Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.04.2016, 09:36   #1
dukekunta
 
Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren. - Standard

Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.



Hallo, ich habe mir vor einigen Tage durch Dummheit und Schlafmangel einen Trojaner eingefangen, da ich unvorsichtig war. Mir kam das dann doch komisch vor und ich habe mit Malwarebytes einen Scan durchgeführt.

Der Scanner hat die Viren erkannt, in Quarantäne verschoben und anschließend gelöscht.
Doch beim Start des PC's poppt immer für den Bruchteil einer Sekunde ein CMD Fenster auf, dessen Titel aufgrund der kurzen Zeit nicht lesbar ist. Jetzt habe ich den Verdacht, der Virus ist nicht komplett entfernt worden.

Dazu hier der Log von Malwarebytes bei dem Suchdurchlauf als die Viren erkannt wurden:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 16.04.2016
Suchlaufzeit: 14:42
Protokolldatei: malware.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2016.04.16.02
Rootkit-Datenbank: v2016.04.09.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Louis

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 421164
Abgelaufene Zeit: 5 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Backdoor.Agent.TRJ, C:\Users\Louis\AppData\Roaming\system.exe, 8692, Löschen bei Neustart, [8101901f4f4aa98d3317a5b463a04bb5]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 1
Backdoor.Agent.MS.Generic, HKU\S-1-5-21-1578134104-715542127-142398971-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Microsoft Corporation JZCESgWePSWWUHda, C:\Users\Louis\AppData\Roaming\JZCESgWePSWWUHda.exe, In Quarantäne, [c3bf555ab0e93df925bb821aa4604cb4]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 2
Backdoor.Agent.TRJ, C:\Users\Louis\AppData\Roaming\system.exe, Löschen bei Neustart, [8101901f4f4aa98d3317a5b463a04bb5], 
Backdoor.Agent.MS.Generic, C:\Users\Louis\AppData\Roaming\JZCESgWePSWWUHda.exe, In Quarantäne, [c3bf555ab0e93df925bb821aa4604cb4], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         


Den FRST log:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Louis (administrator) on LOUIS (19-04-2016 10:26:01)
Running from C:\Users\Louis\Desktop
Loaded Profiles: Louis (Available Profiles: Louis)
Platform: Windows 10 Pro Version 1511 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) E:\Programme\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) E:\Programme\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Flux Software LLC) C:\Users\Louis\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn Inc.) E:\Programme\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) E:\Programme\Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Louis\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Louis\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Louis\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Louis\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Louis\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) E:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-03] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-16] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => E:\Programme\EaseUS Partition Master 10.2\bin\EpmNews.exe
HKLM-x32\...\Run: [BCSSync] => E:\Programme\Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => E:\Programme\Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-15] (Valve Corporation)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [f.lux] => C:\Users\Louis\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [Spotify Web Helper] => C:\Users\Louis\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-17] (Spotify Ltd)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Run: [DHCP Service] => C:\Users\Louis\AppData\Roaming\6F952576-8DD3-4512-AD10-E4D3D3A688AE\DHCP Service\dhcpsvc.exe [53248 2015-10-24] (Microsoft Corporation)
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\RunOnce: [Uninstall C:\Users\Louis\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Louis\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4f13419f-f47d-44f0-8587-0242fa4f4be4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6dc03382-5ea6-4946-85fb-5e9194d532d9}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Programme\Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Programme\Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Programme\Java\bin\jp2ssv.dll [2015-11-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1578134104-715542127-142398971-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> E:\Programme\Java\bin\dtplugin\npDeployJava1.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> E:\Programme\Java\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> E:\Programme\Java\bin\plugin2\npjp2.dll [2015-11-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> E:\PROGRA~1\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> E:\PROGRA~1\Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> E:\Programme\Adobe Reader\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1578134104-715542127-142398971-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-16]

Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.de/
CHR StartupUrls: Default -> "hxxp://google.de/"
CHR DefaultSearchKeyword: Default -> lp
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google*Übersetzer) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-01-04]
CHR Extension: (Google Präsentationen) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]
CHR Extension: (BetterTTV) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-04-03]
CHR Extension: (Google Docs) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (uBlock Origin) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-04-07]
CHR Extension: (Google-Suche) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Clear Cache) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-03-24]
CHR Extension: (Block site) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-19]
CHR Extension: (Avast SafePrice) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-29]
CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-03-09]
CHR Extension: (Google Tabellen) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (SiteBlock) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2015-06-04]
CHR Extension: (Outlook.com) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-03-01]
CHR Extension: (Google Mail) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-1578134104-715542127-142398971-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-16] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-04] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [243984 2016-03-31] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 Hamachi2Svc; E:\Programme\Hamachi\hamachi-2.exe [2550280 2016-04-05] (LogMeIn Inc.)
S3 Microsoft SharePoint Workspace Audit Service; E:\Programme\Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 Origin Client Service; E:\Programme\Origin\OriginClientService.exe [2104840 2016-01-01] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-01-03] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-01-03] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 NovaPdfServer; "C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-16] (AVAST Software)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S2 hwpsgt; C:\Windows\SysWOW64\DRIVERS\hwpsgt.sys [137344 2016-03-23] () [File not signed]
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-05-27] ()
S2 lemsgt; C:\Windows\SysWOW64\DRIVERS\lemsgt.sys [9472 2016-03-23] () [File not signed]
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-19] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 tap0901_openvpn_accl; C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-12-05] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 10:26 - 2016-04-19 10:26 - 00023606 _____ C:\Users\Louis\Desktop\FRST.txt
2016-04-19 10:24 - 2016-04-19 10:26 - 00000000 ____D C:\FRST
2016-04-19 10:24 - 2016-04-19 10:24 - 02375680 _____ (Farbar) C:\Users\Louis\Desktop\FRST64.exe
2016-04-19 10:17 - 2016-04-19 10:17 - 00001195 _____ C:\Users\Louis\Desktop\asda.txt
2016-04-18 19:08 - 2016-04-18 19:08 - 00086325 _____ C:\Users\Louis\Downloads\tickets_0924615.pdf
2016-04-16 15:09 - 2016-04-16 15:09 - 00003158 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1460812163
2016-04-16 15:09 - 2016-04-16 15:09 - 00001085 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-16 15:09 - 2016-04-16 15:09 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-16 15:02 - 2016-04-16 15:02 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-04-16 15:02 - 2016-04-16 15:02 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-04-16 15:02 - 2016-04-16 15:02 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-04-16 14:38 - 2016-04-16 14:48 - 00000000 ____D C:\Users\Louis\AppData\Roaming\6F952576-8DD3-4512-AD10-E4D3D3A688AE
2016-04-13 13:25 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 13:25 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 13:25 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 13:25 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 13:25 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 13:25 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 13:25 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 13:25 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 13:25 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 13:25 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 13:25 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 13:25 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 13:25 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 13:25 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 13:25 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 13:25 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 13:25 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 13:25 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 13:25 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 13:25 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 13:25 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 13:25 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 13:25 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 13:25 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 13:25 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 13:25 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 13:25 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 13:25 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 13:25 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 13:25 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 13:25 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 13:25 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 13:25 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 13:25 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 13:25 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 13:25 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 13:25 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 13:25 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 13:25 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 13:25 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 13:25 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 13:25 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 13:25 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 13:25 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 13:25 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 13:25 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 13:25 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 13:25 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 13:25 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 13:25 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 13:25 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 13:25 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 13:25 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 13:25 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 13:25 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 13:25 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 13:25 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 13:25 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 13:25 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 13:25 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 13:25 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 13:25 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 13:25 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 13:25 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 13:25 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 13:25 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 13:25 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 13:25 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 13:25 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 13:25 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 13:25 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 13:25 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 13:25 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 13:25 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 13:25 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 13:25 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 13:25 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 13:25 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 13:25 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 13:25 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 13:25 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 13:25 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 13:25 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 13:25 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 13:25 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 13:25 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 13:25 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 13:25 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 13:25 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 13:25 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 13:25 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 13:25 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 13:25 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 13:25 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 13:25 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 13:25 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 13:25 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 13:25 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 13:25 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 13:25 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 13:25 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 13:25 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 13:25 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 13:25 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 13:25 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 13:25 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 13:25 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 13:25 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 13:25 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 13:25 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 13:25 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 13:25 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 13:25 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 13:25 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 13:25 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 13:25 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 13:25 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 13:25 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 13:25 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 13:25 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 13:25 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 13:25 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 13:25 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 13:25 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 13:25 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 13:25 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 13:25 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 13:25 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 13:25 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 13:25 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 13:25 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 13:25 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 13:25 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 13:25 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 13:25 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 13:25 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 13:25 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 13:25 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 13:25 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 13:25 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 13:25 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 13:25 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 13:25 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 13:25 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 13:25 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 13:25 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 13:25 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 13:25 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 13:25 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 13:25 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 13:25 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 13:25 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 13:25 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 13:25 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 13:25 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 13:25 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 13:25 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 13:25 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 13:25 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 13:25 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 13:25 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 13:25 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 13:25 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 13:25 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 13:25 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 13:25 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 13:25 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 13:25 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 13:25 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 13:25 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 13:25 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 13:25 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 13:25 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 13:25 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 13:25 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 13:25 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 13:25 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 13:25 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 13:25 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 13:25 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 13:25 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 13:25 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 13:25 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 13:25 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 13:25 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 13:25 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 13:25 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 13:25 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 13:25 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 13:25 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 13:25 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 13:25 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 13:25 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 13:25 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 13:25 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 13:25 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 13:25 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 13:25 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 13:25 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 13:25 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 13:25 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 13:25 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 13:25 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 13:25 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 13:25 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 13:25 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 13:25 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 13:25 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 13:25 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 13:25 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 13:25 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 13:25 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 13:25 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 13:25 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 13:25 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 13:25 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 13:25 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 13:25 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 13:25 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 13:25 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 13:25 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 13:25 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 13:25 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 13:25 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 13:25 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 13:25 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 13:25 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 13:25 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 13:25 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 13:25 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 13:25 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 13:25 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 13:25 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 13:25 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 13:25 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 13:25 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 13:25 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 13:25 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 13:25 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 13:25 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 13:25 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 13:25 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 13:25 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 13:25 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 13:25 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 13:25 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 13:25 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 13:25 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 13:25 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 13:25 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 13:25 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 13:25 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 13:25 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 13:25 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 13:25 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 13:25 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 13:25 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 13:25 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 13:25 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 13:25 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 13:25 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 13:25 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 13:25 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 13:25 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 13:25 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 13:25 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 13:25 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 13:25 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 13:25 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 13:25 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 13:25 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 13:25 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 13:25 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-11 00:37 - 1999-06-10 17:33 - 00019968 _____ ( ) C:\Users\Louis\Desktop\mouserate.exe
2016-04-10 19:21 - 2016-04-10 19:21 - 00000000 ____D C:\Users\Louis\Documents\ADOM
2016-04-10 19:19 - 2015-08-23 14:41 - 00000000 ____D C:\Users\Louis\Desktop\adom
2016-04-10 09:23 - 2016-04-10 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-09 21:16 - 2016-04-09 21:34 - 00000000 ____D C:\Users\Louis\AppData\Roaming\qBittorrent
2016-04-09 21:16 - 2016-04-09 21:16 - 00000000 ____D C:\Users\Louis\AppData\Local\qBittorrent
2016-04-09 14:27 - 2016-04-09 16:52 - 00000000 ____D C:\Users\Louis\AppData\Roaming\endless-sky
2016-04-08 18:08 - 2016-04-08 18:08 - 00000000 ____D C:\Users\Louis\Documents\Egosoft
2016-04-08 17:13 - 2016-04-08 17:13 - 00001040 _____ C:\Users\Louis\Desktop\nfsmwres.exe - Verknüpfung.lnk
2016-04-08 16:59 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-04-08 16:59 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-04-08 16:59 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-04-08 16:59 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-04-08 16:59 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-04-08 16:59 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-04-07 14:21 - 2016-04-07 14:21 - 00003294 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2016-04-07 14:21 - 2016-04-07 14:21 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2016-04-07 14:20 - 2016-04-07 14:20 - 00003238 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2016-04-07 14:20 - 2016-04-07 14:20 - 00003210 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2016-04-07 14:20 - 2016-04-07 14:20 - 00003206 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2016-04-07 14:20 - 2016-04-07 14:20 - 00002823 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center.lnk
2016-04-07 14:20 - 2016-04-07 14:20 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2016-04-03 12:39 - 2016-04-03 12:56 - 00000000 ____D C:\Users\Louis\Documents\NFS Most Wanted
2016-04-03 12:39 - 2016-04-03 12:39 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted
2016-04-03 12:39 - 2016-04-03 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted
2016-04-03 11:10 - 2016-04-03 11:10 - 00133979 _____ C:\Users\Louis\Downloads\hosts.zip
2016-04-03 11:10 - 2015-09-18 15:53 - 00006556 _____ C:\Users\Louis\Downloads\readme.txt
2016-04-03 11:10 - 2015-09-18 15:50 - 00000841 _____ C:\Users\Louis\Downloads\License.txt
2016-04-03 11:10 - 2013-01-03 13:00 - 00001455 _____ C:\Users\Louis\Downloads\PrivacyPolicy.txt
2016-04-03 11:10 - 2011-05-02 15:05 - 00001611 _____ C:\Users\Louis\Downloads\mvps.bat
2016-04-02 18:50 - 2016-04-02 18:50 - 00000000 ____D C:\Users\Louis\Documents\ArmA 2 Other Profiles
2016-04-02 18:16 - 2016-04-19 10:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-02 18:16 - 2016-04-03 11:50 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-02 18:16 - 2016-04-02 18:27 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIX Networks
2016-04-02 18:16 - 2016-04-02 18:27 - 00000000 ____D C:\Users\Louis\AppData\Local\PlaywithSIX
2016-04-02 18:16 - 2016-04-02 18:17 - 00000000 ____D C:\Users\Louis\AppData\Local\SIX Networks
2016-04-02 18:16 - 2016-04-02 18:16 - 00000000 ____D C:\Users\Louis\AppData\Roaming\SIX Networks
2016-04-02 18:16 - 2016-04-02 18:16 - 00000000 ____D C:\Users\Louis\AppData\Local\SquirrelTemp
2016-04-02 18:16 - 2016-04-02 18:16 - 00000000 ____D C:\Users\Louis\AppData\Local\IsolatedStorage
2016-04-02 13:35 - 2016-04-19 00:06 - 00000059 _____ C:\Users\Louis\Desktop\der herr der ringe.txt
2016-04-01 11:17 - 2016-04-01 11:17 - 00000000 ____D C:\Users\Louis\AppData\Local\Victory
2016-03-31 18:32 - 2016-04-19 10:16 - 00000000 ____D C:\Users\Louis\AppData\Local\LogMeIn Hamachi
2016-03-25 22:35 - 2016-03-25 22:35 - 00000000 ____D C:\Users\Louis\AppData\LocalLow\Facepunch Studios
2016-03-23 12:45 - 2016-03-23 12:45 - 00137344 _____ C:\WINDOWS\SysWOW64\Drivers\hwpsgt.sys
2016-03-23 12:45 - 2016-03-23 12:45 - 00009472 _____ C:\WINDOWS\SysWOW64\Drivers\lemsgt.sys
2016-03-22 21:58 - 2016-03-22 21:31 - 01247112 _____ (Mojang) C:\Users\Louis\Desktop\Minecraft.exe
2016-03-22 21:32 - 2016-03-22 21:47 - 00000000 ____D C:\Users\Louis\AppData\Roaming\.minecraft
2016-03-22 21:32 - 2016-03-22 21:32 - 00000000 ____D C:\Users\Louis\AppData\Roaming\java

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-19 10:25 - 2015-05-14 16:25 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Spotify
2016-04-19 10:16 - 2016-02-22 12:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-19 10:16 - 2016-01-06 13:40 - 00773364 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-19 10:16 - 2016-01-06 13:40 - 00155006 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-19 10:16 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-19 10:16 - 2015-08-07 14:45 - 01799166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-19 10:15 - 2015-05-14 16:25 - 00000000 ____D C:\Users\Louis\AppData\Local\Spotify
2016-04-19 10:10 - 2016-02-03 16:31 - 00000000 ___RD C:\Users\Louis\Google Drive
2016-04-19 10:10 - 2016-01-06 04:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 10:10 - 2016-01-06 04:44 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-19 10:10 - 2015-07-01 20:34 - 00000374 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-04-19 10:10 - 2015-03-01 15:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-19 10:10 - 2015-03-01 14:56 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-19 10:09 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-19 10:04 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-19 10:04 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-19 10:02 - 2015-03-01 14:49 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{48A31159-2094-4DCD-8B9A-6EEE4FBFD8B8}
2016-04-19 00:06 - 2015-03-17 19:13 - 00000000 ____D C:\Users\Louis\AppData\Roaming\TS3Client
2016-04-18 23:31 - 2015-03-01 14:56 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-17 19:37 - 2016-01-06 04:45 - 00000000 ____D C:\Users\Louis
2016-04-17 14:32 - 2016-02-03 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-16 15:02 - 2015-03-01 15:03 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00465792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00287528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00166432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-04-16 15:02 - 2015-03-01 15:03 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-04-16 15:02 - 2015-03-01 15:02 - 00000000 ____D C:\Program Files\AVAST Software
2016-04-16 15:02 - 2015-03-01 15:01 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-16 14:53 - 2016-02-22 12:55 - 00000775 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-16 14:53 - 2016-02-22 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-04-16 14:48 - 2016-01-06 13:43 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-15 14:48 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-14 12:33 - 2016-01-06 04:43 - 00371088 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 12:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 12:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 12:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 12:32 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 14:18 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 14:17 - 2015-03-01 16:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 14:14 - 2015-03-01 16:13 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 09:39 - 2015-03-01 14:47 - 00000000 ____D C:\Users\Louis\AppData\Local\Packages
2016-04-12 23:00 - 2015-12-19 16:27 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Skype
2016-04-12 21:53 - 2015-12-19 16:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-12 21:53 - 2015-12-19 16:26 - 00000000 ____D C:\ProgramData\Skype
2016-04-12 13:31 - 2015-03-01 14:57 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 19:41 - 2015-03-01 15:37 - 00000000 ____D C:\Users\Louis\AppData\Local\Battle.net
2016-04-09 19:40 - 2015-09-05 12:36 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-06 20:32 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 20:32 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 22:28 - 2015-06-21 15:53 - 00000000 ____D C:\Users\Louis\Documents\Mount&Blade Warband Savegames
2016-04-04 19:32 - 2015-09-01 12:25 - 00000000 ____D C:\Users\Louis\AppData\Local\ArmA 2 OA
2016-04-03 11:54 - 2015-05-26 10:27 - 00000000 ____D C:\Users\Louis\AppData\Local\Adobe
2016-04-03 11:03 - 2015-05-15 19:22 - 00000000 ____D C:\Users\Louis\AppData\Local\Arma 3
2016-04-02 18:18 - 2015-09-01 12:25 - 00000000 ____D C:\Users\Louis\Documents\ArmA 2
2016-04-02 18:17 - 2015-05-15 19:22 - 00000000 ____D C:\Users\Louis\Documents\Arma 3
2016-04-01 19:35 - 2015-08-29 13:15 - 00283896 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2016-04-01 19:16 - 2015-03-23 01:09 - 00000000 ____D C:\Users\Louis\.gimp-2.8
2016-04-01 13:04 - 2015-05-14 10:11 - 00000000 ____D C:\Users\Louis\AppData\Local\Arma 3 Launcher
2016-04-01 11:17 - 2015-03-01 15:03 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-31 19:10 - 2015-05-07 16:32 - 00243984 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2016-03-24 01:18 - 2015-03-01 14:48 - 00000000 __RDO C:\Users\Louis\SkyDrive
2016-03-23 12:54 - 2016-02-22 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-03-23 12:54 - 2015-07-27 18:33 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-03-23 12:54 - 2015-03-04 17:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-23 12:48 - 2015-09-19 18:40 - 00000000 ____D C:\Users\Louis\AppData\Local\ElevatedDiagnostics
2016-03-22 19:48 - 2016-03-01 17:59 - 00000000 ____D C:\Users\Louis\AppData\Roaming\StardewValley
2016-03-22 18:21 - 2016-03-16 17:42 - 00000000 ____D C:\Users\Louis\BrawlhallaReplays
2016-03-21 19:01 - 2015-08-28 15:02 - 00000000 ____D C:\Users\Louis\AppData\Local\DayZ

==================== Files in the root of some directories =======

2015-12-27 17:03 - 2015-12-27 17:03 - 0003379 _____ () C:\Users\Louis\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-12 13:25

==================== End of FRST.txt ============================
         

Die addition txt füge ich aufgrund von überlänge in ein Kommentar ein.

Ich freue mich über konstruktive Hilfe!

Alt 19.04.2016, 09:37   #2
dukekunta
 
Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren. - Standard

Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.



Hier noch die addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Louis (2016-04-19 10:26:21)
Running from C:\Users\Louis\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-06 02:50:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1578134104-715542127-142398971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1578134104-715542127-142398971-503 - Limited - Disabled)
Guest (S-1-5-21-1578134104-715542127-142398971-501 - Limited - Disabled)
Louis (S-1-5-21-1578134104-715542127-142398971-1001 - Administrator - Enabled) => C:\Users\Louis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.217 - Adobe Systems Incorporated)
Arma 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead - Dedicated Server (HKLM\...\Steam App 33935) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AutoHotkey 1.1.22.02 (HKLM\...\AutoHotkey) (Version: 1.1.22.02 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Broforce (HKLM\...\Steam App 274190) (Version:  - Free Lives)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
doPDF (Version: 8.5.937 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{314c4f89-1ad6-4ab8-8896-39f36c2bb2b6}) (Version: 8.5.937 - Softland)
Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version:  - Daedalic Entertainment)
Endless Sky (HKLM\...\Steam App 404410) (Version:  - Michael Zahniser)
Epic Games Launcher (HKLM\...\{C450FF79-4C7F-4672-8137-8D1A150CC4C7}) (Version: 1.1.43.0 - Epic Games, Inc.)
f.lux (HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Flux) (Version:  - )
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fallout 3 Patch v1.8 (HKLM-x32\...\Updated Unofficial Fallout 3 Patch_is1) (Version: 1.8 - )
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Floris Mod Pack 2.54 (HKLM-x32\...\Floris Mod Pack_is1) (Version:  - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
H1Z1: King of the Kill (HKLM\...\Steam App 433850) (Version:  - Daybreak Game Company)
Intel(R) Smart Connect Technology (HKLM\...\{3B236485-CCE7-48DE-82DC-A5EA54A6F7D6}) (Version: 5.0.10.2850 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java(TM) 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217000FF}) (Version: 7.0.0 - Oracle)
KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.422 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.422 - LogMeIn, Inc.) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mark of the Ninja (HKLM\...\Steam App 214560) (Version:  - Klei Entertainment)
Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version:  - 4A GAMES)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)
Monaco (HKLM\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted (black edition)) (Version: 1.3 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 3.1.1.12 - Steppschuh)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - Raven Software)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Tales of Maj'Eyal (HKLM-x32\...\Steam App 259680) (Version:  - DarkGod)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Teeworlds (HKLM\...\Steam App 380840) (Version:  - Teeworlds Team)
The Culling (HKLM\...\Steam App 437220) (Version:  - Xaviant)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Unity Web Player (x64) (All users) (HKLM\...\UnityWebPlayer) (Version: 4.6.6f2 - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 13.0 - Ubisoft)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
X3: Albion Prelude (HKLM\...\Steam App 201310) (Version:  - Egosoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1578134104-715542127-142398971-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Louis\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {028DC15A-827C-491C-AEB6-E953EC158A09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {1C85D436-4913-483F-8E5E-09C9B629396A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {21D7C4BC-1570-45CC-BE0C-5DC864F5D518} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {2CF9122D-10CB-4872-9053-E4758C90F055} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-12-09] (Microsoft Corporation)
Task: {37C5E967-6F40-410A-A5F5-209609FB51E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {3B989933-49A0-4A5F-8694-BE4E2E63A663} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4DD3C37B-38F5-404D-8A09-C7A651F53D84} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6E73F736-195A-4BC3-86AD-853C24792785} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-12-09] (Microsoft)
Task: {72BDD851-D6DB-4050-B4F0-7AA1DFC873C0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-16] (AVAST Software)
Task: {8A8DA5F6-ABF4-4E6D-BC8A-01A6B93F6D54} - System32\Tasks\SafeZone scheduled Autoupdate 1460812163 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
Task: {8EC78325-700E-4483-A117-C98FF4363504} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {913BCF66-B660-4693-B06E-0479B9D57302} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9312E87E-3880-4071-9DFC-6C8E3FE1B397} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9661BC02-24F3-4658-9015-EE3F70D31FD8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A0F35469-9F73-473F-952D-FB13627EB3DF} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe
Task: {A73FCC20-C589-4246-ADD7-06B303F87FFE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C443AA91-60C7-471A-A55E-724BA13B372B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C9855276-3567-4375-B0C9-36D726F6DB1B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E83FCD56-D636-460C-8417-17B9109A85BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-01] (Google Inc.)
Task: {E87F43FF-C1F9-45D1-A186-3AB3AC3520F1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {E9246C91-28F4-4FC0-BF0C-5B4D42B93DE0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-13] (Adobe Systems Incorporated)
Task: {F28DE0EA-1F5A-4EB9-8805-CC8062896CD1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-12-09] (Microsoft Corporation)
Task: {F9D32C39-6220-42B6-BDCB-781D0311EA66} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FB421D8F-9124-42CD-BDB0-BAF66CF381AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-06 04:44 - 2015-08-25 17:57 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-20 23:48 - 2016-01-03 17:37 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2016-04-13 13:25 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 13:25 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-19 10:03 - 2016-04-19 10:03 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-06 14:40 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 13:25 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 13:25 - 2016-04-02 05:26 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-04-13 13:25 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 13:25 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 13:25 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 13:25 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 09:23 - 2014-09-18 09:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 20:51 - 2014-10-14 20:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-04-16 15:02 - 2016-04-16 15:02 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-04-16 15:02 - 2016-04-16 15:02 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-04-19 09:59 - 2016-04-19 09:59 - 02890240 _____ () C:\Program Files\AVAST Software\Avast\defs\16041900\algo.dll
2016-04-16 15:02 - 2016-04-16 15:02 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-04-19 10:03 - 2016-04-19 10:03 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 10:03 - 2016-04-19 10:03 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-04-02 21:00 - 2015-06-03 23:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-01 15:21 - 2016-03-11 02:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-01 15:21 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-01 15:21 - 2016-04-15 03:53 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-01 15:21 - 2016-02-09 01:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-01 15:21 - 2016-02-09 01:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-01 15:21 - 2016-02-09 01:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-01 15:21 - 2016-02-09 01:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-01 15:21 - 2016-02-09 01:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-01 15:21 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-01 15:21 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-01 15:21 - 2016-04-15 03:53 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-02-19 18:05 - 2016-02-18 00:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-03-01 15:21 - 2016-02-09 03:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-04-19 10:10 - 2016-04-19 10:10 - 00098816 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32api.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00110080 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\pywintypes27.dll
2016-04-19 10:10 - 2016-04-19 10:10 - 00364544 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\pythoncom27.dll
2016-04-19 10:10 - 2016-04-19 10:10 - 00320512 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32com.shell.shell.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00776704 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_hashlib.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 01176576 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._core_.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00806400 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._gdi_.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00816128 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._windows_.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 01067008 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._controls_.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00733184 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._misc_.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00682496 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\pysqlite2._sqlite.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00088064 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_ctypes.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00119808 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32file.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00108544 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32security.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00007168 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\hashobjs_ext.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00017920 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\thumbnails_ext.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00088064 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\usb_ext.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00167936 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32gui.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00018432 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32event.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00046080 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_socket.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 01208320 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_ssl.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00128512 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_elementtree.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00127488 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\pyexpat.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00012288 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\common.time34.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00038912 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32inet.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00036864 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_psutil_windows.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00525208 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\windows._lib_cacheinvalidation.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00011264 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32crypt.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00077312 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._html2.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00027136 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_multiprocessing.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00020480 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\_yappi.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00035840 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32process.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00686080 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\unicodedata.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00078848 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._animate.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00123392 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\wx._wizard.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00024064 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32pipe.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00010240 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\select.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00025600 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32pdh.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00017408 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32profile.pyd
2016-04-19 10:10 - 2016-04-19 10:10 - 00022528 ____R () C:\Users\Louis\AppData\Local\Temp\_MEI68962\win32ts.pyd
2016-01-07 23:09 - 2016-01-07 23:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-17 04:27 - 2014-04-17 04:27 - 00087552 _____ () C:\Program Files (x86)\IP Camera Adapter\IPCameraAdapter.dll
2015-08-07 15:54 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Louis\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-07 15:54 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Louis\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-04-09 13:23 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Louis\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
2015-05-14 16:25 - 2016-04-17 16:08 - 47503472 _____ () C:\Users\Louis\AppData\Roaming\Spotify\libcef.dll
2015-08-26 11:29 - 2016-04-17 16:08 - 01584240 _____ () C:\Users\Louis\AppData\Roaming\Spotify\libglesv2.dll
2015-08-26 11:29 - 2016-04-17 16:08 - 00082032 _____ () C:\Users\Louis\AppData\Roaming\Spotify\libegl.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () E:\Programme\Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\sony.com -> sony.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2016-04-01 01:53 - 00506641 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 12009 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1578134104-715542127-142398971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Louis\Desktop\swag\P1020898.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D806204F1CB634CD6A49014C6430B661"
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1578134104-715542127-142398971-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{874E1FBB-AD38-43F0-9629-9A968AB96F96}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{F426BEAA-A359-4A62-8258-4737B5A5F0DF}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{286ECC70-19FC-4B7C-8BC8-35AF60A1E23D}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{669AD8A4-9EF6-4480-9967-022821CCABCC}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{57E67315-9367-4120-B9EE-B138B55263EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CBC13A5A-18C6-4085-97AF-D4E18ABE029A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{21D3ABB9-CB3A-4B81-B65D-E1C35B218EE7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CBA57C54-A502-4175-BBA7-DAA2B93F9ED2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{62DE771C-8DD6-4885-A324-0FB23DC1A745}] => (Allow) E:\SteamGames\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{E19EE321-D3DC-4DC6-B0E5-4F60B7BC8350}] => (Allow) E:\SteamGames\SteamApps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{6E3F9F5B-9304-40AA-8C46-36EA957675CC}] => (Allow) E:\SteamGames\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{96C2583B-5559-41A9-A74C-05D5E40737BE}] => (Allow) E:\SteamGames\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{36FC4F3A-A9D7-4070-AB74-41DAA1555F25}] => (Allow) E:\SteamGames\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{E5539BA0-AB76-4FC3-B6E7-1997574D6E3E}] => (Allow) E:\SteamGames\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{C99ABDA6-DB99-474C-9DB6-6F30DBA0A302}] => (Allow) E:\SteamGames\SteamApps\common\Edna & Harvey The Breakout\Edna.exe
FirewallRules: [{F5E52135-1C99-4A8E-BC9B-0C7E467FE8DB}] => (Allow) E:\SteamGames\SteamApps\common\Edna & Harvey The Breakout\Edna.exe
FirewallRules: [{BA439BD3-3456-4CF7-9282-9F2B3F3CCD0C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A79C810C-B4BF-41F6-8D8D-CBBBF19A08F8}] => (Allow) E:\Programme\Webcam\webcamXP5\webcamXP.exe
FirewallRules: [{A25BFA63-95B5-4D0A-918A-2D105D904DD3}] => (Allow) E:\Programme\Webcam\webcamXP5\webcamXP.exe
FirewallRules: [{D4758D9D-638D-4132-85AF-1F453C76EA5F}] => (Allow) E:\SteamGames\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2D847A65-036D-4F9D-9B74-8948E394230B}] => (Allow) E:\SteamGames\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{2C5E7192-B82B-4EDC-AF5C-B972E19BD3AB}E:\spiele\ut\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\spiele\ut\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [TCP Query User{16933343-BF48-4239-8AAE-5E2A69637123}E:\spiele\ut\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) E:\spiele\ut\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{ECB4939D-DF6D-4C48-8B2F-942D0955C509}] => (Allow) LPort=8501
FirewallRules: [{423B3D5B-C523-4654-A920-0DEABDA27AF8}] => (Allow) LPort=8501
FirewallRules: [{54F08CFA-99E9-4A75-B8E0-A65E969C19A0}] => (Allow) E:\SteamGames\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{05ECE314-8810-4C12-AB43-495C93808397}] => (Allow) E:\SteamGames\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{4433667C-FDB4-47D1-A77B-DBDDE8D78D05}] => (Allow) E:\SteamGames\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BFC79921-B0F6-4C3F-AC94-120817C1686E}] => (Allow) E:\SteamGames\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [UDP Query User{127E6616-02E9-4FA0-9494-C900F6324CDD}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{4A9A6EDA-4EFA-4975-A91F-D5EE34D71460}E:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) E:\program files (x86)\origin games\battlefield 4\bf4.exe
FirewallRules: [{1936E3DC-6677-47FB-A6C8-E9D332618F34}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{E21C72CB-5EBE-4598-BBDD-24CF7F425481}] => (Allow) E:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{19093B65-5E6D-4286-AC3F-E6A6055200BF}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDF3693F-9878-4C9B-B8AA-848D8544A936}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D87E5CA0-6033-4259-B25A-7ED95CFD1C84}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E2E542E-1594-49BE-AA50-DC6098841F71}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{175F2C5B-8AAC-4E27-B36D-C408819FB432}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{303FF936-40AD-450D-BDA9-EFFF7BEB691D}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9E4F707D-F049-441A-B592-694D5E998A07}] => (Allow) E:\SteamGames\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{C92CF70F-206B-480E-8A39-EDA1327E15D1}] => (Allow) E:\SteamGames\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{C1F0AF57-6697-4BEB-858B-7599F3E39A7B}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{08FCCC03-4FA4-4504-8B66-5DE207EABABC}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C1F0616E-460D-4F20-9108-C71FDEF5C5AB}] => (Allow) E:\Programme\Office\Office14\outlook.exe
FirewallRules: [{CB549F8D-E01B-4B50-A9B4-CDB1DF45DE47}] => (Allow) E:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{8C612DB6-A0D5-4F5C-9775-2FA6B287212A}] => (Allow) E:\Programme\Office\Office14\ONENOTE.EXE
FirewallRules: [{27E09843-717B-4703-81E9-77E65FD32979}] => (Allow) E:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{4CD440AC-C5A6-4A60-88E9-3CB27F372D66}] => (Allow) E:\Programme\Office\Office14\GROOVE.EXE
FirewallRules: [{DBF8AD77-B000-4191-83B9-B27FDEE5F305}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{493F23FE-76BA-46E2-AB01-FFEDDEF89109}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{B031B018-D50C-4A30-B513-588B44851393}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{CE4A8489-0C8E-41AA-ABF3-1D7087929D0E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{BBFE924D-56AE-4620-9B40-82BD032C2839}E:\steamgames\steamapps\common\dayz\dayz.exe] => (Allow) E:\steamgames\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{C8BD2B23-18B9-46C6-A284-5D02A0F7FD3C}E:\steamgames\steamapps\common\dayz\dayz.exe] => (Allow) E:\steamgames\steamapps\common\dayz\dayz.exe
FirewallRules: [{082B3810-25B6-4754-8404-E3D93AF41637}] => (Allow) E:\SteamGames\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{A7AE31E3-DF99-4824-9BEF-FB26AC2D95A9}] => (Allow) E:\SteamGames\SteamApps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{43FFF740-2E64-419D-8D13-E8ED38D678E7}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{9CD22508-B152-451D-8D03-F56C5CDBA235}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{227DAE61-3E33-4D0B-8F06-26D9FBDF7BDE}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{66619BCA-E445-4A28-A254-F2E7C18E45D2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{56F669FB-C2E8-42DB-862B-3C1EA67E723F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{3E59CFF8-614F-4071-9518-D44746E47A67}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{A14C3221-F1E4-460F-826D-8BDB7237CCBC}C:\users\louis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\louis\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{47014537-D682-482D-866B-40E651479870}C:\users\louis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\louis\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ED226958-ADEF-45BC-8F20-6EF2F0268326}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{9DA4F7AB-1CF1-4CCD-A3ED-9BC16ECBD694}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{E7951AC1-FB90-4B6D-99A8-567B8EAF84B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD98A024-5382-438E-B8B6-A60D77117117}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59964420-BDF3-4D3F-98EB-77C202B3E889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C92BC055-2135-467D-86A4-9F3DCCE7D9F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEE8AA4B-D1FB-4E31-AD7D-BF8C4829732A}] => (Allow) LPort=1688
FirewallRules: [{088B4E1C-C411-4642-98E6-5BFC11BE634F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{27EA5FE5-A9F9-41B5-9261-629C85711423}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{89F03A4F-C7AD-4C87-8D0E-435E65897656}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A4884796-AE7C-4BA5-9DAC-0D2E5DBB7889}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D4B9D5F0-76C0-4A27-AA13-0B6FF9ADF949}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D7F22D23-950C-40D8-B38F-B468FEB37BA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4B4B08C9-F69E-4467-947B-085774D4BC16}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E58B27F-13D8-4FE2-9681-4388B5436B9F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5D73989E-BBF8-4261-BC45-B21C8A58D2F5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C3A86638-B0C6-4638-976E-0FD67A03E152}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC63336C-32AC-44EE-8EC8-ACA62A2AE479}] => (Allow) E:\Programme\BattleNet\Battle.net\Battle.net.exe
FirewallRules: [{4C7733F4-96FC-4994-84B3-57110016EFB3}] => (Allow) E:\Programme\BattleNet\Battle.net\Battle.net.exe
FirewallRules: [{8EFB241E-0031-44E1-AAC3-FB9BE0403D24}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{5C171588-4E58-4347-B482-B561955BC6D0}] => (Allow) E:\SteamGames\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{7EB5F01C-6B16-4851-999B-5F7500F6999E}] => (Allow) E:\SteamGames\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [{9BA9D04F-D1DA-43B4-8430-CD80A6B0612D}] => (Allow) E:\SteamGames\SteamApps\common\H1Z1\LaunchPad.exe
FirewallRules: [{8ADF70C9-2C59-496B-B11A-9CD9DE8380EC}] => (Allow) E:\SteamGames\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{F8F9A0AB-849C-4C9F-A7A2-22D5F53FDAC6}] => (Allow) E:\SteamGames\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{E6313AD6-8506-4F15-965D-257E6FF6F100}] => (Allow) E:\SteamGames\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{8568D53A-B8E0-48DF-97E2-9FE28E0B72FF}] => (Allow) E:\SteamGames\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{04752E38-82DD-41B8-B2E3-1ABA1E62DC70}] => (Allow) E:\SteamGames\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{5922C2E5-C137-46FF-8C3E-46B5D941A59D}] => (Allow) E:\SteamGames\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{C9CB7390-B2E7-4E1F-BD80-C805EC503D64}] => (Allow) E:\SteamGames\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{48175B92-13EC-4181-87D3-213CC9F6F562}] => (Allow) E:\SteamGames\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{574099B0-AB53-4C2C-99D0-7B83213D6D7E}] => (Allow) E:\SteamGames\SteamApps\common\rust\Rust.exe
FirewallRules: [{B81D3BA3-71C7-44FB-9902-FC7273EB517B}] => (Allow) E:\SteamGames\SteamApps\common\rust\Rust.exe
FirewallRules: [{95ACC128-3616-4D23-B413-F903F0CB3A32}] => (Allow) E:\SteamGames\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{75848794-49CF-4F22-BFC3-639F00F172D2}] => (Allow) E:\SteamGames\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{C5CC6120-1197-4DCB-8C24-6FD86E924AE5}] => (Allow) E:\SteamGames\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{14F94EF3-8832-4752-B520-6C12F4B53524}] => (Allow) E:\SteamGames\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{5ACAAA37-CE55-4BE2-BDEB-27EFFE941AB4}] => (Allow) E:\SteamGames\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9BCCA665-97DD-429D-9AC6-09612D571C1D}] => (Allow) E:\SteamGames\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{73994114-9CDC-472E-83EC-7CA38EF5B0DA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{42F04483-B37C-4220-ACA4-08E54CEDFC9D}] => (Allow) LPort=2869
FirewallRules: [{077E9928-D5EA-43ED-BC78-EB65CF1FB1AC}] => (Allow) LPort=1900
FirewallRules: [{BE469203-E3F8-4861-8B73-6C7E84044F46}] => (Allow) E:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{D82C833B-0372-4F56-A8C2-0381292E291D}] => (Allow) E:\SteamGames\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{4FA48537-1B9B-49B4-AB3A-115F36F48833}E:\spiele\d3\diablo iii\diablo iii.exe] => (Allow) E:\spiele\d3\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{8ECCDF3D-C05D-4EDA-BF6F-40DFE03897E7}E:\spiele\d3\diablo iii\diablo iii.exe] => (Allow) E:\spiele\d3\diablo iii\diablo iii.exe
FirewallRules: [{D282404E-BB12-42DD-BF23-ACEFED35DBA9}] => (Allow) E:\SteamGames\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{D8A7C382-07C4-4C4F-829A-13B4A722E922}] => (Allow) E:\SteamGames\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [TCP Query User{3D0D8A9E-99D2-45BF-B124-79E1527A18C4}C:\users\louis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\louis\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D23FB4F4-9CE6-4B71-B44A-8AEABBFAEDBB}C:\users\louis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\louis\appdata\roaming\spotify\spotify.exe
FirewallRules: [{905710CA-6279-4148-95E4-767D286ABA64}] => (Allow) E:\SteamGames\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EC4E7C83-9BF3-4DFF-8829-447029022891}] => (Allow) E:\SteamGames\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{663E40D9-0A4D-4413-A733-0840AB5C7593}] => (Allow) E:\SteamGames\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7E5EA167-D3B1-4244-8B43-1BB3AC08E1D7}] => (Allow) E:\SteamGames\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{D7284878-0256-4D18-A771-BCF555B282F2}] => (Allow) E:\SteamGames\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{39FED33A-F1CC-408B-9220-F0E0A5110560}] => (Allow) E:\SteamGames\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{FCC8AC97-4D50-4A9E-80C4-89FDD981D946}] => (Allow) E:\SteamGames\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{3A304507-A93A-499D-95EA-D77674AA5F03}] => (Allow) E:\SteamGames\SteamApps\common\Risk of Rain\Risk of Rain.exe
FirewallRules: [{234C5BAA-6B7C-4186-94FC-48B04E22BE8C}] => (Allow) E:\SteamGames\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{31D8BB31-0FED-4207-8422-F87A7CB5C1CC}] => (Allow) E:\SteamGames\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{5A00E1A8-313C-40DD-B6CF-3B654BA2B17F}E:\steamgames\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamgames\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{9A544024-1491-4E36-9CA2-E565E4EB629C}E:\steamgames\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamgames\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{79B32B70-9BF2-4548-8A97-8EA1B5C39C81}] => (Allow) E:\SteamGames\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{D190E8A4-4F5A-41BB-BA65-713E5437D15B}] => (Allow) E:\SteamGames\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{3F330D24-47AC-4674-B2F6-ABC9E2C7FECF}] => (Allow) E:\SteamGames\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{4437664A-703D-41FE-88D1-34A7C4F57FDC}] => (Allow) E:\SteamGames\SteamApps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [TCP Query User{1CE11C8A-49CC-4761-A121-D0E00649D300}E:\tserver\terrariaserver.exe] => (Allow) E:\tserver\terrariaserver.exe
FirewallRules: [UDP Query User{D3AF81FE-3493-4DF0-BAF7-904A98BA0C53}E:\tserver\terrariaserver.exe] => (Allow) E:\tserver\terrariaserver.exe
FirewallRules: [{31C18D42-C074-4696-9DD0-89D78968365C}] => (Block) E:\tserver\terrariaserver.exe
FirewallRules: [{CA5525D6-3984-44D2-9AAC-91A7CF03658A}] => (Block) E:\tserver\terrariaserver.exe
FirewallRules: [TCP Query User{D383C7AF-B06D-493F-A644-9B20D70EFBA5}E:\steamgames\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamgames\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{100BE730-8294-4412-99EC-311F89DCABFA}E:\steamgames\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steamgames\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{1935FEF2-B8F0-43B1-B5B3-C1BBAF1EA92C}] => (Block) E:\steamgames\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{D04F000F-5559-4C32-BE94-C2E8E3A08A17}] => (Block) E:\steamgames\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{26AA186C-821D-493A-82EE-876DF0B27935}] => (Allow) E:\SteamGames\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{23D98F7E-99F6-462E-87DF-82C6598C6C61}] => (Allow) E:\SteamGames\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A9D567F9-9319-402F-BD77-EF3226821989}] => (Allow) E:\SteamGames\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{7867F5D5-D222-4FAE-8418-458B2C85986A}] => (Allow) E:\SteamGames\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{682319C3-CE4D-41A4-8D68-637D69B7DA8B}] => (Allow) E:\SteamGames\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{C578F05E-5FD8-47DA-BC9E-51C16CB2FE42}] => (Allow) E:\SteamGames\SteamApps\common\rust\legacy\rust.exe
FirewallRules: [{32E262DC-6ABD-4498-8164-8DBED7521DE3}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{696A7CE0-5178-4E74-A970-462D5D8F714A}] => (Allow) E:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{14151C66-1EA6-4146-A6CA-4D436C012649}E:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) E:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{26581CD3-5055-4CCE-AA47-BE7EEE4365E6}E:\program files (x86)\origin games\fifa 15\fifa15.exe] => (Allow) E:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{37CB3917-F0A3-46F1-BAD4-B21A13060368}] => (Block) E:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [{452005EE-B2F1-4E20-99A3-F1D1A28529ED}] => (Block) E:\program files (x86)\origin games\fifa 15\fifa15.exe
FirewallRules: [TCP Query User{C33A3EA2-D964-4FDC-8960-E2684F3A043F}E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{EDBCC2AE-A636-4462-91A2-BF9EBAA6CC35}E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{59668B49-964F-4818-905F-EB861160FFC5}] => (Block) E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{03996251-C74D-485B-869D-5AED006D7BC0}] => (Block) E:\steamgames\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{A5229D9E-9005-4D74-9E23-C83CB7E7CA74}] => (Allow) E:\SteamGames\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{9D24311A-EB2A-4BFE-98F2-354C58E97A0D}] => (Allow) E:\SteamGames\SteamApps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{75DAEFD4-7D46-4626-904C-1914CC201CD9}] => (Allow) E:\SteamGames\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{D6434ED5-C53D-48C9-AC43-8D3FD0EEB9B4}] => (Allow) E:\SteamGames\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [TCP Query User{7DCF823E-B6D2-4F99-BFB0-5822E6CB165D}C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{EABCC221-D79A-48B9-887D-25F077722201}C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{A27D3E70-6B72-4650-89F6-667555CDCCAC}] => (Block) C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{782B2D23-360E-4BB0-BC42-BB9EA35C84F5}] => (Block) C:\users\louis\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{70BD550D-1AC2-4716-A239-A6A4A8E1FD4B}] => (Allow) E:\SteamGames\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{D8A2D968-D5E7-49DE-8A37-E50CA793E1D2}] => (Allow) E:\SteamGames\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [TCP Query User{7446B844-19F7-41B1-9178-961677EE37C2}E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe] => (Allow) E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe
FirewallRules: [UDP Query User{F66CAB61-B234-4119-A779-6BC15EAE2671}E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe] => (Allow) E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe
FirewallRules: [{66C8937C-C9E8-4DD2-8057-77E4995A4DDC}] => (Block) E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe
FirewallRules: [{4C4D349C-AC11-4C59-A864-8CC2C776C951}] => (Block) E:\steamgames\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe
FirewallRules: [TCP Query User{1A52DB26-530C-4CC9-9F01-A6A177153B9C}E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{5179B7A4-CECA-465A-B2A4-BDFC13AD9F39}E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{882631FB-6528-4DD8-BF10-C5B21D22CAED}] => (Block) E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{E8079787-2B21-4AA3-B9E5-990E3BF32DAE}] => (Block) E:\steamgames\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{EB6CCFB3-A620-42B3-B067-6A3EBAF842A4}] => (Allow) E:\SteamGames\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{354A49E8-801C-4310-8385-F79207ADEE48}] => (Allow) E:\SteamGames\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [TCP Query User{FFF22A68-FF2E-4EA5-AF2C-CDDFB8F05521}E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{4A1ED484-332B-4AB5-BE8B-B39EC402E357}E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{8F9F6446-B726-410E-94CC-E416C633455B}] => (Block) E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{41E41A96-009B-42BF-B37E-42C97FEE7B03}] => (Block) E:\spiele\d3\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{47251609-8023-4ADC-AE05-49F63A805ED9}] => (Allow) E:\SteamGames\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{C5D251C6-24F5-4597-BFA0-9EEC021B62B1}] => (Allow) E:\SteamGames\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{73EF0628-9783-4714-85A6-9416F2FF0C8C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{0F3A2B7D-88F4-4A9B-9E2B-3F44668D77A3}E:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{98AA2036-4728-47AD-8A82-F6CFFCA4694D}E:\steamgames\steamapps\common\h1z1\h1z1.exe] => (Allow) E:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{808C2812-4B04-438F-827F-6DC6F672214A}] => (Block) E:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{CF86DD0A-022F-47C2-B441-14683D02DD9F}] => (Block) E:\steamgames\steamapps\common\h1z1\h1z1.exe
FirewallRules: [TCP Query User{7E6F92FA-D0D5-40BF-989A-F7542BBA63A0}E:\programme\remotecontorl\remote control server.exe] => (Allow) E:\programme\remotecontorl\remote control server.exe
FirewallRules: [UDP Query User{5F15EC86-32A0-41E2-9682-2196B754EBCF}E:\programme\remotecontorl\remote control server.exe] => (Allow) E:\programme\remotecontorl\remote control server.exe
FirewallRules: [{01D02494-CB68-4480-8982-5B23ED18E7BE}] => (Block) E:\programme\remotecontorl\remote control server.exe
FirewallRules: [{FC7DCFF2-1B60-432A-9826-966A232EE50B}] => (Block) E:\programme\remotecontorl\remote control server.exe
FirewallRules: [{678BF1CD-4CAF-4796-98AA-C6D212B8A3C1}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4218B4F9-2F15-442D-B068-B09621B9CDBB}] => (Allow) C:\Users\Louis\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{38510183-9556-443E-A8D9-F655FEA32091}] => (Allow) E:\SteamGames\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{485EE6F5-B67D-4D94-B824-FEC8D2F2C310}] => (Allow) E:\SteamGames\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{38A8185D-186A-4B54-B4EC-C2546760AC81}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{D0E84EB4-4016-4FBF-BFF8-924FC4B73824}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{C70B57F4-E3ED-4ACC-B826-2B620E41E0F8}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{83331B81-2E57-4FAC-A9E8-DCD2A251D791}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B47548A5-EA03-4F9E-A565-31C0BD84343E}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{CB700204-78AD-4FEA-ABD3-06ACC5FD103F}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{240444E1-12C4-49B8-9BBC-1B9AC9AF3697}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B8DB5AC1-B2E5-4F94-B700-8262FFA5D18D}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{95FBB0DB-A230-4FE1-8F5A-C07DC42DFF8B}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{5E45DEE0-FFB5-43E1-9BAD-E843389B6536}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D04D5B22-A75A-4A40-8C75-EFEF41E778BE}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{ED875B23-2067-46BE-8ABC-AA74857AA0AC}] => (Allow) E:\SteamGames\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{0D5DDB61-A374-4B55-B3FE-26A934CDCDA5}] => (Allow) E:\SteamGames\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{1EE08D56-EE26-4AD4-8F67-6D10E0345DA7}] => (Allow) E:\SteamGames\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{AC699618-77F2-45FE-B8E7-2F62948EE49F}] => (Allow) E:\SteamGames\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{6EEB9F37-6F1B-4199-BA8F-2C94FB596D83}] => (Allow) E:\SteamGames\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{DD935173-A16B-4C90-B860-1F94F9DE44FA}] => (Allow) E:\SteamGames\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{0BE3CAF0-8359-44E5-B13F-2CF165F4CD1D}] => (Allow) E:\SteamGames\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{CEA537E2-A34D-44CD-9051-4F421AE1C44F}] => (Allow) E:\SteamGames\SteamApps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{4DF1B8C3-0D96-44BA-8BC5-19237F618573}] => (Allow) E:\SteamGames\SteamApps\common\H1Z1 King of the Kill\LaunchPad.exe
FirewallRules: [{5E1AD5DB-C0D1-4FC9-88F7-FE77183BACA1}] => (Allow) E:\SteamGames\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{8E827CC6-EFD5-4F5B-8916-A80974194C6F}] => (Allow) E:\SteamGames\SteamApps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{58466937-DE6E-4EFD-982A-2C3311EC93A7}] => (Allow) E:\SteamGames\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4958D231-3E90-48E2-BC21-C01EE543811F}] => (Allow) E:\SteamGames\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FE957369-3100-4B39-A3C6-E5FDA3989938}] => (Allow) E:\SteamGames\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E2127432-995E-440A-80D4-6DD7517CC33D}] => (Allow) E:\SteamGames\SteamApps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{136D4E4E-732F-459B-9544-04082DC61D59}E:\spiele\d3\hearthstone\hearthstone.exe] => (Allow) E:\spiele\d3\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{4D704AB4-73F0-4103-B0AE-73A0D95FB904}E:\spiele\d3\hearthstone\hearthstone.exe] => (Allow) E:\spiele\d3\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{EE27C8C8-19AE-4BAF-BAA0-0FEEFAD571F4}E:\spiele\d3\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) E:\spiele\d3\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [UDP Query User{0BBEDBA3-779D-413F-BAD0-FD469E3ED436}E:\spiele\d3\starcraft ii\versions\base39576\sc2_x64.exe] => (Allow) E:\spiele\d3\starcraft ii\versions\base39576\sc2_x64.exe
FirewallRules: [{AD7584E3-4A3D-402B-AD9B-A0EAA9C9EE5F}] => (Allow) E:\SteamGames\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{2A77B5C1-9E85-42DC-8C6D-BAB155E6B630}] => (Allow) E:\SteamGames\SteamApps\common\Broforce\Broforce_beta.exe
FirewallRules: [{6F278A44-7EBF-48D3-A062-02F78B3C8477}] => (Allow) E:\SteamGames\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{A7304C17-9CD2-4E5E-99BA-A121C08E93DB}] => (Allow) E:\SteamGames\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{9D5DD2CD-A695-4AB0-BE0A-E54A1C753FC0}] => (Allow) E:\SteamGames\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{554CDE1A-DECE-4581-8972-B995EB8F02E2}] => (Allow) E:\SteamGames\SteamApps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [TCP Query User{0E5030A2-1E92-4390-BA29-7984CBD9391E}E:\steamgames\steamapps\common\magicite\magicite.exe] => (Allow) E:\steamgames\steamapps\common\magicite\magicite.exe
FirewallRules: [UDP Query User{034614DD-01C0-4612-B5EA-B505966E9E88}E:\steamgames\steamapps\common\magicite\magicite.exe] => (Allow) E:\steamgames\steamapps\common\magicite\magicite.exe
FirewallRules: [TCP Query User{54721B22-00C3-443E-8317-8E9BB183D07E}E:\programme\java\bin\javaw.exe] => (Allow) E:\programme\java\bin\javaw.exe
FirewallRules: [UDP Query User{F6A860DB-44D4-4996-B1EF-DBDC6A63383A}E:\programme\java\bin\javaw.exe] => (Allow) E:\programme\java\bin\javaw.exe
FirewallRules: [TCP Query User{FDF55B56-2943-46ED-BAF3-11360D7306C4}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{416CA36D-36DE-4B73-B44F-BF229D371EC1}E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) E:\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A5A0950A-0CD1-4F8F-A85C-B7ED90AE0A70}C:\users\louis\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\louis\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C32314B8-614F-434E-AB2B-0D1475B9EF4A}C:\users\louis\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\louis\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E18F2BF4-1019-4FDF-9F80-C6C9CAB0FDE8}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{F4EF2967-C9D0-48C4-9FCB-F0210EBA5D67}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exe
FirewallRules: [{8688859D-A0B3-4AB5-819E-EF2DAF4A3C83}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{1DD6E79F-14FE-4356-937C-86338AA95969}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ArmA2OA.exe
FirewallRules: [{637F71C0-D1F3-44E1-8820-92026B89D478}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{9320061F-37CD-4301-9354-DBCBFB6377EA}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{BBFDB5C4-0B15-43FE-80D6-6B6F7F8FF789}] => (Allow) E:\SteamGames\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{D034F61C-FD66-41B8-B41E-31B45085C574}] => (Allow) E:\SteamGames\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{D5B0683F-B53D-4EA8-94FB-F01718FB4ACF}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ARMA2OASERVER.exe
FirewallRules: [{968A7E31-3972-467B-88AE-A4A21ED32526}] => (Allow) E:\SteamGames\SteamApps\common\Arma 2 Operation Arrowhead\ARMA2OASERVER.exe
FirewallRules: [{DCE900EE-096E-420D-8039-BFA23159C887}] => (Allow) E:\SteamGames\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{1F251424-10F9-41BC-8011-06AFFE41756B}] => (Allow) E:\SteamGames\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{AC40F513-8EE3-4DBE-9F0B-9F0EDF3DBFA3}E:\steamgames\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) E:\steamgames\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{76018472-89E4-4F89-A78F-9C4AB276DDBE}E:\steamgames\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) E:\steamgames\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{D9637330-F8A1-4D3A-B0CD-67DC2EAD1B74}] => (Allow) E:\Programme\qbittorrent\qbittorrent.exe
FirewallRules: [{876D399D-4E17-437A-97AC-56FADAF7AB8B}] => (Allow) E:\Programme\qbittorrent\qbittorrent.exe
FirewallRules: [{22262A68-C56D-465F-B7BF-ACB54B34A1E4}] => (Allow) E:\SteamGames\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{F0BBDD0E-155C-4A14-BC4C-84FA6B145FD5}] => (Allow) E:\SteamGames\SteamApps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{F7ACFC65-E933-4C9E-9D16-06863779C2FC}] => (Allow) E:\SteamGames\SteamApps\common\x3 terran conflict\X3AP.exe
FirewallRules: [{20E2F59C-8489-43EB-93B4-9C548152B8CE}] => (Allow) E:\SteamGames\SteamApps\common\x3 terran conflict\X3AP.exe
FirewallRules: [{49B40031-68EE-4C56-A10B-207190F3EE9E}] => (Allow) E:\SteamGames\SteamApps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{54883CD7-9C6F-4439-929D-D34BB236954E}] => (Allow) E:\SteamGames\SteamApps\common\Endless Sky\EndlessSky.exe
FirewallRules: [{BB8166EE-0190-4989-A03D-DBA2122E6562}] => (Allow) E:\SteamGames\SteamApps\common\Teeworlds\teeworlds.exe
FirewallRules: [{0FB918B6-7E1A-40BC-8487-84EC5E303EFD}] => (Allow) E:\SteamGames\SteamApps\common\Teeworlds\teeworlds.exe
FirewallRules: [{251B81C2-D3E7-4BD8-A555-13467B9BBF5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{36835CE1-A2E6-44E3-8257-A9836CB6C661}] => (Allow) E:\SteamGames\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{37F47423-6C0D-4CA0-B98E-08B4BEBFF225}] => (Allow) E:\SteamGames\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2016 06:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0x1e24
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3
Vollständiger Name des fehlerhaften Pakets: LCore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LCore.exe5

Error: (04/18/2016 04:06:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUIS)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/18/2016 12:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0x9e4
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3
Vollständiger Name des fehlerhaften Pakets: LCore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LCore.exe5

Error: (04/18/2016 10:40:58 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/17/2016 06:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0x1ba8
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3
Vollständiger Name des fehlerhaften Pakets: LCore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LCore.exe5

Error: (04/16/2016 09:27:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0x19dc
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3
Vollständiger Name des fehlerhaften Pakets: LCore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LCore.exe5

Error: (04/16/2016 09:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUIS)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/16/2016 03:55:16 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/16/2016 03:07:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/15/2016 02:41:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCore.exe, Version: 8.57.145.0, Zeitstempel: 0x543d6bf8
Name des fehlerhaften Moduls: Qt5Network.dll, Version: 5.1.1.0, Zeitstempel: 0x53695429
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000078280
ID des fehlerhaften Prozesses: 0x21fc
Startzeit der fehlerhaften Anwendung: 0xLCore.exe0
Pfad der fehlerhaften Anwendung: LCore.exe1
Pfad des fehlerhaften Moduls: LCore.exe2
Berichtskennung: LCore.exe3
Vollständiger Name des fehlerhaften Pakets: LCore.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LCore.exe5


System errors:
=============
Error: (04/19/2016 10:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NovaPdfServer" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (04/19/2016 10:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "lemsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/19/2016 10:10:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\lemsgt.sys

Error: (04/19/2016 10:10:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "hwpsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (04/19/2016 10:10:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\hwpsgt.sys

Error: (04/19/2016 10:09:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Access_4555b8b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (04/19/2016 10:09:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "User Data Storage_4555b8b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (04/19/2016 10:09:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Contact Data_4555b8b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (04/19/2016 10:09:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sync Host_4555b8b" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Restart the service.

Error: (04/19/2016 10:09:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
  Date: 2016-04-14 22:17:34.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 12:33:50.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 21:15:37.037
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 14:31:22.496
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 21:04:59.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 17:30:34.530
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-10 13:28:35.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 13:19:02.450
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 21:20:59.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 12:47:38.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz
Percentage of memory in use: 38%
Total physical RAM: 8120.58 MB
Available physical RAM: 4978.11 MB
Total Virtual: 10424.58 MB
Available Virtual: 6830.4 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:111.35 GB) (Free:47.33 GB) NTFS
Drive e: (HDD) (Fixed) (Total:931.41 GB) (Free:203.02 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2FB15915)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 2FB1591D)
Partition 1: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
         
__________________


Alt 20.04.2016, 11:30   #3
Bootsektor
Ruhe in Frieden
† 2019
 
Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren. - Standard

Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.





Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Ja, da läuft noch was. Ich brauch da weitere Logs und eines von aussen, danke.

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Schritt 2Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________
__________________

Antwort

Themen zu Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.
.dll, antivirus, avast, browser, defender, explorer, flash player, google, homepage, installation, launch, neustart, nvidia, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, trojaner, ublock, ublock origin, viren, virus, windows, windowsapps, winlogon.exe




Ähnliche Themen: Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren.


  1. Trojan.Agent und Backdoor.Agent eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (18)
  2. Trojanerproblem : Backdoor.Agent und Trojaner.Agent
    Log-Analyse und Auswertung - 06.06.2013 (8)
  3. Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?
    Log-Analyse und Auswertung - 05.03.2013 (18)
  4. Backdoor.Agent.TRJ
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (19)
  5. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  6. Trojan.Banker und Backdoor.Agent mit Malwarebytes entfernt - weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  7. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (16)
  8. 95.com und Backdoor.Agent
    Log-Analyse und Auswertung - 09.01.2012 (3)
  9. 3xBackdoor.Bot, 2xTrojan.Backdoor und 1xBifrose.Trace entfernt(?) dennoch Probleme
    Plagegeister aller Art und deren Bekämpfung - 21.12.2010 (11)
  10. Backdoor Agent b
    Log-Analyse und Auswertung - 17.01.2008 (5)
  11. Backdoor BDS/Agent.AY
    Plagegeister aller Art und deren Bekämpfung - 28.12.2005 (14)
  12. backdoor agent
    Log-Analyse und Auswertung - 14.10.2005 (45)
  13. Backdoor.Agent.bg
    Log-Analyse und Auswertung - 13.07.2005 (2)
  14. Backdoor.Agent
    Plagegeister aller Art und deren Bekämpfung - 23.08.2004 (1)
  15. Backdoor.Agent.B
    Plagegeister aller Art und deren Bekämpfung - 21.08.2004 (1)
  16. backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 08.08.2004 (8)
  17. Backdoor.agent.b
    Plagegeister aller Art und deren Bekämpfung - 28.07.2004 (1)

Zum Thema Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren. - Hallo, ich habe mir vor einigen Tage durch Dummheit und Schlafmangel einen Trojaner eingefangen, da ich unvorsichtig war. Mir kam das dann doch komisch vor und ich habe mit Malwarebytes - Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren....
Archiv
Du betrachtest: Backdoor.Agent.TRJ und Backdoor.Agent.MS entfernt, dennoch kurzer CMD Start beim Hochfahren. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.