3E3-73CF-3E71-8149-173B9CE0BBCF}" = Visual C++ Library CRT X64 OneCore For Desktop Package
"{685EFF87-B126-49E4-8213-70C56625C5B5}" = TP-Link Wireless Adapter WPS Tool
"{68B8AD33-CE97-4C3D-9583-669C39D21BA5}" = vs_minshellmsi
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6A1ECF65-2CBF-4B33-9D4A-D1C0A0E5FE45}" = vs_clickoncesigntoolmsi
"{6D32EAF4-6F3E-3A53-9828-42737546C2CA}" = Visual C++ Library MFC Source Package
"{6E43CA0C-046E-4F38-A0A2-3B1BA139B661}" = Universal CRT Tools x86
"{6e700b89-6f3c-4dff-b957-44b77c8a4b0e}" = Microsoft .NET Core SDK 2.1.502 (x64)
"{6EBED4D8-13D9-4270-8D44-B57DDB7A787C}_is1" = Allavsoft 3.16.4.6855
"{6EFCFA87-BB5E-7BE5-3936-BCADCFBFADEB}" = Windows SDK for Windows Store Apps Metadata
"{6F49EB9D-D176-3DFB-8ABF-383C8BC7758A}" = Visual C++ Library CRT X64 Desktop Package
"{6F502640-B753-C101-FFA5-B38C3FA5B29A}" = Kits Configuration Installer
"{71797C29-380A-492C-B35A-F5E4A7B57BDC}" = vs_communitymsi
"{72309557-BB7B-3973-965F-04A5E109FF2A}" = Visual C++ Compiler/Tools Premium X64 ARM Cross Package
"{729DA966-8590-2C1F-2178-16C1D32FD7FD}" = WinRT Intellisense PPI - en-us
"{737FDDA7-B944-4CB5-92D9-3D56373BD301}" = Microsoft NetStandard SDK
"{758FC6C4-4304-3875-9755-9A882F773CCB}" = Visual C++ Library ATL Headers Package
"{763488F5-EAB7-3BB4-597F-81CA2F11535F}" = Windows SDK
"{775886B8-DEE1-CB20-8A94-FC09FA54ECF6}" = Universal General MIDI DLS Extension SDK
"{77B667B9-36B3-4712-AD45-28EA1A278D8B}" = vcpp_crt.redist.clickonce
"{78800DB3-0AB5-309D-B66B-D8CFDD5D8498}" = Visual C++ Library PGO X86 Package
"{7AC3A0BD-7780-3FD5-B3C4-ED508C1ABDA2}" = Visual C++ Library ATL Source Package
"{7BF236AF-F460-3FF6-8F27-8C017FAB7BB2}" = Visual C++ Compiler/Tools X64 Base Resource Package
"{7D80B045-3223-3481-AC8F-B0BBA3A25B6F}" = Windows Phone SDK 8.0 Assemblies for Visual Studio 2017
"{7e9fae12-5bbf-47fb-b944-09c49e75c061}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706
"{8068A09D-0DDA-BCD5-1CDB-7D30D78F1BBC}" = Windows App Certification Kit x64
"{812F31DC-FAA6-3979-B3D6-5D6BAAF2945D}" = Microsoft Portable Library Multi-Targeting Pack
"{825784BB-114D-ADB3-B65F-E1EB2A63C3BC}" = SDK ARM Redistributables
"{833F02C5-2C39-49F6-BD64-91D351081274}" = Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86
"{83707B3E-47D2-4839-D1CF-FEC213D3C8E7}" = Windows SDK Desktop Headers arm
"{83D25813-8527-4DA7-A514-969B674269BC}" = Visual C++ Library CRT Appx Package
"{8441D87D-26E6-359C-83A6-E8F57834365E}" = Visual C++ Library MFC X64 Package
"{84C6B91B-67DA-DDE3-86F1-87A3E307E8C1}" = WinRT Intellisense IoT - Other Languages
"{87BEA0C8-090C-3524-A892-A8B9BA022CD0}" = Visual C++ Library CRT ARM Desktop Package
"{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}" = Microsoft .NET Framework 4.6.1 Targeting Pack
"{8BFBEC30-33CC-13B4-849F-3B036F27466A}" = Universal CRT Headers Libraries and Sources
"{8C4160A1-6C94-FC27-A086-D0FC3A297153}" = Windows SDK Signing Tools
"{8DC0F281-CB76-3312-A70F-4412DF16A389}" = Visual C++ Compiler/Tools Premium X64 Native Resource Package
"{8E2E3B52-9B5B-35E3-AA96-D2AFAAAFBBBE}" = Visual C++ Compiler/Tools Premium X86 X64 Cross Package
"{8E7E7557-189B-3C59-AA06-724E09A84AC7}" = Visual C++ Library ATL X64 Package
"{91DDDFB5-1782-48C2-BA2A-8F4D9DE39D27}" = vs_clickoncebootstrappermsires
"{952DF9DB-DFC2-37BD-A3D6-5102676B3D38}" = Visual C++ MSBuild ARM Package
"{9608BC32-8492-3DEF-A273-C3F0B6B7525F}" = Visual C++ Library ATL ARM Package
"{965D1746-D94A-49B9-2A48-A14914CA3B57}" = WinRT Intellisense IoT - en-us
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}" = Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch)
"{993BDCB0-D41A-35E0-BFAA-D085324DBD27}" = Visual C++ MSBuild X86 Package
"{99981895-4C1B-3C96-B5F6-5403FC1ECFD2}" = Windows Espc Package
"{99E0F2B6-0FEC-3CCD-E857-55B91C73D1D4}" = Windows SDK Modern Non-Versioned Developer Tools
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC65F8A-4F7F-A9FC-222F-CC43ED464041}" = Windows Mobile Extension SDK Contracts
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E49E95C-CF02-412D-AD53-FB1F37D8BDD8}" = Visual C++ Library CRT Appx Package
"{9FBE255F-D222-360D-815A-D6F93C5E0004}" = Visual C++ Compiler/Tools X64 Native Package
"{A0B6B6D7-5ECA-4A37-182A-05D4F5A4E530}" = Windows SDK Desktop Libs x64
"{A254DA0E-26A1-43C3-95BE-7A24D5599473}" = vs_filehandler_amd64
"{A3B4D258-74E1-49D6-9A86-2DFEFEE48DEC}" = icecap_collection_neutral
"{A3E5E1F9-E197-3FC1-8281-E5D7E5F67E5D}" = Microsoft ASP.NET Diagnostic Pack for Visual Studio
"{A41E138F-5A3F-443C-B72D-957AB994FB5A}" = vs_FileTracker_Singleton
"{A43BB303-0D57-388C-90F6-D31051BAE373}" = Visual C++ Compiler/Tools X64 Base Package
"{A4646537-CE71-480A-9A2B-AAFE03334996}" = Windows Simulator - ENU
"{A68D7884-F036-4A0D-AE1A-410E0311E135}" = vs_clickoncebootstrappermsi
"{A80EAEBE-3D72-3036-B59A-FB271F4E4FAF}" = Visual C++ Library MFC Headers Package
"{A84B4CAC-C89B-FAD4-87CC-B2B547E4AFDF}" = Windows SDK Desktop Tools x64
"{A888FB75-64CE-3873-9081-F89C0A7C4AF7}" = Microsoft HTML Help Workshop Package
"{A9DED8BE-05DF-45D5-81A0-3743A44CC0C9}" = Python Launcher
"{AA3C92F9-B461-38F3-B2A4-2BC4B23F2760}" = Visual C++ MSBuild Base Package
"{AB983959-4788-48B2-ACF8-265066468962}" = Microsoft TestPlatform SDK Local Feed
"{ACBAA378-519A-441D-9349-C0AAD8DEAD04}" = IntelliTraceProfilerProxy
"{AD78A791-4D84-33A1-8AC1-744DCA6E8A36}" = Visual C++ Library CRT X64 Redist Package
"{AE7F2995-C92B-3DC0-A731-5CAC09CD4686}" = Visual C++ Library ATL X86 Package
"{B026557A-EF19-4812-8A79-B30F94AA0A78}_is1" = Wondershare PDFelement 6 Pro(Build 6.8.6)
"{B3CA5EDB-F084-325C-AA50-247A3A476496}" = Microsoft ASP.NET Web Tools Packages 15.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4A4856F-7A4F-3BC4-A469-690D3CA52894}" = Microsoft Windows Communication Foundation Diagnostic Pack for x86
"{B6273353-8B54-1F89-1A16-5940925104CE}" = Universal CRT Redistributable
"{B7574D02-C603-4A63-B631-38C7CBC6ED2D}" = Microsoft .NET Framework 4.7.1 SDK (Deutsch)
"{B767B9B3-B9DD-31C6-A078-3230DE821169}" = Visual C++ Compiler/Tools Premium X64 Base Package
"{B843915F-00A1-44B1-994C-1AE0A6400AE3}" = Entity Framework 6.2.0 Tools  for Visual Studio 2017
"{B9DCCDB9-FCE9-48AD-B534-A7AD270BD52B}" = Microsoft .NET Framework 4.7.1 SDK
"{BA1A3E58-C932-301E-921B-8BBB47C061DB}" = Visual C++ Compiler/Tools Premium X86 Native Resource Package
"{BD02E127-2F24-3D72-89A2-453501D223EF}" = Visual C++ Compiler/Tools X86 Base Resource Package
"{BDE574B5-6CFE-32B2-9854-C827567E9D6F}" = Visual C++ CRT Headers Package
"{BF709278-AFEB-3DDB-985D-477C09FEF57B}" = Visual C++ Library PGO Headers Package
"{BFFA2FFB-1095-4ADD-A352-368806D2412B}" = vs_devenvmsi
"{C0743982-09E0-30B3-A413-C3984C7EAE5A}" = Visual C++ Compiler/Tools Premium X86 Native Package
"{C12887C1-91E2-4C05-5D06-7DC02AE4A627}" = Windows Desktop Extension SDK Contracts
"{C20A5080-9391-4126-A953-D362BD8B5240}" = Visual C++ Library CRT Desktop Appx Package
"{C23BCE3A-FD25-48BA-948E-2CE94576F983}" = ProtonVPNTap
"{C3243E23-2EB6-4419-2692-40944923B112}" = WinRT Intellisense UAP - Other Languages
"{C3776B36-B34E-00E2-3009-95A6F1870B58}" = WinRT Intellisense Desktop - Other Languages
"{C5D83E0F-12E7-4BA3-98E6-DAE0E73B5BF9}" = vs_BlendMsi
"{C63E9058-B5E7-6637-9EC6-4953A7D54F77}" = Windows SDK for Windows Store Apps
"{c6c5a357-c7ca-4a5f-9789-3bb1af579253}" = Launcher Prerequisites (x64)
"{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}" = Intel® Chipsatz-Gerätesoftware
"{C7044A34-8FC9-4691-9BBF-7627BC21E0D0}" = Visual C++ Library CRT Desktop Appx Package
"{C8FE2B4D-9C81-DD3B-D414-0E0B3BFE51D1}" = Windows SDK for Windows Store Apps DirectX x86 Remote
"{CADBB4F8-67D8-3DDC-BAE4-05FBAC4FDA1E}" = Visual C++ Compiler/Tools X86 X64 Cross Package
"{CD5BBB14-A83E-3053-8042-C858E593077E}" = Visual C++ Compiler/Tools X86 Native Resource Package
"{CF697B62-D5AC-3628-9EE7-25B1D210B7BC}" = Visual C++ Library CRT X86 Store Package
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D076C56D-9DDE-462F-A1E8-2C7DF2C0E7A6}" = Visual C++ Library CRT ARM64 Appx Package
"{D0B1228A-01B7-31F5-8E40-E2F723BF8EEF}" = Visual C++ Extra Resource Files
"{D2228FC7-758B-3897-A961-576903E7A549}" = Visual C++ Library PGO ARM Package
"{D256A5B9-68DA-4F6C-A447-A93E5639A46D}" = ClickOnce Bootstrapper Package for Microsoft .NET Framework
"{D3A63893-9B6A-3DC2-BD7B-31BD85665988}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - deu
"{D49DF187-7968-A39D-CF62-EBE13CAE9068}" = Windows IoT Extension SDK Contracts
"{D621766C-B5EC-42BD-9E10-774C02C17B44}_is1" = CCEnhancer Version 4.5.3
"{D86E4022-2886-808F-BA10-9C0EE9956860}" = Windows SDK Redistributables
"{DA04B988-3F1E-3BAB-9FB1-92DD6C5EF3F9}" = Visual C++ Compiler/Tools X64 X86 Cross Package
"{DA89A82E-D909-41F5-AB28-7E5F612DC386}" = Simple DNSCrypt
"{DF1CF60D-3193-4602-970E-8B0D776D0E31}" = calibre
"{DF7289E5-748F-3BA9-BB53-81A457FF38AB}" = Visual C++ Library PGO X64 Package
"{E111CC42-35B5-340F-9F6B-D1C253D48C80}" = Visual C++ Library CRT Source Package
"{E2389F75-ADB6-37F3-8B72-BCFF202C12E8}" = Visual C++ Compiler/Tools Premium X64 Native Package
"{e26b382f-e945-4f70-9318-121b683f1d61}" = Battlefield™ V
"{E3B98FCC-416A-A89A-E672-333BF429632F}" = Windows SDK for Windows Store Managed Apps Libs
"{E4A7A76F-DD0B-3F5A-A3B7-390462095FFE}" = Visual C++ Compiler/Tools X86 Native Package
"{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}" = Windows SDK AddOn
"{E9F681ED-91E0-3B2C-9D33-627177C16E98}" = Visual C++ Compiler/Tools Premium X64 ARM Cross Resource Package
"{EA7B1A5F-B0EE-3272-9E06-65E8DDF225B0}" = Visual C++ Compiler/Tools Premium X86 ARM Cross Resource Package
"{EBB3E59D-2737-3036-A9EA-D4D89AB78C20}" = Visual C++ Library CRT ARM Store Package
"{EBDD1E15-8456-3618-9918-53202552C855}" = Visual C++ MSBuild Base Resource Package
"{ECBAA450-EF0A-3CC6-BFBB-68CB7CD174B8}" = Visual C++ Compiler/Tools X86 Base Package
"{ED11FFD4-61B3-4329-870E-8F4DAC7D5A0D}" = ProtonVPN
"{EDFE6563-C07A-358B-9CE6-B508FCAB9354}" = Visual C++ Compiler/Tools X86 ARM Cross Resource Package
"{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1" = Thunder Master v3.2
"{EE8E3A6F-702F-3DD0-85C3-A102FE141620}" = Visual C++ Compiler/Tools Premium ARM Base Package
"{EEAD071F-AC16-42DB-9EBA-FC8A466C9382}" = Visual C++ Library CRT Desktop Appx Package
"{EFF541C0-AEB7-3997-88A7-EADC6ED182DA}" = Visual C++ Compiler/Tools Premium X86 Base Resource Package
"{F07C11B7-C8D8-310C-A249-0105F38B6EED}" = Visual C++ Compiler/Tools X86 Base Package
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F133B6FC-6771-34F5-846C-8B7889BBBB8A}" = Visual C++ Library CRT ARM OneCore For Desktop Package
"{F1C18506-3168-A9D9-E2D9-D23A512A326E}" = WinRT Intellisense PPI - Other Languages
"{F42C96C1-746B-442A-B58C-9F0FD5F3AB8A}" = Microsoft .NET Framework 4.7.2 SDK
"{F44F995E-85EF-3B51-8DD6-0E54047541D6}" = Visual C++ Compiler/Tools Premium X86 X64 Cross Resource Package
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F75FCECF-133E-319D-9DC1-FF2E1CF67E79}" = Visual C++ Compiler/Tools X86 ARM Cross Package
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9F1A5B3-D8DE-4995-B14B-1ED4AFA7A003}" = Windows Simulator
"{FA57EACC-E7E8-406A-83FA-168A812BD079}" = Windows Team Extension SDK Contracts
"{FD2628C1-320F-3E11-8D19-6ABA6B56E67E}" = Visual C++ Library PGO X86 Package
"{FDB3AB25-DEE7-3438-9E2A-571F9F23F26E}" = Microsoft ASP.NET Web Tools Packages 15.0 - DEU
"{FDBB1A62-A051-92FA-DB8F-206BA077F7E1}" = Windows SDK DirectX x86 Remote
"{FDCFD759-BA24-F0C8-FE83-43513EE6D443}" = Windows App Certification Kit SupportedApiList x86
"47418da4" = Visual Studio Community 2017
"Battle.net" = Battle.net
"ClawsMail" = Claws Mail
"Destiny 2" = Destiny 2
"Diablo III" = Diablo III
"GnuPG" = GNU Privacy Guard
"Google Chrome" = Google Chrome
"Gpg4win" = Gpg4win (3.1.5)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.40
"Microsoft Azure Storage Emulator - v5.7" = Microsoft Azure Storage Emulator - v5.7
"Mozilla Thunderbird 60.3.3 (x86 de)" = Mozilla Thunderbird 60.3.3 (x86 de)
"Nmap" = Nmap 7.70
"NpcapInst" = Npcap 0.99-r2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"ProtonVPN 1.6.4" = ProtonVPN
"Razer Synapse" = Razer Synapse
"Steam" = Steam
"VeraCrypt" = VeraCrypt
"VLC media player" = VLC media player
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1" = Microsoft Visual Studio Code (User)
"{a2e7eb2f-e31e-47eb-82ca-63b3854f5354}" = Python 3.6.6 (64-bit)
"03B29BC83A87B7C74EBC6B73E82B25E3D70320ED" = Word_Add_In_Microsoft_Programmierer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2018 20:32:15 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 15.12.2018 20:32:15 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 15.12.2018 20:32:16 | Computer Name = DESKTOP-HP1IRVV | Source = PerfNet | ID = 2004
Description = 
 
Error - 15.12.2018 20:32:16 | Computer Name = DESKTOP-HP1IRVV | Source = Perflib | ID = 1008
Description = 
 
Error - 16.12.2018 09:53:47 | Computer Name = DESKTOP-HP1IRVV | Source = VSS | ID = 8193
Description = 
 
Error - 16.12.2018 18:33:06 | Computer Name = DESKTOP-HP1IRVV | Source = VSS | ID = 8194
Description = 
 
Error - 16.12.2018 19:41:26 | Computer Name = DESKTOP-HP1IRVV | Source = Application Hang | ID = 1002
Description = Programm notepad.exe, Version 10.0.17134.131 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen 
zum Problem zu suchen.    Prozess-ID: 1634    Startzeit: 01d49598ccf93526    Beendigungszeit:
 4    Anwendungspfad: C:\Windows\System32\notepad.exe    Berichts-ID: d30c3632-cd3f-4911-aabd-70194907200e

Vollständiger
 Name des fehlerhaften Pakets: ?    Auf das fehlerhafte Paket bezogene Anwendungs-ID:
 ?  
 
Error - 16.12.2018 22:06:31 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
Error - 16.12.2018 22:17:28 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
Error - 16.12.2018 22:40:42 | Computer Name = DESKTOP-HP1IRVV | Source = Microsoft-Windows-SpellChecker | ID = 33
Description = 
 
[ isaAgentLog Events ]
Error - 01.11.2018 20:28:05 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 08.11.2018 20:35:50 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 15.11.2018 20:35:51 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 22.11.2018 20:35:51 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 30.11.2018 02:59:12 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 07.12.2018 19:02:21 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
Error - 14.12.2018 19:02:21 | Computer Name = DESKTOP-HP1IRVV | Source = isaAgent | ID = 1135
Description = 1.0.0.532: Unexpected error: Der Remoteserver hat einen Fehler zurückgegeben:
 (404) Nicht gefunden.
 
[ System Events ]
Error - 16.12.2018 22:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 22:24:54 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 22:39:34 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 22:39:34 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 22:55:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:10:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
Error - 16.12.2018 23:24:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:40:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10010
Description = 
 
Error - 16.12.2018 23:40:37 | Computer Name = DESKTOP-HP1IRVV | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >
         

Alt 17.12.2018, 04:22   #8
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Hijackthis Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 01:20:58, on 17.12.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)


Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe
C:\Users\Mortifer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [vmware-tray.exe] "D:\VMware Workstation\Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [WPSTool] C:\Program Files (x86)\TP-Link\TP-Link Wireless Adapter WPS Tool\TWCU.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [CCEnhancer] C:\Program Files (x86)\CCEnhancer\CCEnhancer.exe /AUTO
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe"
O4 - HKCU\..\Run: [VeraCrypt] "C:\Program Files\VeraCrypt\VeraCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [THPanel] "C:\Program Files (x86)\Thunder Master\THPanel.exe" /A
O4 - HKCU\..\Run: [EpicGamesLauncher] "D:\Games\Fortnite\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Synapse3] C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
O4 - HKCU\..\Run: [EADM] "D:\Games\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DNSCrypt client proxy (dnscrypt-proxy) - Unknown owner - C:\Program Files (x86)\bitbeans\Simple DNSCrypt\dnscrypt-proxy\dnscrypt-proxy.exe
O23 - Service: EasyAntiCheat - Unknown owner - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Unknown owner - D:\Games\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Games\Origin\OriginWebHelperService.exe
O23 - Service: ProtonVPN Service - Unknown owner - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
O23 - Service: Razer Game Manager (Razer Game Manager Service) - Razer Inc - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service: Razer Synapse Service - Unknown owner - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RunSwUSB - Unknown owner - C:\Windows\runSW.exe
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware Workstation\Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - D:\VMware Workstation\Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\NisSrv.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MsMpEng.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 14216 bytes
         
Mabam Log:

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 17.12.18
Scan-Zeit: 02:22
Protokolldatei: 30feab62-019a-11e9-a727-002522b0a413.json

-Softwaredaten-
Version: 3.6.1.2711
Komponentenversion: 1.0.482
Version des Aktualisierungspakets: 1.0.8351
Lizenz: Premium in der Toleranzperiode

-Systemdaten-
Betriebssystem: Windows 10 (Build 17134.471)
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 358404
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 4 Min., 39 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 1
Hijack.ExeFile, HKLM\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND|, Ersetzt, [6326], [293008],1.0.8351

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
Nun können wir den beiden hoffentlich an den Kragen gehen .

LG

Alt 17.12.2018, 08:25   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Zitat:
habe ich nach der Installation von Visual Studio mir die 2 eingefangen.
Bitte erzähl doch mal wie du zu dieser Erkenntnis gekommen bist und warum ein offizielles Microsoft-Produkt mit malware ausgeliefert sein soll.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2018, 09:00   #10
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



ja da kann ich dir leider keine Erklärung liefern. Was ich aber sagen kann ist das nach der Installation und Neustart plötzlich die Fehler auftraten wie, keine exe Datei mehr ausführbar waren, Win Def. nicht startete als auch noch andere Prog nicht starteten.

Meine leihenhafte Vermutung , das vielleicht die Vieren schon vorher auf dem Rechner Waren aber nicht ausführbar waren. Und mit der Installation von Visual Studio etwas installiert wurde was dies geändert hat.

Wieso weshalb warum, bin ich leider überfragt. Daher versuche ich nun mit fremder Hilfe dem ganzen auf die Spur zu kommen. Ich hoffe das mir hier jemand weiterhelfen kann bezüglich des entfernens der 2 Vieren, oder evtl ja sogar auch noch mehr in den Logs erkennt.

Bin über jede Hilfe dankbar.

LG

Alt 17.12.2018, 09:14   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Also das verstehe ich nicht. Du hast überhaupt keine Ahnung, was dich aber nicht dran hindert eine absurde Vermutung/Behauptung rauszufeuern?!

Dann ne eine andere Frage: wer oder was hat dir die zwei angebliche Schädlinge angezeigt wenn du schon nicht wirklich weiß, woher die kommen? Die Funde hast du dir doch nicht auch einfach ausgedacht!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2018, 09:36   #12
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



So mach mal halb lang ja, das ich keine Ahnung habe hatte ich geschrieben und wesshalb die plötzlich aus heiterem Himmel da waren ich dir nicht erklären kann auch.
Das ich ein Laie bin und daher nur vermuten kann ist ja wohl die richtige Art und weise auf deine Frage einzugehen.
Behauptungen wurden gar nicht erstellt. Angezeigt wurde mir Garnichts, aber wenn man plötzlich keine Prog. Tools usw ausführen kann wird wohl jedem klar das etwas nicht mehr stimmt.

Alt 17.12.2018, 09:42   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Icon32

Hijack.exe+Virus Neshta file nach installation von visual studio



Zitat:
Zitat von korato Beitrag anzeigen
Behauptungen wurden gar nicht erstellt. Angezeigt wurde mir Garnichts, aber wenn man plötzlich keine Prog. Tools usw ausführen kann wird wohl jedem klar das etwas nicht mehr stimmt.
Willst du mich eigentlich verarschen? Dir wurde nichts angezeigt, garnichts, aber als Hilferuf kommt dann sowas:

Zitat:
Hijack.exe+Virus Neshta file nach installation von visual studio
wie im Titel schon geschrieben habe ich nach der Installation von Visual Studio mir die 2 eingefangen.
Ich möchte jetzt von dir eine Erklärung was das mit Visual Studio soll und wie du auf die zwei Schädlinge kommst.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2018, 09:55   #14
korato
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Zitat:
Zitat von cosinus Beitrag anzeigen
Willst du mich eigentlich verarschen? Dir wurde nichts angezeigt, garnichts, aber als Hilferuf kommt dann sowas:
Sagmal bist wohl mit dem falschen Fuß aufgestandnen, was soll dieses blöde angepflaume. Das bringt niemandem etwas. Hatte dir bereits geschrieben das WinDef. usw. nicht mehr starten, also wer oder was soll mir nun was anzeigen hä?



Zitat:
Zitat von cosinus Beitrag anzeigen
Ich möchte jetzt von dir eine Erklärung was das mit Visual Studio soll und wie du auf die zwei Schädlinge kommst.
Diese Fehler traten halt erst nach der Installation und Neustart auf, mehr kann ich dir dazu leider nicht sagen. auf die Schädlinge bin ich gekommen als ich win search&destr. installierte und adwcleaner+hijackthis laufen lies. Danach konnte ich mbam&ccleaner als admin wieder starten was mich aber nicht weiter gebracht hat.

Geändert von korato (17.12.2018 um 10:01 Uhr)

Alt 17.12.2018, 10:09   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hijack.exe+Virus Neshta file nach installation von visual studio - Standard

Hijack.exe+Virus Neshta file nach installation von visual studio



Zitat:
Zitat von korato Beitrag anzeigen
Sagmal bist wohl mit dem falschen Fuß aufgestandnen, was soll dieses blöde angepflaume.
Weil ich hier schwer den Eindruck habe, dass du uns verarschen willst!

Letzte Chance, poste endlich was du da für zwei Schädlinge hast von was die gefunden wurden und v.a. wo diese waren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Hijack.exe+Virus Neshta file nach installation von visual studio
.dll, adobe, avast, computer, converter, defender, downloader, explorer, firefox, format, hijack, installation, mozilla, photoshop, prozesse, realtek, registry, scan, security, server, services.exe, software, svchost.exe, virus, windows



Ähnliche Themen: Hijack.exe+Virus Neshta file nach installation von visual studio


  1. Blackscreen nach Visual Studio 2017 RC installation
    Alles rund um Windows - 17.01.2017 (2)
  2. Support-Ende für Visual Studio 2005
    Nachrichten - 15.03.2016 (0)
  3. Visual Studio 2015 RTM erscheint am 20. Juli
    Nachrichten - 30.06.2015 (0)
  4. Aufzeichnungen des Visual Studio 2015 Countdown verfügbar
    Nachrichten - 10.06.2015 (0)
  5. Jetzt testen: Visual Studio 2015 Preview
    Nachrichten - 13.11.2014 (0)
  6. Kostenlos: Visual Studio Community 2013
    Nachrichten - 13.11.2014 (0)
  7. Connect(); - ein Blick in die Zukunft von Visual Studio und Azure
    Nachrichten - 21.10.2014 (0)
  8. Avast meldet bei Visual Studio einen Virus namens Win32.EvoGen [susp]
    Log-Analyse und Auswertung - 13.10.2014 (4)
  9. PC langsam nach DAZ Studio installation
    Plagegeister aller Art und deren Bekämpfung - 24.02.2014 (1)
  10. Update 4 für Visual Studio 2012 verfügbar
    Nachrichten - 14.11.2013 (0)
  11. Videos vom Visual Studio-Launch online
    Nachrichten - 17.09.2012 (0)
  12. Neues Trainingspaket zu Visual Studio 2010 und .NET Framework 4
    Nachrichten - 01.07.2011 (0)
  13. Neues Informationsangebot zu den Visual Studio Test-Tools
    Nachrichten - 06.05.2011 (0)
  14. Detaillisten zu Korrekturen in Visual Studio 2010 Service Pack 1
    Nachrichten - 25.02.2011 (0)
  15. Update zum Visual Studio ALM Pivot
    Nachrichten - 25.02.2011 (0)
  16. Betaversion von Visual Studio 2010 Service Pack 1 (SP1)
    Nachrichten - 25.02.2011 (0)
  17. Microsoft patcht außerplanmäßig Internet Explorer und Visual Studio
    Nachrichten - 25.07.2009 (0)

Zum Thema Hijack.exe+Virus Neshta file nach installation von visual studio - Guten Morgen, wie im Titel schon geschrieben habe ich nach der Installation von Visual Studio mir die 2 eingefangen. Installiert habe ich VS von der Microsoft Seite dazu. Ich hoffe - Hijack.exe+Virus Neshta file nach installation von visual studio...
Archiv
Du betrachtest: Hijack.exe+Virus Neshta file nach installation von visual studio auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.