Windows 10 Pro - Trojan.FakeMS.ED

Ladekabel612 · 08.12.2016, 23:13

Komisch, dass ich mich hier mal wiederfinde in der Sektion

Jedenfalls, nach dem ich von Malwarebytes 2 auf 3 gegangen bin, wurde komischerweise direkt was von Malwarebytes gefunden, n' Trojan.FakeMS.ED. Nach dem mir die Automatisierte Planung ständig in den Bedrohungssuchlauf gegretscht ist, hab ich den Ordner manuell ausfindig machen können und einen Benutzerdefinierten-Scan machen können.

Zu erst mal MBAM:

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 08.12.16
Scan-Zeit: 22:37
Protokolldatei: 
Administrator: Ja

-Softwaredaten-
Version: 3.0.4.1269
Komponentenversion: 1.0.39
Version des Aktualisierungspakets: 1.0.659
Lizenz: Premium in der Toleranzperiode

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: COMPUTER-128234\Tygan

-Scan-Übersicht-
Scan-Typ: Benutzerdefinierter Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 114
Abgelaufene Zeit: 4 Min., 23 Sek.

-Scan-Optionen-
Speicher: Deaktiviert
Start: Deaktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
Trojan.FakeMS.ED, C:\PROGRAMDATA\PACKAGE CACHE\{B03A77CC-DD66-8A71-731F-6D883E090273}V10.1.14393.0\INSTALLERS\74654E0595E05A162C50D9F696C4F0B1.CAB, Keine Aktion durch Benutzer, [1215], [70644],1.0.659

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

ESET gibt nur ein Leserlichen Log im XML Format raus, im .txt format, ist das quasi nicht zu gebrauchen, ESET fand aber nichts.

FRST:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by SYSTEM (administrator) on COMPUTER-128234 (08-12-2016 22:52:35)
Running from C:\Users\Tygan\Desktop
Loaded Profiles: Tygan &  (Available Profiles: Tygan & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\puush\puush.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Farbar) C:\Users\Tygan\Desktop\EnglishFRST64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NetSpeedMonitor] => "C:\Program Files\NetSpeedMonitor\nsmc.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-14] (InstallShield Software Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2779136 2016-06-11] (Dominik Reichl)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKLM Group Policy restriction on software: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy <====== ATTENTION
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-05-30] ()
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Discord] => C:\Users\Tygan\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [pCloud] => C:\Program Files (x86)\pCloud Drive\pCloud.exe
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\RunOnce: [Uninstall C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338376\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212450725\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456406\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221151456\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223138043\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338737\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212451795\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456661\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221157811\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223140317\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
SSODL: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\system32\cbfsMntNtf6.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6 - {73F8D53A-4E1F-4434-A7D0-7C1E3B50BB78} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_d1739.dll No File
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_d1739.dll No File
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_d1739.dll No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {36A9E202-9EBD-4037-9EC8-9403A1FE827B} => C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll [2016-06-13] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100M Genie.lnk [2016-07-10]
ShortcutTarget: NETGEAR WNA3100M Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{e4d82f0f-ecda-424f-875d-91bc841b06cd}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f2c76c85-8df8-4ee3-a794-c760b75c17ca}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-624198674-977653023-2037852723-1021\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721 -> DefaultScope {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721 -> {CD28C5AB-6B7C-4A80-B791-6F9099DE1CEE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome: 
=======
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tygan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-04-05] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2770312 2016-11-26] (ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [316120 2014-08-18] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALSysIO; C:\Users\Tygan\AppData\Local\Temp\ALSysIO64.sys [35320 2016-12-08] (Arthur Liberman)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-06-13] (EldoS Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-09-17] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-09-17] (Disc Soft Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [262792 2016-11-26] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199304 2016-11-26] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2016-06-23] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [197248 2016-11-26] (ESET)
R2 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [181384 2016-11-26] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-08] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3859704 2015-10-16] (Realtek Semiconductor Corporation                           )
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [198248 2016-08-01] (IDRIX)
R3 vpnpbus; C:\WINDOWS\System32\drivers\vpnpbus.sys [18624 2016-06-13] (EldoS Corporation)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 22:52 - 2016-12-08 23:00 - 00037615 _____ C:\Users\Tygan\Desktop\FRST.txt
2016-12-08 22:52 - 2016-12-08 22:52 - 00000000 ____D C:\Users\Tygan\Desktop\FRST-OlderVersion
2016-12-08 22:50 - 2016-12-08 22:52 - 00000000 ____D C:\FRST
2016-12-08 22:02 - 2016-12-08 22:02 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\27A57000.sys
2016-12-08 22:00 - 2016-12-08 22:00 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\191B6EAC.sys
2016-12-08 20:58 - 2016-12-08 22:02 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-08 20:57 - 2016-12-08 22:02 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-08 20:57 - 2016-12-08 22:02 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-08 20:57 - 2016-12-08 20:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-08 20:57 - 2016-12-08 20:57 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-08 20:57 - 2016-12-08 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-08 20:57 - 2016-12-08 20:57 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-08 20:57 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-08 20:54 - 2016-12-08 20:56 - 51969976 _____ (Malwarebytes ) C:\Users\Tygan\Desktop\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 13:03 - 2016-12-08 13:03 - 00000022 _____ C:\WINDOWS\S.dirmngr
2016-12-08 13:03 - 2016-12-08 13:03 - 00000000 ____H C:\ProgramData\cm-lock
2016-12-08 03:39 - 2016-12-08 03:39 - 00000037 _____ C:\Users\Tygan\Desktop\Witcher 3 #048 Gronkh.txt
2016-12-07 00:23 - 2016-12-07 13:57 - 00000000 ____D C:\Users\Tygan\Downloads\16979910
2016-12-07 00:23 - 2016-12-07 00:23 - 00527677 _____ C:\Users\Tygan\Downloads\16979910.zip
2016-12-06 23:10 - 2016-12-06 23:10 - 00003319 _____ C:\Users\Tygan\Desktop\Sophiesbye.txt
2016-12-06 21:53 - 2016-12-06 21:53 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-06 02:54 - 2016-12-08 03:39 - 00000037 _____ C:\Users\Tygan\Desktop\Witcher 3 #025 Gronkh.txt
2016-12-05 16:58 - 2016-12-05 16:58 - 05202504 _____ (WiseCleaner.com ) C:\Users\Tygan\Downloads\WDCFree933.exe
2016-12-04 01:27 - 2016-12-04 01:27 - 00109187 _____ C:\Users\Tygan\Downloads\16979910.7z
2016-12-04 00:01 - 2016-12-04 00:02 - 00002870 _____ C:\Users\Tygan\Desktop\FSS.txt
2016-12-03 21:57 - 2016-12-03 21:57 - 03598460 _____ C:\Users\Tygan\Downloads\The Chain Gang of 1974 - Sleepwalking
2016-12-03 00:15 - 2016-12-03 00:16 - 41221640 _____ C:\Users\Tygan\Downloads\Alan Walker - Alone.mp4
2016-12-02 01:48 - 2016-12-02 01:48 - 06052902 _____ C:\Users\Tygan\Downloads\drive-download-20161202T004756Z.zip
2016-12-02 01:15 - 2016-12-02 01:15 - 38837557 _____ C:\Users\Tygan\Downloads\Bruno Mars - Just The Way You Are - Auf Deutsch_.mp4
2016-11-30 23:11 - 2016-11-30 23:12 - 58232286 _____ C:\Users\Tygan\Downloads\Faith No More - Everythings Ruined (Official Music Video).mp4
2016-11-30 00:42 - 2016-11-30 01:01 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\TS3Client
2016-11-30 00:42 - 2016-11-30 00:42 - 00001291 _____ C:\Users\Tygan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-11-29 23:22 - 2016-11-29 23:22 - 39014390 _____ C:\Users\Tygan\Documents\29-11-2016.reg
2016-11-29 22:23 - 2016-11-29 22:27 - 72565550 _____ C:\Users\Tygan\Downloads\Ubi30 Exclusive GIF.zip
2016-11-29 22:23 - 2016-11-29 22:25 - 19590284 _____ C:\Users\Tygan\Downloads\Exclusive Digital Posters from E3 2016.zip
2016-11-29 22:23 - 2016-11-29 22:25 - 14521411 _____ C:\Users\Tygan\Downloads\Ubi30 360 Image.zip
2016-11-29 22:21 - 2016-11-29 22:21 - 11044981 _____ C:\Users\Tygan\Downloads\For Honor GIFs.zip
2016-11-29 00:09 - 2016-12-06 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-11-28 19:48 - 2016-11-28 19:48 - 00217645 _____ (Igor Pavlov) C:\Users\Tygan\Desktop\Sophie-20161128T020837Z.exe
2016-11-28 02:54 - 2016-11-28 21:05 - 00000000 ____D C:\Users\Tygan\Desktop\Linux
2016-11-28 02:32 - 2016-12-02 01:38 - 00000000 ____D C:\Users\Tygan\Desktop\ToDoEncrypt
2016-11-28 02:22 - 2016-12-02 01:40 - 00000000 ____D C:\Users\Tygan\Desktop\GPG Encrypted - WICHTIG
2016-11-27 16:38 - 2016-11-27 16:38 - 00075345 _____ C:\Users\Tygan\Downloads\Stromverbrauch2016-27-11-16.pdf
2016-11-27 00:51 - 2016-12-02 01:17 - 00001237 _____ C:\Users\Tygan\Desktop\Systemrechte.lnk
2016-11-27 00:44 - 2016-11-27 00:44 - 00003656 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-11-27 00:41 - 2016-11-27 00:41 - 00000000 ____D C:\Users\Tygan\Desktop\PSTools
2016-11-24 23:55 - 2016-11-24 23:55 - 01725970 _____ C:\Users\Tygan\Documents\Beheben von Netzwerkproblemen in Windows 10.pdf
2016-11-24 23:50 - 2016-11-24 23:50 - 00000343 _____ C:\Users\Tygan\Documents\Falls-Internet-Probleme-Dann-Das.txt
2016-11-21 23:52 - 2016-11-22 02:14 - 00000000 ____D C:\Users\Tygan\Desktop\Aggro Berlin
2016-11-20 21:31 - 2016-11-20 21:31 - 00000000 ____D C:\Users\Tygan\Documents\[factorio.su]Factorio_x32-x64_0.14.19
2016-11-20 21:21 - 2016-11-20 21:21 - 00972520 _____ C:\Users\Tygan\Documents\air-filtering_0.4.3.zip
2016-11-20 21:18 - 2016-11-20 21:30 - 354873188 _____ C:\Users\Tygan\Documents\[factorio.su]Factorio_x32-x64_0.14.19.zip
2016-11-20 00:37 - 2016-11-20 00:37 - 00375432 _____ C:\Users\Tygan\AppData\Roaming\1.7z
2016-11-19 19:42 - 2016-11-19 19:42 - 00446859 _____ C:\Users\Tygan\Downloads\Optimierung_der_Ressourcenproduktion_3.0.ods
2016-11-19 12:57 - 2016-12-02 03:15 - 00000000 ____D C:\Users\Tygan\AppData\LocalLow\Mozilla
2016-11-19 00:05 - 2016-11-19 00:05 - 00548898 _____ C:\Users\Tygan\Documents\bookmarks_19.11.16-Google-Chrome.html
2016-11-19 00:05 - 2016-11-19 00:05 - 00018432 ___SH C:\Users\Tygan\Desktop\Thumbs.db
2016-11-17 12:45 - 2016-11-17 12:46 - 00001534 _____ C:\Users\Tygan\Downloads\W10-Explorer-OneDrive.zip
2016-11-14 17:30 - 2016-11-14 17:36 - 00000000 ____D C:\Users\Tygan\Documents\ANDROID SD
2016-11-14 16:57 - 2016-11-14 17:20 - 00000000 ____D C:\Users\Tygan\Documents\MICROSD
2016-11-14 14:27 - 2016-11-22 01:54 - 00000000 ____D C:\Users\Tygan\Documents\WhatsApp123
2016-11-14 14:24 - 2016-11-14 14:25 - 00000000 ____D C:\Users\Tygan\Desktop\dcim
2016-11-14 14:23 - 2016-11-14 14:23 - 00000000 ____D C:\Users\Tygan\Documents\Telegram
2016-11-13 12:08 - 2016-11-13 18:53 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\dvdcss
2016-11-12 17:48 - 2016-11-12 18:23 - 2332804018 _____ (Igor Pavlov) C:\Users\Tygan\Desktop\Eigene Bilder.exe
2016-11-12 17:37 - 2016-11-19 00:05 - 00000000 ____D C:\Users\Tygan\Documents\Eigene Bilder2
2016-11-12 16:19 - 2016-11-12 16:20 - 00069670 _____ C:\Users\Tygan\Documents\Anschreiben.pdf
2016-11-12 16:13 - 2016-11-12 16:13 - 00023010 _____ C:\Users\Tygan\Documents\Lebenslauf Jendrik.pdf
2016-11-12 14:23 - 2016-11-12 16:20 - 00018179 _____ C:\Users\Tygan\Documents\Anschreiben.odt
2016-11-12 04:42 - 2016-11-12 04:42 - 33851708 _____ C:\Users\Tygan\Downloads\Sophie -Tygan.zip
2016-11-11 01:40 - 2016-11-11 01:41 - 00899584 _____ (Farbar) C:\Users\Tygan\Desktop\FSS.exe
2016-11-09 15:31 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 15:31 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 15:31 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 15:31 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 15:31 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 15:31 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 15:31 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 15:31 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 15:31 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 15:31 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 15:31 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 15:31 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 15:31 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 15:31 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 15:31 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 15:31 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 15:31 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 15:31 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 15:31 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 15:31 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 15:31 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 15:31 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 15:31 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 15:31 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 15:31 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 15:31 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 15:31 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 15:31 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 15:31 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 15:31 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 15:31 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 15:31 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 15:31 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 15:31 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 15:31 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 15:31 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 15:31 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 15:31 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 15:31 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 15:31 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 15:31 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 15:31 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 15:31 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 15:31 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 15:31 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 15:31 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 15:31 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 15:31 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 15:31 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 15:31 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 15:31 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 15:30 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 15:30 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 15:30 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 15:30 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 15:30 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 15:30 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 15:30 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 15:30 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 15:30 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 15:30 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 15:30 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 15:30 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 15:30 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 15:30 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 15:30 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 15:30 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 15:30 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 15:30 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 15:30 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 15:30 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 15:30 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 15:30 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 15:30 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 15:30 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 15:30 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 15:30 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 15:30 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 15:30 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 15:30 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 15:30 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 15:30 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 15:30 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 15:30 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 15:30 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 15:30 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 15:30 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 15:30 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 15:30 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 15:30 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 15:30 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 15:30 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 15:30 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 15:30 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 15:30 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 15:30 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 15:30 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 15:30 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 15:30 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 15:30 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 15:30 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 15:30 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 15:30 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 15:30 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-09 15:23 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 15:23 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 15:23 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 15:23 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 15:23 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 15:23 - 2016-11-02 11:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-09 15:23 - 2016-11-02 11:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-09 15:23 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 15:23 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 15:23 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 15:23 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 15:23 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 15:23 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 15:23 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 15:23 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 15:23 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 15:23 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 15:23 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 15:23 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 15:23 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 15:23 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 15:23 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 15:23 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 15:23 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 15:23 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 15:23 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 15:23 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 15:23 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 15:23 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 15:23 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 15:23 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 15:23 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 15:23 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 15:23 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 15:23 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 15:23 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 15:22 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 15:22 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 15:22 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 15:22 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 15:22 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 15:22 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 15:22 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 15:22 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 15:22 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 15:22 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 15:22 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 15:22 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 15:22 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 15:22 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 15:22 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 15:22 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 15:22 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 15:22 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 15:22 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 15:22 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 15:22 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 15:22 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 15:22 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 15:22 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 15:22 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 15:22 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 15:22 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 15:22 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 15:22 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 15:22 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 15:22 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 15:22 - 2016-11-02 11:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-09 15:22 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 15:22 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 15:22 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 15:22 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 15:21 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 15:21 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 15:21 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 15:21 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 15:21 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 15:21 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 15:21 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 15:21 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 15:21 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 15:21 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 15:21 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-08 21:56 - 2016-12-08 22:51 - 02420224 _____ (Farbar) C:\Users\Tygan\Desktop\EnglishFRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 22:59 - 2016-04-16 16:34 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\vlc
2016-12-08 22:52 - 2016-04-04 22:35 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\Skype
2016-12-08 21:19 - 2016-08-03 15:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-08 20:57 - 2016-01-22 14:31 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-08 20:57 - 2014-11-03 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-08 14:26 - 2016-08-03 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-08 13:10 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-08 13:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-08 13:03 - 2016-08-03 16:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-08 03:46 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-08 03:46 - 2016-07-16 07:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-07 16:33 - 2016-07-05 21:02 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\KeePass
2016-12-07 12:51 - 2016-08-03 15:56 - 00633360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-06 21:54 - 2016-07-25 14:39 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-06 21:53 - 2016-05-29 22:53 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\TeamViewer
2016-12-06 19:57 - 2016-07-05 20:57 - 00000000 ___DC C:\Users\Tygan\Documents\My Safes
2016-12-06 12:57 - 2014-11-05 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 12:33 - 2016-09-10 16:54 - 00001274 _____ C:\Users\Tygan\Desktop\Uplay.lnk
2016-12-04 11:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 23:50 - 2016-06-10 16:51 - 00000000 ___DC C:\Users\Tygan\Documents\GTA SA RAR Daten
2016-12-03 19:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-02 12:25 - 2016-08-25 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 03:03 - 2016-06-22 13:59 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\gnupg
2016-11-30 16:48 - 2016-10-30 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-11-30 16:48 - 2016-10-30 22:06 - 00000000 ____D C:\ProgramData\Origin
2016-11-28 21:43 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-26 12:55 - 2016-11-05 03:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-11-26 12:55 - 2016-11-05 03:07 - 00000000 ____D C:\Program Files\Core Temp
2016-11-26 12:47 - 2016-06-23 13:31 - 00262792 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00199304 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00197248 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-11-26 12:47 - 2016-06-23 13:31 - 00181384 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfpr.sys
2016-11-26 12:43 - 2014-12-02 18:36 - 00000000 ____D C:\WINDOWS\pss
2016-11-26 12:34 - 2016-09-11 00:31 - 00000000 ___HD C:\$SysReset
2016-11-26 12:34 - 2016-04-05 13:15 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\puush
2016-11-26 12:34 - 2016-01-20 12:47 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-11-26 12:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-24 13:34 - 2016-07-22 11:30 - 00000000 ____D C:\ProgramData\VMware
2016-11-22 22:34 - 2016-04-04 22:51 - 00006056 __RSH C:\ProgramData\ntuser.pol
2016-11-22 01:54 - 1970-01-01 01:00 - 00000000 ___DC C:\Users\Tygan\Documents\WhatsApp
2016-11-20 00:49 - 2016-05-18 15:56 - 00000000 ____D C:\Users\Tygan\AppData\Roaming\FileZilla
2016-11-19 05:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-19 01:55 - 2015-01-29 10:11 - 00146528 _____ (NirSoft) C:\Users\Tygan\Desktop\BlueScreenView.exe
2016-11-14 22:57 - 2016-01-22 23:25 - 00002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 22:57 - 2016-01-22 23:25 - 00002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 13:04 - 2015-07-29 17:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 04:14 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 04:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 22:49 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 21:13 - 2014-01-23 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 21:06 - 2014-01-23 19:41 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2016-12-08 13:03 - 2016-12-08 13:03 - 0000000 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-30 00:00

==================== End of FRST.txt ============================

Addition kommt als dritter Beitrag.

Tician · 09.12.2016, 01:12

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Ladekabel612 · 09.12.2016, 01:40

Kein Ding.

Ich poste dir hier noch die Addition, wie oben geschrieben:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by SYSTEM (08-12-2016 23:05:34)
Running from C:\Users\Tygan\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-03 15:38:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-624198674-977653023-2037852723-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-624198674-977653023-2037852723-503 - Limited - Disabled)
Gast (S-1-5-21-624198674-977653023-2037852723-501 - Limited - Disabled)
--- (S-1-5-21-624198674-977653023-2037852723-1035 - Administrator - Enabled)
Tygan (S-1-5-21-624198674-977653023-2037852723-1021 - Administrator - Enabled) => C:\Users\Tygan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET NOD32 Antivirus 9.0.408.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.408.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7art Fluorescent Clock © 7art-screensavers.com (HKLM-x32\...\7art Fluorescent Clock Screensaver_is1) (Version: 3.1 - 7art-screensavers.com)
7art Radiating Clock © 7art-screensavers.com (HKLM-x32\...\7art Radiating Clock Screensaver_is1) (Version: 3.1 - 7art-screensavers.com)
7art-ScreenSavers-Manager © 7art-screensavers.com (HKLM-x32\...\7art-ScreenSavers-Manager_is1) (Version: 4 - 7art-screensavers.com SoftWare Development Studio)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Core Temp 1.5.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.5.1 - ALCPU)
CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Emergency 4 (HKLM-x32\...\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}) (Version: 1.02.001 - )
ESET NOD32 Antivirus (HKLM\...\{6A816859-EC01-43F5-9EE2-B3B168CC52CB}) (Version: 9.0.386.1 - ESET, spol. s r.o.)
Factorio version 0.12.3 (HKLM\...\Factorio_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gpg4win (2.3.1) (HKLM-x32\...\GPG4Win) (Version: 2.3.1 - The Gpg4win Project)
Grand Theft Auto III (HKLM-x32\...\Steam App 12100) (Version:  - Rockstar Games)
Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
KeePass Password Safe 2.34 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.34 - Dominik Reichl)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
LibreOffice 5.1.6.2 (HKLM-x32\...\{3D18F833-5EEE-4221-96CE-BC9488780EE3}) (Version: 5.1.6.2 - The Document Foundation)
MAGIX Movie Edit Pro 2016 Premium (HKLM\...\MX.{0E64129B-4258-44B9-8034-464C6E28878D}) (Version: 15.0.0.73 - MAGIX Software GmbH)
MAGIX Movie Edit Pro 2016 Premium (Version: 15.0.0.73 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2016 Premium Update (Version: 15.0.0.77 - MAGIX Software GmbH) Hidden
Malwarebytes Version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 50.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 de)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.5.1 (x86 de)) (Version: 45.5.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.2.0.6 - NETGEAR)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version:  - Firaxis Games)
Sid Meier's Civilization IV (HKLM\...\Steam App 3900) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Colonization (HKLM\...\Steam App 16810) (Version:  - Firaxis Games)
Sid Meier's Civilization IV: Warlords (HKLM\...\Steam App 3990) (Version:  - Firaxis Games)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steuer 2015 (HKLM-x32\...\{E262CD3B-8825-4D56-AEF1-5E127F2FBB05}) (Version: 23.00.1146 - Buhl Data Service GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.17 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMware Workstation (HKLM\...\{F4C0A853-FA3B-4404-954B-799299EB5A98}) (Version: 12.1.1 - VMware, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-624198674-977653023-2037852723-1021_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {077D9730-A325-418A-A370-8FDB2AB69740} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {0925C293-A417-4212-97B6-79AA19FA7961} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B75604B-9502-4A48-ADE3-1237E2FBF078} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0CD77EEF-77A1-4F93-BB9B-E9200CE7EDD2} - System32\Tasks\{D5006F34-817C-4DE0-877C-FFF62AEC3502} => pcalua.exe -a D:\AUTORUN.EXE -d D:\
Task: {15D635DD-27BD-4CBB-8FF7-667CA955FEB0} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {1E24BA0C-A9C7-4EB3-B9FC-80BA2F51F025} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2010C5A7-AB3A-49B1-9C74-87670E1563B1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {28F380A0-0DF8-4D51-B386-871F732C952C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {2AC1ADE9-DD33-422E-A1CB-A893D6A0AC4D} - System32\Tasks\{9C213DAE-C246-4484-90F4-704E34947FA1} => pcalua.exe -a D:\setup.exe -d D:\
Task: {34150056-E698-4C15-A124-37E8DE1AC7C7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {40237349-3DDE-4B82-8440-23FA248D5599} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {5403244C-E898-4F08-895E-F3CA03F79136} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5653A8BA-5766-4972-AFE4-6AF986F39A5A} - System32\Tasks\{A1C0E21F-C04B-4D7F-A3C7-F4A887B38845} => pcalua.exe -a "C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe" -d "C:\Program Files (x86)\ESET\ESET Online Scanner"
Task: {565763B7-74CD-4027-9408-72B0647956E7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56F31CE6-6542-4ED2-AD8A-6B1BDE758A4B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5804C292-C77C-4BA6-A77B-687BCA77E37D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5ACFA180-BE93-4757-A600-57A61FE79EDC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {66666BC5-008A-46A1-96D6-285393AE992E} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMPMOJMMGMJJIMJMLJCNOJHMPMNJCNLMGMGMGMCNGMOMHMKMCNGMLMNMJJLMGMOJJMMMLJKJMMJNJICMIMCNGMCNOMNMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMNMHMJNHICMEKMICNJJCKJNBJCMDLKJCJPMLIHJJNKJCMJNNICMJNDJCMLJKJJNMJCMPMFMPMFMPMJNFI (the data entry has 29 more characters).
Task: {6670D31E-C371-47EA-AEBC-DFCB51D7B4B5} - System32\Tasks\Sperrbildschirm => add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData /t REG_DWORD /v AllowLockScreen /d 0 /f
Task: {6B947FBC-CBFA-49C1-BE7A-76A0EEA3F402} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {79A51A49-477E-4F5F-8156-0AC3B0B6EE79} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7D2FC676-CC2E-44B0-820F-C92183A172FF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8C74191A-5503-44AD-8270-915C52BBC428} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {90633838-3B10-43F0-BC61-5C8504498795} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {90AFBFCB-A5D9-4CA2-A58A-95CFFE3A4C90} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {92ED629F-603B-4D58-A644-04F7BB98D4C8} - System32\Tasks\Core Temp Autostart Tygan => C:\Program Files\Core Temp\Core Temp.exe [2016-11-22] ()
Task: {948C723C-F96E-4B20-A39A-9FBCBE0F5F2F} - System32\Tasks\avastBCLRestartS-1-5-21-624198674-977653023-2037852723-1003 => Firefox.exe 
Task: {9958AC97-9AE4-4593-BC43-0FC982D5E833} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B052FB7-4425-490E-BC1E-4E7554AD627D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {9EEF6C19-6405-4416-B34E-A560701B7380} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A03E5801-CB80-4C0C-A0E8-F73C97F59AEB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {A97FEBFA-8C43-4447-B21D-C6897DA374E4} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {AA43015D-35A1-43C5-BE5E-A138B79B3AF1} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B6E6AFBA-338C-44F1-B2A5-FBD198DEC00C} - System32\Tasks\{A4058700-9B97-4117-8851-8B6C3C211F42} => pcalua.exe -a C:\Users\Jendrik\Downloads\jxpiinstall.exe -d C:\Users\Jendrik\Downloads
Task: {B6F44A38-2743-4D90-A4F1-751570CCFEBC} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Tygan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {B954A2A3-7EA5-47B8-93AB-136A508381A7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BF62A763-E716-43FD-8FE9-0C5A5842EDF7} - System32\Tasks\{8E2B0D8E-A7C2-41AB-A0CC-6F1051CCC161} => pcalua.exe -a "C:\Program Files\Codemasters\OperationFlashpoint\OpFlashPreferences.exe" -d "C:\Program Files\Codemasters\OperationFlashpoint"
Task: {C525495D-FB5A-4963-BDEC-4C77CE448931} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {C9DE67D1-1BB8-4B1A-AA9D-E0B1199931F8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {CBA0DA7C-9D08-4490-9AD7-B38E02C71747} - System32\Tasks\{197B8FA4-1324-4E58-977E-3387813919D4} => pcalua.exe -a D:\DirectX\dxsetup.exe -d D:\DirectX
Task: {CDE38717-7FCF-49E4-9B48-4D8930E458E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DA80726F-9E08-4DF3-B961-7A8A7D20A5C6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E56B320E-E93B-45D5-B736-D8BE345694BB} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {E7EAF163-3F7F-44D3-9B80-C8B5F93C8F28} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1E4FF0B-03E2-4A42-BF69-17E5765E0C20} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F6A11EE2-0023-4595-8D9D-F2922462880E} - System32\Tasks\{1A673BBD-E760-48DE-8182-982ABA1E0CD0} => pcalua.exe -a C:\Users\Deus\Downloads\forge-1.8-11.14.1.1361-installer-win.exe -d C:\Users\Deus\Downloads
Task: {F8D69DA4-D5C2-4E9D-930E-2906092F8638} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FB409A52-D98C-4458-BB8A-24EE89EF7A6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FC13AE24-50AF-4150-830A-1BA18858E237} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE639A93-6D40-4961-AC31-1B45E9126512} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FF4245B5-59A8-403F-B4E5-8A1D3FF865E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-22] (Google Inc.)
Task: {FFF8BFAC-4011-4218-BA7B-C5B42F2008CC} - System32\Tasks\{104B9CA5-EF7D-4A10-ADB6-70F6F3EB62CE} => pcalua.exe -a C:\Users\Deus\Downloads\VMware-workstation-full-11.1.0-2496824.exe -d C:\Users\Deus\Downloads

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 21:17 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-05 12:25 - 2016-04-05 12:25 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-11-03 18:48 - 2014-08-18 17:50 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2016-11-05 03:07 - 2016-11-22 03:45 - 00936424 _____ () C:\Program Files\Core Temp\Core Temp.exe
2016-09-30 21:17 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2012-01-10 13:41 - 2015-05-30 17:26 - 00568904 _____ () C:\Program Files (x86)\puush\puush.exe
2015-02-11 19:57 - 2015-08-10 01:21 - 08276200 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WNA3100M.exe
2016-11-17 12:19 - 2016-11-17 12:21 - 03766272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-11-09 15:31 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 15:31 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 15:31 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 15:31 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 15:31 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-14 22:31 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 15:23 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-08 20:57 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-08 20:57 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-08 20:57 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-04-05 12:12 - 2016-04-05 12:12 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2016-04-05 12:01 - 2016-04-05 12:01 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2016-04-05 12:12 - 2016-04-05 12:12 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2016-04-05 12:15 - 2016-04-05 12:15 - 00750592 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2016-04-05 12:06 - 2016-04-05 12:06 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-11-03 18:48 - 2015-07-15 16:26 - 00450560 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2015-02-11 19:58 - 2014-07-22 10:18 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvcLib.dll
2016-11-14 22:56 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-14 22:56 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-08-03 18:49 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-03 18:49 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-03 18:49 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-03 18:49 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-03 18:49 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-03 18:49 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-03 18:49 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-03 18:49 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-03 18:49 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-03 18:49 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-03 18:49 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-03 18:49 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-14 12:18 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-08-03 18:49 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-12-08 20:57 - 2016-11-08 09:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-01 15:17 - 2016-06-01 15:17 - 00144832 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 02632640 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00554944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00041920 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00039872 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 12001728 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 01265600 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00086464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00078272 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 02231744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00114112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00245184 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00089536 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00055744 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00072128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00598976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00771520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00131520 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00052672 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00145856 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 01566656 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00334784 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00242624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00261056 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00069568 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00298944 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 01291200 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00048576 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00754624 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00344512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00052160 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00456128 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00035776 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00157632 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 02680768 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00356288 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00028096 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00031680 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00370112 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00121792 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 14929344 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00046528 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00789952 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00038848 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00030144 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00746432 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00036800 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00125888 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00065472 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00022464 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00027072 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00059840 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 01504704 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00028608 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00024512 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00031168 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00027584 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00029120 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00037824 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 15:18 - 2016-06-01 15:18 - 00024000 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00023488 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 15:19 - 2016-06-01 15:19 - 00022976 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-11-23 01:03 - 00004915 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 choice.microsoft.com
127.0.0.1 Choice.microsoft.com.nstac.net
127.0.0.1 Df.telemetry.microsoft.com
127.0.0.1 Oca.telemetry.microsoft.com
127.0.0.1 Oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 Redir.metaservices.microsoft.com
127.0.0.1 Reports.wes.df.telemetry.microsoft.com
127.0.0.1 Services.wes.df.telemetry.microsoft.com
127.0.0.1 Settings-sandbox.data.microsoft.com
127.0.0.1 Sqm.df.telemetry.microsoft.com
127.0.0.1 Sqm.telemetry.microsoft.com
127.0.0.1 Sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 Telecommand.telemetry.microsoft.com
127.0.0.1 Telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 Telemetry.appex.bing.net
127.0.0.1 Telemetry.appex.bing.net:443
127.0.0.1 Telemetry.microsoft.com
127.0.0.1 Telemetry.urs.microsoft.com
127.0.0.1 Vortex-sandbox.data.microsoft.com
127.0.0.1 Vortex-win.data.microsoft.com
127.0.0.1 Vortex.data.microsoft.com
127.0.0.1 Watson.telemetry.microsoft.com
127.0.0.1 Watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 apps.skype.com
127.0.0.1 apps.spotify.com
0.0.0.0 a.ads1.msn.com 
0.0.0.0 a.ads2.msads.net 
0.0.0.0 a.ads2.msn.com 
0.0.0.0 a.rad.msn.com 
0.0.0.0 a-0001.a-msedge.net 

There are 107 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212445781\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213329964\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\Control Panel\Desktop\\Wallpaper -> C:\Users\Tygan\Pictures\Wallpapers\artsfon.com-73830.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338376\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212450725\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456406\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221151456\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-624198674-977653023-2037852723-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223138043\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211338737\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212451795\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220456661\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016221157811\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223140317\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MF NTFS Monitor => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMnetDHCP => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: VMware NAT Service => 2
MSCONFIG\Services: VMwareHostd => 3
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "NetSpeedMonitor"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016211337752\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016212447007\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016213330421\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016220455830\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F9A4E4554F4E7E4C46D94738AFC6CF13"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "SecureBanking"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "pCloud"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-624198674-977653023-2037852723-1021-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12082016223134721\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{E60AE206-2D55-4AE2-BE03-1329312FD0F2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{378394AB-9822-4122-8E55-E3995F4CA54A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{777B1491-5F7F-41B3-88A0-E196B3EAFCC0}] => C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [{D27C7C8E-1B14-45CA-B1D5-1CE4ECCE5D37}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{A42BE9C8-851B-4EF6-AEEF-811D2922A9E2}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{88B80F2A-4D2D-4167-B2DB-274A064167AF}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{3D971F71-8933-43F4-ABF0-1D0FAFA5D112}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords_PitBoss.exe
FirewallRules: [{AC68BEBD-FB95-4821-96F5-D051F3C7570F}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{AB8027AA-30D9-418F-933C-E9C1E46F1131}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Warlords\Warlords\Civ4Warlords.exe
FirewallRules: [{5CA233AE-05C8-43E9-B286-450B6F760564}] => C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{50A6CFBE-9E49-42AC-9709-23D26F9C4577}] => C:\Program Files (x86)\Steam\steamapps\common\Civilization IV Colonization\Colonization.exe
FirewallRules: [{3C38DAF4-FB24-44EF-878A-F4A6C9C03B8E}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [{109A825B-BFD3-4938-AC47-369D022FF258}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV\Civilization4.exe
FirewallRules: [UDP Query User{7FC55172-7B01-4F4C-8E97-01BD9B41FF9F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{C37E1485-FA69-404E-9B3C-CAB73BFD5045}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{1DB619F2-55EB-458A-A1F0-CC69931D7953}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{CF1861DC-4799-410C-8AE7-FB60D285C243}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{1B73E9FF-F469-4B8D-888C-CA465E90CCA3}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{816974BA-CA0A-4943-9878-2EC7BEE898A6}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8CA8EC04-3441-45AD-9C88-62454794DE5E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{1BE7434B-A126-4C66-AA5D-1AD1CD895E4E}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{26D9069E-74CF-4BB8-BB4E-B9A4F160A93B}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{9EBF9B06-1E53-4968-8D45-64E7F5AB85D4}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{4AD96FA5-D0F1-4A80-B277-A8EC07B1095B}C:\program files\java\jre1.8.0_71\bin\java.exe] => C:\program files\java\jre1.8.0_71\bin\java.exe
FirewallRules: [TCP Query User{1C83C5A9-CB4A-4E20-8FA2-A55AD8A8AD85}C:\program files\java\jre1.8.0_71\bin\java.exe] => C:\program files\java\jre1.8.0_71\bin\java.exe
FirewallRules: [{E6972D16-0AC3-4BC9-B47C-514B7F426CB7}] => C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\Videodeluxe.exe
FirewallRules: [UDP Query User{1281CC9F-65AC-4C51-899F-6F497D4741B1}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{A0D57D79-90D4-4328-A541-14045F7C2F3A}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{87795A95-AC95-41A5-B44D-0FC8B98692F7}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{49D22B15-CEAC-4B61-B0DB-ADB5DD1DBD3B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{460DAE00-1A73-4C21-88E5-DF8586370FE8}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{5E58BCBA-2A54-42BA-9272-F8FC180D0541}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{FEB90422-50BF-4BBC-9C67-1CA183385D2A}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2E56E230-0344-4E6A-A98B-DB52242916A6}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{ABD9AFF4-0930-4994-A760-3A0541789D0A}] => C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{1070E7AE-683B-4575-AE32-64B778CEA047}] => C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CA1EF5BB-0368-4FDB-B4D7-A96D85334062}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [{F930D29C-5362-4EE2-99B9-D74E90CF26FC}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto 3\gta3.exe
FirewallRules: [UDP Query User{9AAF3CFF-DD7A-497A-BE2F-F9EFB4709A44}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [TCP Query User{CBCA0539-E485-4FB4-BF53-DEB504D29C8C}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{C6C52E2C-A3B4-4AD8-AEB5-CC968831FC3E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{93D428DF-D9C1-4E3D-A833-119E7AD19B5F}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E2BF7FA6-5490-4AD5-9649-9CEADB98B4C6}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{59343DAA-AC50-4FC2-8130-AFAAD277F5B4}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F425035C-FBD1-4846-BDC4-AE2E1A8F6BD6}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{C5BED132-D2F1-4B49-8E1C-89BA784920F2}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{4A4247F5-9F6F-4FBE-AE9A-6856E2C09127}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8275ADA2-E5C4-49CD-8056-9491007BA7D8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54B2336C-4F2A-4C84-8028-6A77EF4C8E56}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC32C821-96C4-41F2-BD9A-609FEFA5B42F}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D204B75D-FE2F-452A-A067-DBA89935BD82}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{902F54A4-0F65-4C67-91EA-EC5BFBEEE553}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A24E337A-91EB-489C-82A0-4CA2CCEBA69D}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FC5CEB87-E833-4592-8760-3780D7556624}C:\users\l14d\appdata\roaming\spotify\spotify.exe] => C:\users\l14d\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9EBBE327-BE32-4380-9CBC-88C1AD733278}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [{6236CC6A-BAC1-4844-B52D-4F058E166D63}] => C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto Vice City\gta-vc.exe
FirewallRules: [TCP Query User{EE24100D-05F1-4FDC-B0FB-55A8BF1B4487}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{98E01700-645C-4C9A-9952-5BF89CBCF7CB}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4B8C2D2F-48DE-4603-A1B7-651D9094521E}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B808CC0C-4968-48F4-9BE7-084EF520E631}C:\users\johnny\appdata\roaming\spotify\spotify.exe] => C:\users\johnny\appdata\roaming\spotify\spotify.exe
FirewallRules: [{06645459-E8FE-460B-9788-FE0E7710DD9A}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3BB40C19-F2EA-4690-B6BB-367E7C2C263A}C:\users\tygan\desktop\utox64.exe] => C:\users\tygan\desktop\utox64.exe
FirewallRules: [UDP Query User{AF48CB2B-A69C-4CF2-B462-881C4995E614}C:\users\tygan\desktop\utox64.exe] => C:\users\tygan\desktop\utox64.exe
FirewallRules: [{CC5F2C28-7374-4AED-9D91-90C23E4FBB56}] => %ProgramFiles% (x86)\Steam\Steam.exe
FirewallRules: [{3C26B0A2-E042-47DB-90D4-9F81BC82B2CC}] => %ProgramFiles% (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{021008C2-F369-4EC7-A04F-B64627B642D6}] => %ProgramFiles% (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CFD36A9-C245-4D8B-BCE4-B97CFBC7E2E3}] => %ProgramFiles% (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A42A4ACF-AFF2-4FE1-B6E7-01E1B0D51AD6}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{FA3668CF-4DB9-442E-8FD0-BEA511AF5C28}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{10002992-5381-4F7E-A8E3-F9AC916948F0}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{1A0E3CA8-C531-4491-9CC0-85423CB2DCB8}] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{CCB62BA7-C113-4531-B50E-640CD87BB559}C:\program files (x86)\sixteen tons entertainment\emergency 4\em4.exe] => C:\program files (x86)\sixteen tons entertainment\emergency 4\em4.exe
FirewallRules: [UDP Query User{33C0DCE6-0B9C-4CBA-AF03-8E1E16C6D5E3}C:\program files (x86)\sixteen tons entertainment\emergency 4\em4.exe] => C:\program files (x86)\sixteen tons entertainment\emergency 4\em4.exe
FirewallRules: [{52BCE2DD-BE9B-4D83-94DC-518971B48B41}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{6108EBF8-5249-4288-8E76-82B630A50267}] => C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{570422B8-0DA1-4ED4-9AF5-B3C0CB2218A7}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F68498C4-1C82-46BF-A645-3429352A92A0}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{DE432B9C-B9B8-484E-92F4-420DB4569043}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{BC9350F7-BEDB-4808-995E-02C045262D71}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7C69D01B-75D5-4ACB-BFFA-AA3B9E900F3E}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => C:\windows\system32\svchost.exe
FirewallRules: [{2765E0F4-2918-4A46-B9C9-43CDD8FCBA2B}] => C:\windows\systemapps\microsoft.windows.cortana_cw5n1h2txyewy\searchui.exe
FirewallRules: [{749346A5-877C-4982-BD22-2948F1FCC218}] => C:\Windows\explorer.exe
FirewallRules: [TCP Query User{9231E8D8-EEFA-4960-9502-81BE4F83F9F9}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [UDP Query User{42261284-ED71-4740-9929-5A880AB1CAFE}C:\program files (x86)\teamviewer\teamviewer.exe] => C:\program files (x86)\teamviewer\teamviewer.exe
FirewallRules: [{D4F42BB0-636E-408C-898F-66DB715D98ED}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{23AF67ED-1424-4234-A6BB-1CD849977675}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F1932438-5702-4324-9B33-307552B4B388}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F0B7882E-F521-45E1-9CB7-A1DA4DB32F71}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

24-11-2016 14:14:28 Geplanter Prüfpunkt
26-11-2016 00:43:45 Wiederherstellungsvorgang
03-12-2016 19:52:50 Geplanter Prüfpunkt

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Description: Controller der Familie Realtek PCIe FE
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2-Standardtastatur
Description: PS/2-Standardtastatur
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2016 10:42:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Taskmgr.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 172c

Startzeit: 01d2519b98e5264c

Beendigungszeit: 63

Anwendungspfad: C:\Windows\System32\Taskmgr.exe

Berichts-ID: 117f1a27-bd8f-11e6-9c72-b5a9ac12d839

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/08/2016 09:57:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.14393.206, Zeitstempel: 0x57daca78
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006d1c4
ID des fehlerhaften Prozesses: 0x160c
Startzeit der fehlerhaften Anwendung: 0x01d2514b31cb79f8
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\twinapi.appcore.dll
Berichtskennung: a16e68a9-6b88-4638-8239-ec50d46f25a0
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (12/05/2016 09:56:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85
Name des fehlerhaften Moduls: twinapi.appcore.dll, Version: 10.0.14393.206, Zeitstempel: 0x57daca78
Ausnahmecode: 0xc000027b
Fehleroffset: 0x000000000006d1c4
ID des fehlerhaften Prozesses: 0x1424
Startzeit der fehlerhaften Anwendung: 0x01d24ee403729452
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\twinapi.appcore.dll
Berichtskennung: 80c1c6ee-9e1d-462b-bc2e-ceec3c2d269c
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (12/05/2016 02:40:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER-128234)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/05/2016 02:12:26 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: Der Windows-Anmeldeprozess wurde unerwartet beendet.

Error: (12/04/2016 04:30:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: COMPUTER-128234)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (12/03/2016 11:15:58 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: COMPUTER-128234)
Description: 7.488: Der EFS-Dienst*konnte keinen Benutzer für „Unternehmensdatenschutz“ bereitstellen. Fehlercode: 0x80070005.

Error: (12/03/2016 07:53:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (12/02/2016 04:33:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm videodeluxe.exe, Version 15.0.0.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1744

Startzeit: 01d24cb02cf244de

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files\MAGIX\Movie Edit Pro 2016 Premium\videodeluxe.exe

Berichts-ID: 996ac46b-b8a4-11e6-9c6e-b252d92aa557

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (12/02/2016 12:46:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 50.0.1.6171, Zeitstempel: 0x58366d90
Name des fehlerhaften Moduls: mozglue.dll, Version: 50.0.1.6171, Zeitstempel: 0x58366d59
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed4b
ID des fehlerhaften Prozesses: 0x6b8
Startzeit der fehlerhaften Anwendung: 0x01d24c126f1b1c7b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: f6cf6513-e596-4ab1-a27e-cb4ddf642b61
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (12/08/2016 11:07:45 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTER-128234)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/08/2016 11:05:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet: 
Unbekannter Fehler

Error: (12/08/2016 10:01:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (12/08/2016 09:34:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2016 01:03:52 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (12/08/2016 01:03:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (12/07/2016 12:51:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (12/07/2016 12:51:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "vmx86" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (12/07/2016 12:51:43 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (12/06/2016 08:08:10 PM) (Source: DCOM) (EventID: 10010) (User: COMPUTER-128234)
Description: Der Server "{37998346-3765-45B1-8C66-AA88CA6B20B8}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2016-08-16 19:43:08.880
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.878
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.600
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:43:08.472
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10586.0_none_3310acc4233710cd\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.720
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.162
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:57.144
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-16 19:41:56.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\WINDOWS\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 82%
Total physical RAM: 4094.18 MB
Available physical RAM: 715.78 MB
Total Virtual: 8702.18 MB
Available Virtual: 2782.36 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:390.09 GB) (Free:198.83 GB) NTFS
Drive y: (Volume) (Fixed) (Total:75.14 GB) (Free:75.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 933BC6BB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=75.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

Übringens nicht wundern weil bei "Ran by SYSTEM" steht, habe FRST mit Systemrechten ausgeführt, da es mit Administrationsrechten nicht läuft, da es sich dort immer bei "Edge" aufhängt

Tician · 09.12.2016, 20:15

Hallo Ladekabel612,

das ist eine Fehlermeldung von MBAM, die Datei gehört zu Visual Studio.
Auch die Logs sehen sauber aus, bis auf ein paar Programm-Überreste ist da nichts zu sehen. Dein PC ist sauber

Ladekabel612 · 09.12.2016, 20:17

Oh, alles klar. Danke dennoch für das rüberschauen und schönen Abend noch

Tician · 10.12.2016, 12:41

Gerne

09.12.2016, 20:15	#4
Tician /// TB-Senior	Windows 10 Pro - Trojan.FakeMS.ED Hallo Ladekabel612, das ist eine Fehlermeldung von MBAM, die Datei gehört zu Visual Studio. Auch die Logs sehen sauber aus, bis auf ein paar Programm-Überreste ist da nichts zu sehen. Dein PC ist sauber __________________ Gruß Tician Geändert von Tician (09.12.2016 um 20:51 Uhr)

10.12.2016, 12:41	#6
Tician /// TB-Senior	Windows 10 Pro - Trojan.FakeMS.ED Gerne __________________ --> Windows 10 Pro - Trojan.FakeMS.ED

Windows 10 Pro - Trojan.FakeMS.ED

Log-Analyse und Auswertung: Windows 10 Pro - Trojan.FakeMS.ED