![]() |
Log-Analyse und Auswertung: Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen Hallo erstmal, vor einigen Tagen habe ich mir eine art reparurprogramm für das spiel GTA V gedownloaded von chip online. doch wie mir aufgefallen ist hat diese datei nix gemacht und ich versuchte es nochmal zu downloaden. diesmal hies die datei jedoch anders und es funktionierte. als ich nun die andere datei löschen wollte ging das nicht mehr da sie momentan ausgeführt wird. mir fiel auf das es eine ISO datei war. mein virenschutzprogramm G DATA scannte meinen ganzen pc, fand jedoch nix. die datei verschwand erst nachdem ich das ganze spiel deinstalliert habe. jedoch öffnen sich im browser abundzu von alleine tabs und aufdringliche werbung trotz addblocker. hab schon alle erweiterungen/programme durchsucht aber keine davon sind mir unbekannt bin schon viele schritte durchgegangen die vorgeschlagen worden sind mit malware cleanern etc. brauche dringend hilfe ._. |
![]() | #2 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen hi,
Die verarschen ihre Kunden aus reiner Profitgier. Siehe auch http://www.trojaner-board.de/168364-...mpfehlung.html und CHIP-Installer - was ist das? - Anleitungen Zitat:
![]() ![]() Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
![]() | #3 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen vielen dank für die schnelle antwort.
__________________ich werde mich morgen nochmal ransetzen und die logfiles hochladen.. rein aus interesse. da der pc noch relativ neu sind , sind da keine persönlichen daten drauf. werden durch ein " auf werkseinstellung wiederherstellen" auch alle viren/malware etc gelöscht? oder muss ich da wirklich alles formatieren und per cd neu windows raufspielen? vielen dank das sie so schnell geantworter haben mfg sueyuki |
![]() | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen Werkseinstellungen: Handbuch lesen, Anweisungen folgen
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen schon klar aber entfernt das auch wirklich alle viren malware etc.? sorry das ich so viel frage aber ich kenne mich nicht so gut aus^~^ |
![]() | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen Ja, denn es macht was es soll: den PC in den Zusatnd zurückversetzen, der direkt beim ersten Einschalten so war Alternativ: Windows ISO downloaden und brennen, davon booten und manuell neu installieren Noch ne Alternative: Linux verwenden vgl https://wiki.ubuntuusers.de/Einsteiger/
__________________ --> Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen |
![]() | #7 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienenCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 19.01.2017 Suchlaufzeit: 17:15 Protokolldatei: Administrator: Ja Version: Malware-Datenbank: v2017.01.19.05 Rootkit-Datenbank: v2016.11.20.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Sueyuki Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 321759 Abgelaufene Zeit: 5 Min., 23 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Ist das so richtig? Sind die Logfiles von Malwarebytes Code:
ATTFilter OTL logfile created on: 19.01.2017 17:36:25 - Run 1 OTL by OldTimer - Version Folder = C:\Users\User\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.14393.0) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 9,33 Gb Available Physical Memory | 58,50% Memory free 18,32 Gb Paging File | 9,90 Gb Available in Paging File | 54,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 255,68 Gb Total Space | 63,57 Gb Free Space | 24,86% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 887,13 Gb Free Space | 95,24% Space Free | Partition Type: NTFS Computer Name: DESKTOP-D193TCD | User Name: Sueyuki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2017.01.19 17:35:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe PRC - [2017.01.19 11:50:39 | 014,216,168 | ---- | M] (Blizzard Entertainment) -- E:\Battle.net\Battle.net.8288\Battle.net.exe PRC - [2017.01.19 11:50:38 | 001,448,936 | ---- | M] () -- E:\Battle.net\Battle.net.8288\Battle.net Helper.exe PRC - [2017.01.18 13:04:47 | 000,288,920 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe PRC - [2017.01.12 16:36:24 | 004,581,368 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClient.exe PRC - [2017.01.12 16:36:24 | 003,461,112 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUx.exe PRC - [2017.01.11 00:24:13 | 004,722,152 | ---- | M] (Blizzard Entertainment) -- C:\ProgramData\Battle.net\Agent\Agent.5362\Agent.exe PRC - [2017.01.06 02:10:32 | 000,427,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe PRC - [2017.01.06 02:10:31 | 000,427,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe PRC - [2017.01.06 02:10:30 | 015,534,648 | ---- | M] (Node.js) -- C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe PRC - [2017.01.06 02:10:24 | 001,432,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe PRC - [2017.01.04 13:48:56 | 000,054,512 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\Overwolf.exe PRC - [2017.01.04 13:48:54 | 000,084,208 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Common Files\Overwolf\\OverwolfHelper.exe PRC - [2017.01.04 13:45:58 | 000,470,064 | ---- | M] (Overwolf LTD) -- C:\Program Files (x86)\Overwolf\\OverwolfTSHelper.exe PRC - [2017.01.02 16:42:22 | 007,153,264 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\Spotify.exe PRC - [2017.01.02 16:42:22 | 001,444,976 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe PRC - [2017.01.02 16:42:22 | 000,489,072 | ---- | M] (Spotify Ltd) -- C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe PRC - [2016.12.30 16:07:34 | 077,359,760 | ---- | M] (GIGABYTE Technology Co.,Ltd.) -- C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe PRC - [2016.12.20 03:25:40 | 002,186,528 | ---- | M] (Valve Corporation) -- E:\Steam\bin\cef\cef.win7\steamwebhelper.exe PRC - [2016.12.20 03:25:40 | 001,467,168 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2016.12.20 03:25:38 | 002,876,704 | ---- | M] (Valve Corporation) -- E:\Steam\Steam.exe PRC - [2016.12.19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2016.12.14 22:01:12 | 000,275,224 | ---- | M] (Razer, Inc.) -- C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe PRC - [2016.12.14 22:00:25 | 000,259,864 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe PRC - [2016.12.13 15:12:15 | 005,012,616 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2016.12.11 19:47:56 | 000,459,832 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe PRC - [2016.11.30 06:33:45 | 002,505,704 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\AVKTray\AVKTray.exe PRC - [2016.11.04 14:57:18 | 000,596,640 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe PRC - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe PRC - [2016.09.30 10:23:10 | 004,072,264 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\AVKBackup\AVKBackupService.exe PRC - [2016.09.30 04:59:14 | 002,678,600 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\GUI\GDSC.exe PRC - [2016.09.27 03:53:48 | 000,822,600 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2016.09.25 00:21:05 | 000,189,264 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe PRC - [2016.09.15 05:03:05 | 002,453,320 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\AVKTuner\AVKTunerService.exe PRC - [2016.09.15 04:52:59 | 001,338,696 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GDKBFltExe32.exe PRC - [2016.09.15 04:29:24 | 002,513,736 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\Firewall\GDFirewallTray.exe PRC - [2016.09.15 03:51:31 | 000,984,904 | ---- | M] (G DATA Software AG) -- C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVKService.exe PRC - [2016.08.19 09:12:46 | 000,298,448 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe PRC - [2016.03.10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe PRC - [2016.03.10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe PRC - [2016.03.10 14:07:20 | 009,926,112 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe PRC - [2014.07.01 13:41:27 | 000,255,608 | ---- | M] (G DATA Software) -- C:\Program Files (x86)\G DATA\TotalSecurity\TSNxG\TSNxGService.exe ========== Modules (No Company Name) ========== MOD - [2017.01.19 11:51:40 | 000,540,336 | ---- | M] () -- E:\Battle.net\Battle.net.8288\ortp.dll MOD - [2017.01.19 11:51:38 | 003,384,832 | ---- | M] () -- E:\Battle.net\Battle.net.8288\libGLESv2.dll MOD - [2017.01.19 11:51:35 | 037,247,976 | ---- | M] () -- E:\Battle.net\Battle.net.8288\libcef.dll MOD - [2017.01.19 11:51:35 | 000,133,632 | ---- | M] () -- E:\Battle.net\Battle.net.8288\libEGL.dll MOD - [2017.01.19 11:51:10 | 000,990,696 | ---- | M] () -- E:\Battle.net\Battle.net.8288\ffmpegsumo.dll MOD - [2017.01.19 11:50:38 | 001,448,936 | ---- | M] () -- E:\Battle.net\Battle.net.8288\Battle.net Helper.exe MOD - [2017.01.12 16:36:30 | 001,041,408 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll MOD - [2017.01.12 16:36:30 | 000,709,632 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll MOD - [2017.01.12 16:36:30 | 000,632,320 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll MOD - [2017.01.12 16:36:29 | 003,335,680 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll MOD - [2017.01.12 16:36:29 | 000,732,672 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll MOD - [2017.01.12 16:36:29 | 000,697,856 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll MOD - [2017.01.12 16:36:29 | 000,668,160 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll MOD - [2017.01.12 16:36:29 | 000,657,408 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll MOD - [2017.01.12 16:36:29 | 000,622,080 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll MOD - [2017.01.12 16:36:29 | 000,606,720 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll MOD - [2017.01.12 16:36:28 | 002,015,232 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll MOD - [2017.01.12 16:36:28 | 000,934,400 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll MOD - [2017.01.12 16:36:28 | 000,780,288 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll MOD - [2017.01.12 16:36:28 | 000,685,568 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll MOD - [2017.01.12 16:36:28 | 000,630,272 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll MOD - [2017.01.12 16:36:28 | 000,571,392 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll MOD - [2017.01.12 16:36:27 | 002,523,648 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll MOD - [2017.01.12 16:36:27 | 000,955,904 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll MOD - [2017.01.12 16:36:27 | 000,825,856 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll MOD - [2017.01.12 16:36:27 | 000,737,280 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll MOD - [2017.01.12 16:36:27 | 000,674,304 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll MOD - [2017.01.12 16:36:27 | 000,663,040 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll MOD - [2017.01.12 16:36:26 | 001,558,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll MOD - [2017.01.12 16:36:26 | 001,043,968 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll MOD - [2017.01.12 16:36:26 | 000,898,048 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll MOD - [2017.01.12 16:36:26 | 000,594,944 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll MOD - [2017.01.12 16:36:26 | 000,557,056 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll MOD - [2017.01.12 16:36:25 | 002,491,392 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll MOD - [2017.01.12 16:36:25 | 001,705,472 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll MOD - [2017.01.12 16:36:25 | 001,121,280 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll MOD - [2017.01.12 16:36:25 | 000,862,208 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll MOD - [2017.01.12 16:36:25 | 000,852,992 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll MOD - [2017.01.12 16:36:25 | 000,820,224 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll MOD - [2017.01.12 16:36:25 | 000,707,584 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll MOD - [2017.01.12 16:36:25 | 000,690,176 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll MOD - [2017.01.12 16:36:25 | 000,638,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll MOD - [2017.01.12 16:36:25 | 000,559,616 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll MOD - [2017.01.12 16:36:25 | 000,543,744 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll MOD - [2017.01.12 16:36:24 | 004,581,368 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClient.exe MOD - [2017.01.12 16:36:24 | 003,461,112 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\LeagueClientUx.exe MOD - [2017.01.12 16:36:24 | 001,177,088 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll MOD - [2017.01.12 16:36:24 | 000,702,464 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll MOD - [2017.01.12 16:36:24 | 000,600,576 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll MOD - [2017.01.12 16:36:24 | 000,580,096 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll MOD - [2017.01.12 16:36:23 | 000,159,224 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libexpat.dll MOD - [2017.01.07 10:22:31 | 019,716,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll MOD - [2017.01.07 10:22:20 | 001,153,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll MOD - [2017.01.07 10:22:20 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll MOD - [2017.01.07 10:22:20 | 000,117,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll MOD - [2017.01.07 10:22:19 | 000,219,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll MOD - [2017.01.07 10:22:19 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75ed56cf95fe6228472b5e57ac7a76b7\UIAutomationTypes.ni.dll MOD - [2017.01.07 10:22:18 | 007,882,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\720259e39ef1331fa96a3242ad50f25a\System.Data.ni.dll MOD - [2017.01.07 10:22:15 | 000,252,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\27950df85d9f41bc598059975e6f65a0\System.ComponentModel.DataAnnotations.ni.dll MOD - [2017.01.07 10:22:14 | 012,992,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll MOD - [2017.01.07 10:22:09 | 001,626,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll MOD - [2017.01.06 02:10:31 | 003,776,056 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll MOD - [2017.01.06 02:10:31 | 000,901,688 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll MOD - [2017.01.06 02:10:30 | 000,020,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll MOD - [2017.01.06 02:10:23 | 064,246,840 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll MOD - [2017.01.06 01:09:24 | 002,807,232 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node MOD - [2017.01.06 01:09:24 | 000,527,416 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node MOD - [2017.01.06 01:09:23 | 001,003,456 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node MOD - [2017.01.06 01:09:23 | 000,954,816 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node MOD - [2017.01.06 01:09:23 | 000,516,032 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node MOD - [2017.01.06 01:09:23 | 000,464,952 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node MOD - [2017.01.06 01:09:23 | 000,449,080 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node MOD - [2017.01.06 01:09:23 | 000,384,568 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node MOD - [2017.01.06 01:09:23 | 000,366,136 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node MOD - [2017.01.06 01:09:23 | 000,336,832 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node MOD - [2017.01.06 01:09:23 | 000,252,352 | ---- | M] () -- \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node MOD - [2017.01.04 13:46:16 | 001,565,128 | ---- | M] () -- C:\Program Files (x86)\Overwolf\\teamspeak_control_win32.dll MOD - [2017.01.04 13:45:56 | 067,297,280 | ---- | M] () -- C:\Program Files (x86)\Overwolf\\libcef.DLL MOD - [2017.01.02 16:59:38 | 000,681,984 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll MOD - [2017.01.02 16:59:38 | 000,607,744 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll MOD - [2017.01.02 16:59:38 | 000,594,944 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll MOD - [2017.01.02 16:59:38 | 000,582,144 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll MOD - [2017.01.02 16:59:38 | 000,582,144 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll MOD - [2017.01.02 16:59:38 | 000,579,072 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-spectator\rcp-be-lol-spectator.dll MOD - [2017.01.02 16:59:38 | 000,564,224 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll MOD - [2017.01.02 16:59:38 | 000,563,200 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll MOD - [2017.01.02 16:59:38 | 000,549,888 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll MOD - [2017.01.02 16:59:38 | 000,547,328 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll MOD - [2017.01.02 16:59:37 | 000,854,016 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll MOD - [2017.01.02 16:59:37 | 000,611,840 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll MOD - [2017.01.02 16:42:22 | 051,777,648 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\libcef.dll MOD - [2017.01.02 16:42:22 | 001,803,888 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\libglesv2.dll MOD - [2017.01.02 16:42:22 | 000,110,192 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\SpotifyWinRT.dll MOD - [2017.01.02 16:42:22 | 000,086,128 | ---- | M] () -- C:\Users\User\AppData\Roaming\Spotify\libegl.dll MOD - [2017.01.02 16:40:43 | 001,876,448 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libGLESv2.dll MOD - [2017.01.02 16:40:43 | 000,585,728 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll MOD - [2017.01.02 16:40:43 | 000,583,680 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-account-settings\rcp-be-lol-account-settings.dll MOD - [2017.01.02 16:40:43 | 000,552,960 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll MOD - [2017.01.02 16:40:43 | 000,021,984 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libEGL.dll MOD - [2017.01.02 16:40:42 | 055,617,504 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\league_client\releases\\deploy\libcef.dll MOD - [2016.12.20 03:25:44 | 002,322,720 | ---- | M] () -- E:\Steam\video.dll MOD - [2016.12.20 03:25:40 | 000,838,944 | ---- | M] () -- E:\Steam\bin\chromehtml.dll MOD - [2016.12.20 03:25:38 | 000,388,384 | ---- | M] () -- E:\Steam\Steam.dll MOD - [2016.12.08 16:13:58 | 000,656,160 | ---- | M] () -- E:\Steam\SDL2.dll MOD - [2016.12.05 17:21:16 | 067,304,736 | ---- | M] () -- E:\Steam\bin\cef\cef.win7\libcef.dll MOD - [2016.12.01 09:59:28 | 000,143,824 | ---- | M] () -- C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll MOD - [2016.10.08 08:13:42 | 050,656,768 | ---- | M] () -- C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll MOD - [2016.10.08 08:13:42 | 001,874,944 | ---- | M] () -- C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll MOD - [2016.10.08 08:13:42 | 000,075,264 | ---- | M] () -- C:\Users\User\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll MOD - [2016.09.01 02:02:12 | 004,969,248 | ---- | M] () -- E:\Steam\v8.dll MOD - [2016.09.01 02:02:06 | 001,563,936 | ---- | M] () -- E:\Steam\icui18n.dll MOD - [2016.09.01 02:02:06 | 001,195,296 | ---- | M] () -- E:\Steam\icuuc.dll MOD - [2016.08.19 09:12:46 | 000,298,448 | ---- | M] () -- C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe MOD - [2016.08.18 20:26:22 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll MOD - [2016.07.16 12:44:20 | 019,611,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll MOD - [2016.07.16 12:44:20 | 010,281,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll MOD - [2016.07.16 12:44:19 | 007,480,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll MOD - [2016.07.13 22:34:29 | 007,472,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll MOD - [2016.07.13 22:34:29 | 004,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll MOD - [2016.07.13 22:34:29 | 001,894,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll MOD - [2016.07.13 22:34:29 | 000,407,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll MOD - [2016.07.13 22:34:26 | 002,820,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll MOD - [2016.07.13 22:34:26 | 000,994,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll MOD - [2016.07.13 22:34:24 | 019,769,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll MOD - [2016.07.13 22:34:24 | 012,019,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll MOD - [2016.07.13 22:34:24 | 000,546,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\def8702c6e883330fb8cb8e3f5c5e665\PresentationFramework.Aero2.ni.dll MOD - [2016.07.04 23:17:58 | 000,266,560 | ---- | M] () -- E:\Steam\openvr_api.dll MOD - [2016.01.27 08:49:46 | 002,549,760 | ---- | M] () -- E:\Steam\libavcodec-56.dll MOD - [2016.01.27 08:49:46 | 000,491,008 | ---- | M] () -- E:\Steam\libavformat-56.dll MOD - [2016.01.27 08:49:46 | 000,485,888 | ---- | M] () -- E:\Steam\libswscale-3.dll MOD - [2016.01.27 08:49:46 | 000,442,880 | ---- | M] () -- E:\Steam\libavutil-54.dll MOD - [2016.01.27 08:49:46 | 000,332,800 | ---- | M] () -- E:\Steam\libavresample-2.dll MOD - [2015.09.25 00:52:04 | 000,119,208 | ---- | M] () -- E:\Steam\winh264.dll MOD - [2014.05.01 02:49:48 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\BSL430.dll ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe -- (NVIDIA Wireless Controller Service) SRV:64bit: - [2016.12.21 07:51:53 | 002,275,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2016.12.14 06:33:21 | 000,822,624 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AppVClient.exe -- (AppVClient) SRV:64bit: - [2016.12.14 05:43:24 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2016.12.14 05:36:59 | 000,539,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:64bit: - [2016.12.14 05:23:43 | 001,231,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:64bit: - [2016.12.09 11:28:24 | 000,764,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:64bit: - [2016.11.11 10:22:23 | 000,082,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:64bit: - [2016.11.11 10:20:50 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc) SRV:64bit: - [2016.11.11 10:20:10 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:64bit: - [2016.11.11 10:19:59 | 000,411,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:64bit: - [2016.11.11 10:19:35 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:64bit: - [2016.11.11 10:16:35 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2016.11.11 10:14:35 | 002,104,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2016.11.11 10:06:19 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:64bit: - [2016.11.11 10:05:32 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:64bit: - [2016.11.11 10:04:16 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2016.11.02 11:30:35 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc) SRV:64bit: - [2016.11.02 11:22:02 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2016.11.02 11:19:44 | 000,805,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer) SRV:64bit: - [2016.11.02 11:16:47 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:64bit: - [2016.11.02 11:16:27 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2016.10.15 04:37:03 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2016.10.12 12:57:55 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2016.10.12 12:57:51 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:64bit: - [2016.10.12 12:57:51 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:64bit: - [2016.10.12 12:57:51 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc) SRV:64bit: - [2016.10.12 12:57:51 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc) SRV:64bit: - [2016.10.12 12:57:48 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:64bit: - [2016.10.12 12:57:48 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:64bit: - [2016.10.12 12:57:48 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:64bit: - [2016.10.12 12:57:48 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:64bit: - [2016.10.12 12:57:46 | 001,013,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:64bit: - [2016.10.12 12:57:46 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate) SRV:64bit: - [2016.10.12 12:57:44 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss) SRV:64bit: - [2016.10.12 12:57:44 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2016.10.12 12:57:44 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2016.10.12 12:57:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2016.07.16 23:56:36 | 001,227,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AgentService.exe -- (UevAgentService) SRV:64bit: - [2016.07.16 23:56:29 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2016.07.16 12:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2016.07.16 12:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:64bit: - [2016.07.16 12:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2016.07.16 12:43:10 | 001,836,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2016.07.16 12:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2016.07.16 12:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc) SRV:64bit: - [2016.07.16 12:42:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:64bit: - [2016.07.16 12:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:64bit: - [2016.07.16 12:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2016.07.16 12:42:37 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2016.07.16 12:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc) SRV:64bit: - [2016.07.16 12:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2016.07.16 12:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2016.07.16 12:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_2951232) SRV:64bit: - [2016.07.16 12:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_2951232) SRV:64bit: - [2016.07.16 12:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:64bit: - [2016.07.16 12:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2016.07.16 12:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService) SRV:64bit: - [2016.07.16 12:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2016.07.16 12:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2016.07.16 12:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:64bit: - [2016.07.16 12:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2016.07.16 12:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService) SRV:64bit: - [2016.07.16 12:42:09 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:64bit: - [2016.07.16 12:42:09 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2016.07.16 12:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2016.07.16 12:42:09 | 000,326,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:64bit: - [2016.07.16 12:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService) SRV:64bit: - [2016.07.16 12:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:64bit: - [2016.07.16 12:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:64bit: - [2016.07.16 12:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:64bit: - [2016.07.16 12:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:64bit: - [2016.07.16 12:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:64bit: - [2016.07.16 12:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2016.07.16 12:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:64bit: - [2016.07.16 12:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:64bit: - [2016.07.16 12:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost) SRV:64bit: - [2016.07.16 12:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2016.07.16 12:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV - [2017.01.06 02:10:32 | 000,427,064 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -- (NvTelemetryContainer) SRV - [2017.01.06 02:10:31 | 000,464,440 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerNetworkService) SRV - [2017.01.06 02:10:31 | 000,464,440 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvContainer\nvcontainer.exe -- (NvContainerLocalSystem) SRV - [2017.01.04 13:48:54 | 001,317,104 | ---- | M] (Overwolf LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdater) SRV - [2017.01.03 02:10:19 | 001,457,160 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2016.12.20 03:25:40 | 001,467,168 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2016.12.19 22:38:14 | 000,082,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2016.12.13 15:12:15 | 005,012,616 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2016.12.11 19:47:56 | 000,459,832 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem) SRV - [2016.12.09 09:54:48 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2016.11.11 08:19:35 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2016.11.11 08:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2016.11.04 03:56:50 | 004,261,344 | ---- | M] (Razer Inc) [Auto | Running] -- C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe -- (RzSurroundVADStreamingService) SRV - [2016.10.18 08:24:54 | 000,069,744 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe -- (Razer Chroma SDK Service) SRV - [2016.10.12 12:57:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2016.09.30 10:23:10 | 004,072,264 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2016.09.27 04:25:36 | 003,044,496 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2016.09.27 03:53:48 | 000,822,600 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2016.09.25 00:21:05 | 000,189,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service) SRV - [2016.09.20 12:54:54 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2016.09.15 05:03:05 | 002,453,320 | ---- | M] (G DATA Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2016.09.15 04:25:10 | 003,286,120 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2016.09.15 03:51:31 | 000,984,904 | ---- | M] (G DATA Software AG) [Auto | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2016.07.16 12:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2016.07.16 12:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2016.03.10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2016.03.10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2014.07.01 13:41:27 | 000,255,608 | ---- | M] (G DATA Software) [On_Demand | Running] -- C:\Program Files (x86)\G DATA\TotalSecurity\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2013.07.04 03:32:06 | 000,936,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe -- (asComSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2017.01.19 17:11:49 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2017.01.15 22:22:23 | 000,116,296 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2017.01.06 02:10:32 | 000,059,448 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvhci.sys -- (nvvhci) DRV:64bit: - [2017.01.06 02:10:32 | 000,047,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2017.01.02 18:11:04 | 000,153,160 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2017.01.02 18:10:40 | 000,109,128 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2017.01.02 18:10:40 | 000,089,160 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd) DRV:64bit: - [2017.01.02 18:10:40 | 000,069,192 | ---- | M] (G DATA Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv) DRV:64bit: - [2017.01.02 18:10:38 | 000,077,384 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2017.01.02 16:19:51 | 000,037,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GDKBB64.sys -- (GDKBB) DRV:64bit: - [2017.01.02 16:19:51 | 000,030,280 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GDKBFlt64.sys -- (GDKBFlt) DRV:64bit: - [2017.01.02 16:19:32 | 000,105,544 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2017.01.02 16:19:31 | 000,274,400 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2017.01.02 16:19:31 | 000,180,808 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2016.12.12 22:26:58 | 014,200,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys -- (nvlddmkm) DRV:64bit: - [2016.12.12 04:03:20 | 000,212,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2016.12.09 11:30:39 | 000,377,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2016.11.11 11:00:25 | 000,219,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2016.11.11 10:26:51 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip) DRV:64bit: - [2016.11.02 11:55:52 | 000,048,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate) DRV:64bit: - [2016.10.16 12:04:08 | 000,049,176 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSurroundVAD.sys -- (RZSURROUNDVADService) DRV:64bit: - [2016.10.15 05:37:01 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2016.10.15 05:30:16 | 000,557,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2016.10.15 04:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2016.10.12 12:57:55 | 000,719,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:64bit: - [2016.10.12 12:57:55 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2016.10.12 12:57:51 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2016.10.12 12:57:48 | 000,127,328 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppVStrm.sys -- (AppvStrm) DRV:64bit: - [2016.10.12 12:57:46 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs) DRV:64bit: - [2016.10.12 12:57:46 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice) DRV:64bit: - [2016.10.12 12:57:44 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2016.10.12 12:57:44 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2016.10.12 12:57:44 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2016.10.12 12:57:44 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2016.10.12 12:57:44 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2016.10.12 12:57:44 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i) DRV:64bit: - [2016.10.12 12:57:44 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid) DRV:64bit: - [2016.09.17 02:12:20 | 000,044,144 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk) DRV:64bit: - [2016.09.10 14:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg) DRV:64bit: - [2016.09.07 22:27:07 | 000,137,840 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk) DRV:64bit: - [2016.07.16 23:56:46 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2016.07.16 23:56:40 | 000,179,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mssecflt.sys -- (MsSecFlt) DRV:64bit: - [2016.07.16 23:56:36 | 000,040,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\UevAgentDriver.sys -- (UevAgentDriver) DRV:64bit: - [2016.07.16 23:56:29 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2016.07.16 23:56:26 | 000,123,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2016.07.16 23:56:25 | 000,157,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppvVemgr.sys -- (AppvVemgr) DRV:64bit: - [2016.07.16 23:56:25 | 000,141,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppvVfs.sys -- (AppvVfs) DRV:64bit: - [2016.07.16 12:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2016.07.16 12:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2016.07.16 12:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2016.07.16 12:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2016.07.16 12:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2016.07.16 12:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2016.07.16 12:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2016.07.16 12:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr) DRV:64bit: - [2016.07.16 12:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:64bit: - [2016.07.16 12:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:64bit: - [2016.07.16 12:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:64bit: - [2016.07.16 12:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:64bit: - [2016.07.16 12:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2016.07.16 12:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2016.07.16 12:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101) DRV:64bit: - [2016.07.16 12:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:64bit: - [2016.07.16 12:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2016.07.16 12:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:64bit: - [2016.07.16 12:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2016.07.16 12:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:64bit: - [2016.07.16 12:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2016.07.16 12:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd) DRV:64bit: - [2016.07.16 12:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2016.07.16 12:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2016.07.16 12:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:64bit: - [2016.07.16 12:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:64bit: - [2016.07.16 12:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2016.07.16 12:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2016.07.16 12:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2016.07.16 12:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2016.07.16 12:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2016.07.16 12:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg) DRV:64bit: - [2016.07.16 12:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs) DRV:64bit: - [2016.07.16 12:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:64bit: - [2016.07.16 12:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2016.07.16 12:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx) DRV:64bit: - [2016.07.16 12:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:64bit: - [2016.07.16 12:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt) DRV:64bit: - [2016.07.16 12:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:64bit: - [2016.07.16 12:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:64bit: - [2016.07.16 12:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2016.07.16 12:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2016.07.16 12:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys) DRV:64bit: - [2016.07.16 12:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea) DRV:64bit: - [2016.07.16 12:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2016.07.16 12:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi) DRV:64bit: - [2016.07.16 12:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:64bit: - [2016.07.16 12:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:64bit: - [2016.07.16 12:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn) DRV:64bit: - [2016.07.16 12:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:64bit: - [2016.07.16 12:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C) DRV:64bit: - [2016.07.16 12:41:54 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22) DRV:64bit: - [2016.07.16 12:41:54 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c) DRV:64bit: - [2016.07.16 12:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2) DRV:64bit: - [2016.07.16 12:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2016.07.16 12:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2016.07.16 12:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt) DRV:64bit: - [2016.07.16 12:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter) DRV:64bit: - [2016.07.16 12:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2016.07.16 12:41:54 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio) DRV:64bit: - [2016.07.16 12:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2016.07.16 12:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2016.07.16 12:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd) DRV:64bit: - [2016.07.16 12:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:64bit: - [2016.07.16 12:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus) DRV:64bit: - [2016.07.16 12:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2016.07.16 12:41:53 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64) DRV:64bit: - [2016.07.16 12:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus) DRV:64bit: - [2016.07.16 12:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi) DRV:64bit: - [2016.07.16 12:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2016.07.16 12:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2016.07.16 12:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101) DRV:64bit: - [2016.07.16 12:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr) DRV:64bit: - [2016.07.16 12:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:64bit: - [2016.07.16 12:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i) DRV:64bit: - [2016.07.16 12:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i) DRV:64bit: - [2016.07.16 12:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus) DRV:64bit: - [2016.07.16 12:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2016.07.16 12:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2016.07.16 12:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2016.07.16 12:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2016.07.16 12:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs) DRV:64bit: - [2016.07.16 12:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2016.07.16 12:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2016.07.16 12:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i) DRV:64bit: - [2016.07.16 12:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i) DRV:64bit: - [2016.07.16 12:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2016.07.16 12:41:53 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2016.07.16 12:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs) DRV:64bit: - [2016.07.16 12:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad) DRV:64bit: - [2016.07.16 12:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2016.07.16 12:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2016.07.16 12:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2016.07.16 12:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev) DRV:64bit: - [2016.07.16 12:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume) DRV:64bit: - [2016.07.16 12:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2016.07.16 12:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2016.07.16 12:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:64bit: - [2016.07.16 12:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn) DRV:64bit: - [2016.07.16 12:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2016.07.16 12:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2016.07.16 12:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:64bit: - [2016.07.16 12:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:64bit: - [2016.07.16 12:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:64bit: - [2016.07.16 12:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2016.07.16 12:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2016.07.16 12:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2016.07.16 12:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus) DRV:64bit: - [2016.07.16 12:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2016.07.16 12:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2016.07.16 12:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2016.07.16 12:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2016.07.16 12:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid) DRV:64bit: - [2016.06.23 12:55:34 | 000,203,288 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2016.06.23 12:55:20 | 000,051,736 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt) DRV:64bit: - [2016.04.21 11:50:47 | 000,117,904 | ---- | M] (G Data Software AG) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\gdelam.sys -- (GDElam) DRV:64bit: - [2016.03.10 14:09:10 | 000,065,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2016.03.10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2015.12.23 08:05:26 | 000,935,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2015.11.24 09:45:10 | 001,468,416 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2015.10.08 20:16:00 | 000,185,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64) DRV:64bit: - [2015.09.10 06:59:14 | 000,054,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmsmbsp.sys -- (bcmsmbsp) DRV:64bit: - [2013.09.30 15:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2013.09.30 15:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2009.09.09 10:23:46 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flashud.sys -- (int0800) DRV - [2017.01.06 02:10:27 | 000,029,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2016.12.12 22:26:58 | 014,200,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys -- (nvlddmkm) DRV - [2016.07.16 12:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 2C 28 63 4B 71 6F D2 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://noblockweb.org/wpad.dat?5eb931c846419c2ee1b3c3d0c0ec5cd523775190 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2017.01.09 14:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2017.01.15 21:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\gckl1d9u.default\extensions [2017.01.15 21:19:00 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\gckl1d9u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ========== Chrome ========== CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.6_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.12.4_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.5.5_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.9.9_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjcgpbffennccofdpganblbjiglnbip\1.1_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\ CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnmanbnhlloebchmhnojemignjlcopp\1_0\ O1 HOSTS File: ([2017.01.02 16:19:51 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: gdpwmgrlocalhost O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) O4 - HKCU..\Run: [Battle.net] "E:\Battle.net\Battle.net Launcher.exe" --autostarted File not found O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe () O4 - HKCU..\Run: [Spotify] C:\Users\User\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [TeamSpeak 3 Client] C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (TeamSpeak Systems GmbH) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk = C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14c6fcf0-9ae8-453f-8d42-fa16cb4f7938}: DhcpNameServer = O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) |
![]() | #8 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienenCode:
ATTFilter ========== Files/Folders - Created Within 30 Days ========== [2017.01.17 17:59:01 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2017.01.17 17:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2017.01.17 17:58:41 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2017.01.17 17:58:41 | 000,065,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2017.01.17 17:58:41 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys [2017.01.17 17:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2017.01.17 17:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2017.01.15 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinISO Computing [2017.01.15 22:35:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\WinISO Computing [2017.01.15 22:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinISO Computing [2017.01.15 22:22:23 | 000,116,296 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2017.01.15 22:22:23 | 000,028,208 | ---- | C] (G DATA Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2017.01.15 22:22:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\G DATA [2017.01.15 21:29:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\New Technology Studio [2017.01.15 21:29:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\New Technology Studio [2017.01.15 02:56:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Rockstar Games [2017.01.15 02:56:19 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Rockstar Games [2017.01.15 02:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2017.01.15 02:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games [2017.01.09 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla [2017.01.09 14:00:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla [2017.01.09 11:52:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Diagnostics [2017.01.08 02:39:20 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Overwatch [2017.01.08 02:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch [2017.01.07 11:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VulkanRT [2017.01.07 11:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OSD Server [2017.01.03 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PeerDistRepub [2017.01.03 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\User\Tracing [2017.01.03 13:19:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype [2017.01.03 13:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2017.01.03 13:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2017.01.03 13:19:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2017.01.03 13:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2017.01.03 10:03:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OBS [2017.01.03 10:01:22 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Games [2017.01.03 10:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye [2017.01.03 02:09:33 | 000,000,000 | ---D | C] -- C:\UplaySSD [2017.01.03 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Ubisoft Game Launcher [2017.01.03 02:08:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2017.01.03 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Diablo III [2017.01.02 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\RzSurroundVAD_1.1.62.0 [2017.01.02 23:53:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CrashDumps [2017.01.02 20:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2017.01.02 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\NVIDIA [2017.01.02 19:03:42 | 000,215,608 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2017.01.02 19:03:42 | 000,201,664 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2017.01.02 18:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2017.01.02 18:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2017.01.02 18:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA TOTAL SECURITY [2017.01.02 17:47:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2017.01.02 17:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2017.01.02 17:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2017.01.02 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2017.01.02 17:24:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe [2017.01.02 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\temp [2017.01.02 17:19:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs [2017.01.02 17:04:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Blizzard Entertainment [2017.01.02 17:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2017.01.02 17:04:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Battle.net [2017.01.02 17:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net [2017.01.02 17:04:01 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\League of Legends [2017.01.02 16:57:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Battle.net [2017.01.02 16:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2017.01.02 16:46:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2017.01.02 16:45:20 | 000,000,000 | ---D | C] -- C:\SteamSSD [2017.01.02 16:43:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf [2017.01.02 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf [2017.01.02 16:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Overwolf [2017.01.02 16:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf [2017.01.02 16:42:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Steam [2017.01.02 16:42:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TS3Client [2017.01.02 16:42:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Overwolf [2017.01.02 16:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2017.01.02 16:42:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Spotify [2017.01.02 16:42:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Spotify [2017.01.02 16:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2017.01.02 16:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2017.01.02 16:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games [2017.01.02 16:39:38 | 000,000,000 | ---D | C] -- C:\Riot Games [2017.01.02 16:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2017.01.02 16:37:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2017.01.02 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2017.01.02 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2017.01.02 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2017.01.02 16:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2017.01.02 16:35:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Riot Games [2017.01.02 16:20:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium [2017.01.02 16:19:52 | 000,089,160 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2017.01.02 16:19:52 | 000,069,192 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2017.01.02 16:19:51 | 000,109,128 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\TS4nt.sys [2017.01.02 16:19:51 | 000,037,400 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDKBB64.sys [2017.01.02 16:19:51 | 000,030,280 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\GDKBFlt64.sys [2017.01.02 16:19:49 | 000,077,384 | ---- | C] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2017.01.02 16:19:32 | 000,105,544 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2017.01.02 16:19:31 | 000,274,400 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2017.01.02 16:19:31 | 000,180,808 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2017.01.02 16:19:31 | 000,153,160 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2017.01.02 16:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software [2017.01.02 16:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G DATA [2017.01.02 16:16:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2017.01.02 16:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\G Data [2017.01.02 16:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2017.01.02 16:10:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google [2017.01.02 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Razer_Inc [2017.01.02 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Razer [2017.01.02 16:09:47 | 000,137,840 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpnk.sys [2017.01.02 16:09:38 | 000,044,144 | ---- | C] (Razer, Inc.) -- C:\Windows\SysNative\drivers\rzpmgrk.sys [2017.01.02 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Razer Chroma SDK [2017.01.02 16:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer Chroma SDK [2017.01.02 16:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer [2017.01.02 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2017.01.02 16:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2017.01.02 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NVIDIA [2017.01.02 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\NVIDIA Corporation [2017.01.02 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CEF [2017.01.02 14:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2017.01.02 14:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2017.01.02 14:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2017.01.02 14:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2017.01.02 14:09:48 | 000,000,000 | ---D | C] -- C:\NVIDIA [2017.01.02 14:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2017.01.02 14:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2017.01.02 14:02:19 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll [2017.01.02 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2017.01.02 14:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2017.01.02 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Macromedia [2017.01.02 13:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MicrosoftEdge [2017.01.02 13:02:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Comms [2017.01.02 12:52:09 | 000,935,168 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt630x64.sys [2017.01.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DRPSu [2017.01.02 12:47:22 | 000,000,000 | R--D | C] -- C:\Users\User\OneDrive [2017.01.02 12:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive [2017.01.02 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Publishers [2017.01.02 12:46:01 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2017.01.02 12:46:01 | 000,000,000 | R--D | C] -- C:\Users\User\Searches [2017.01.02 12:46:01 | 000,000,000 | R--D | C] -- C:\Users\User\Contacts [2017.01.02 12:46:01 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2017.01.02 12:46:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\VirtualStore [2017.01.02 12:46:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Packages [2017.01.02 12:46:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Adobe [2017.01.02 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\TileDataLayer [2017.01.02 12:46:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ConnectedDevicesPlatform [2017.01.02 12:45:49 | 000,000,000 | --SD | C] -- C:\Users\User\AppData\Roaming\Microsoft [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Videos [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Saved Games [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Pictures [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Music [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Links [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Favorites [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Documents [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2017.01.02 12:45:49 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Vorlagen [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Verlauf [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Temporary Internet Files [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Startmenü [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\SendTo [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Recent [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Netzwerkumgebung [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Lokale Einstellungen [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Videos [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Musik [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Eigene Dateien [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Documents\Eigene Bilder [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Druckumgebung [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Cookies [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\Anwendungsdaten [2017.01.02 12:45:49 | 000,000,000 | -HSD | C] -- C:\Users\User\Anwendungsdaten [2017.01.02 12:45:49 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData [2017.01.02 12:45:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temp [2017.01.02 12:45:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Microsoft [2017.01.02 12:45:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2017.01.02 12:43:37 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2017.01.02 12:30:17 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2017.01.02 12:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\USOShared [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Recovery [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Programme [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2017.01.02 12:28:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2017.01.02 12:27:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2017.01.02 12:27:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SleepStudy [2017.01.02 12:27:16 | 000,000,000 | ---D | C] -- C:\Windows\ServiceProfiles [2017.01.02 12:27:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2017.01.02 12:27:15 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\Microsoft [2017.01.02 12:27:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2017.01.02 12:26:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2017.01.19 17:11:49 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2017.01.19 17:11:22 | 2552,844,287 | -HS- | M] () -- C:\hiberfil.sys [2017.01.19 17:11:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2017.01.19 13:17:17 | 001,818,712 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2017.01.19 13:17:17 | 000,794,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2017.01.19 13:17:17 | 000,684,818 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2017.01.19 13:17:17 | 000,196,040 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2017.01.19 13:17:17 | 000,142,740 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2017.01.19 13:11:10 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys [2017.01.19 13:10:58 | 000,012,864 | ---- | M] () -- C:\bootsqm.dat [2017.01.18 12:59:57 | 000,002,331 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017.01.17 17:58:43 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2017.01.15 22:24:16 | 000,444,853 | ---- | M] () -- C:\Users\User\Desktop\F_20160517172741oqGXCu.JPG [2017.01.15 22:22:23 | 000,116,296 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2017.01.15 22:22:23 | 000,028,208 | ---- | M] (G DATA Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2017.01.15 21:29:36 | 000,001,306 | ---- | M] () -- C:\Users\User\Desktop\OpenIV.lnk [2017.01.15 20:39:13 | 000,168,975 | ---- | M] () -- C:\Users\User\Desktop\gpmain.PNG [2017.01.15 11:25:44 | 000,001,492 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2017.01.14 12:08:33 | 000,283,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017.01.09 15:16:29 | 000,309,084 | ---- | M] () -- C:\Users\User\Desktop\wpid-universe-wallpaper.jpg [2017.01.08 05:10:05 | 000,000,199 | ---- | M] () -- C:\Users\User\Desktop\Counter-Strike Global Offensive.url [2017.01.08 02:32:37 | 000,000,533 | ---- | M] () -- C:\Users\Public\Desktop\Overwatch.lnk [2017.01.07 11:19:35 | 000,002,029 | ---- | M] () -- C:\Users\User\Desktop\OSD Server (FPS Limiter).lnk [2017.01.06 02:10:33 | 000,121,912 | ---- | M] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll [2017.01.06 01:09:23 | 000,001,951 | ---- | M] () -- C:\Windows\NvTelemetryContainerRecovery.bat [2017.01.06 00:42:56 | 000,001,951 | ---- | M] () -- C:\Windows\NvContainerRecovery.bat [2017.01.03 13:19:44 | 000,002,642 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2017.01.03 02:09:59 | 000,000,205 | ---- | M] () -- C:\Users\User\Desktop\Tom Clancy's Rainbow Six Siege.url [2017.01.03 02:08:33 | 000,000,638 | ---- | M] () -- C:\Users\User\Desktop\Uplay.lnk [2017.01.02 20:51:57 | 000,000,585 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2017.01.02 18:54:05 | 000,007,605 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2017.01.02 18:38:31 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\XTREME GAMING ENGINE.lnk [2017.01.02 18:38:31 | 000,001,231 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017.01.02 18:11:04 | 000,153,160 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2017.01.02 18:10:46 | 000,002,041 | ---- | M] () -- C:\Users\Public\Desktop\G DATA TOTAL SECURITY.lnk [2017.01.02 18:10:40 | 000,109,128 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\TS4nt.sys [2017.01.02 18:10:40 | 000,089,160 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2017.01.02 18:10:40 | 000,069,192 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2017.01.02 18:10:38 | 000,077,384 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2017.01.02 17:59:13 | 000,015,425 | ---- | M] () -- C:\Windows\SysNative\OEMDefaultAssociations.xml [2017.01.02 17:26:45 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017.01.02 17:04:21 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends.lnk [2017.01.02 17:04:02 | 000,000,427 | ---- | M] () -- C:\Users\Public\Desktop\Battle.net.lnk [2017.01.02 16:46:52 | 000,000,202 | ---- | M] () -- C:\Users\User\Desktop\Call of Duty Black Ops III.url [2017.01.02 16:43:28 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Overwolf.lnk [2017.01.02 16:43:25 | 000,000,002 | ---- | M] () -- C:\END [2017.01.02 16:42:39 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2017.01.02 16:42:22 | 000,001,852 | ---- | M] () -- C:\Users\User\Desktop\Spotify.lnk [2017.01.02 16:41:04 | 000,000,554 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2017.01.02 16:19:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2017.01.02 16:19:51 | 000,037,400 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDKBB64.sys [2017.01.02 16:19:51 | 000,030,280 | ---- | M] (G DATA Software AG) -- C:\Windows\SysNative\drivers\GDKBFlt64.sys [2017.01.02 16:19:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GDKBFlt64_01007.Wdf [2017.01.02 16:19:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GDKBB64_01007.Wdf [2017.01.02 16:19:32 | 000,105,544 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2017.01.02 16:19:31 | 000,274,400 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2017.01.02 16:19:31 | 000,180,808 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2017.01.02 14:02:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ASMBSW_01_11_00.Wdf [2017.01.02 12:50:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2017.01.19 13:10:58 | 000,012,864 | ---- | C] () -- C:\bootsqm.dat [2017.01.18 12:59:57 | 000,002,343 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2017.01.18 12:59:57 | 000,002,331 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017.01.17 17:58:43 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2017.01.15 22:24:16 | 000,444,853 | ---- | C] () -- C:\Users\User\Desktop\F_20160517172741oqGXCu.JPG [2017.01.15 21:29:36 | 000,001,306 | ---- | C] () -- C:\Users\User\Desktop\OpenIV.lnk [2017.01.15 20:39:12 | 000,168,975 | ---- | C] () -- C:\Users\User\Desktop\gpmain.PNG [2017.01.09 15:16:29 | 000,309,084 | ---- | C] () -- C:\Users\User\Desktop\wpid-universe-wallpaper.jpg [2017.01.08 05:10:05 | 000,000,199 | ---- | C] () -- C:\Users\User\Desktop\Counter-Strike Global Offensive.url [2017.01.08 02:32:37 | 000,000,533 | ---- | C] () -- C:\Users\Public\Desktop\Overwatch.lnk [2017.01.07 11:38:53 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll [2017.01.07 11:38:53 | 000,261,920 | ---- | C] () -- C:\Windows\SysNative\vulkan-1.dll [2017.01.07 11:38:53 | 000,125,216 | ---- | C] () -- C:\Windows\SysNative\vulkaninfo.exe [2017.01.07 11:38:53 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe [2017.01.07 11:37:30 | 000,001,951 | ---- | C] () -- C:\Windows\NvContainerRecovery.bat [2017.01.07 11:34:15 | 007,639,617 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2017.01.07 11:19:35 | 000,002,029 | ---- | C] () -- C:\Users\User\Desktop\OSD Server (FPS Limiter).lnk [2017.01.03 13:19:44 | 000,002,642 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2017.01.03 02:09:59 | 000,000,205 | ---- | C] () -- C:\Users\User\Desktop\Tom Clancy's Rainbow Six Siege.url [2017.01.03 02:09:59 | 000,000,205 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url [2017.01.03 02:08:33 | 000,000,638 | ---- | C] () -- C:\Users\User\Desktop\Uplay.lnk [2017.01.02 20:51:57 | 000,000,585 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2017.01.02 18:54:05 | 000,007,605 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg [2017.01.02 18:38:31 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\XTREME GAMING ENGINE.lnk [2017.01.02 18:38:31 | 000,001,231 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017.01.02 17:46:34 | 002,681,200 | ---- | C] () -- C:\Windows\SysNative\CoreUIComponents.dll [2017.01.02 17:46:29 | 000,446,896 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2017.01.02 17:46:04 | 002,048,496 | ---- | C] () -- C:\Windows\SysWow64\CoreUIComponents.dll [2017.01.02 17:26:45 | 000,002,457 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [2017.01.02 17:26:45 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat Reader DC.lnk [2017.01.02 17:04:02 | 000,000,427 | ---- | C] () -- C:\Users\Public\Desktop\Battle.net.lnk [2017.01.02 16:46:52 | 000,000,202 | ---- | C] () -- C:\Users\User\Desktop\Call of Duty Black Ops III.url [2017.01.02 16:43:28 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Overwolf.lnk [2017.01.02 16:43:22 | 000,000,002 | ---- | C] () -- C:\END [2017.01.02 16:42:39 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2017.01.02 16:42:39 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [2017.01.02 16:42:22 | 000,001,852 | ---- | C] () -- C:\Users\User\Desktop\Spotify.lnk [2017.01.02 16:42:22 | 000,001,838 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2017.01.02 16:41:04 | 000,000,554 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2017.01.02 16:38:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends.lnk [2017.01.02 16:20:30 | 000,001,492 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2017.01.02 16:20:19 | 000,001,951 | ---- | C] () -- C:\Windows\NvTelemetryContainerRecovery.bat [2017.01.02 16:19:56 | 000,002,041 | ---- | C] () -- C:\Users\Public\Desktop\G DATA TOTAL SECURITY.lnk [2017.01.02 16:19:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2017.01.02 16:19:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GDKBFlt64_01007.Wdf [2017.01.02 16:19:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GDKBB64_01007.Wdf [2017.01.02 14:23:46 | 003,050,808 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe [2017.01.02 14:23:46 | 000,019,152 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys [2017.01.02 14:23:46 | 000,012,504 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys [2017.01.02 14:13:46 | 000,121,912 | ---- | C] () -- C:\Windows\SysNative\NvRtmpStreamer64.dll [2017.01.02 14:11:27 | 000,042,286 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2017.01.02 14:11:26 | 040,125,496 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll [2017.01.02 14:11:26 | 035,222,976 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll [2017.01.02 14:11:26 | 000,000,669 | ---- | C] () -- C:\Windows\SysNative\nv-vk64.json [2017.01.02 14:11:26 | 000,000,669 | ---- | C] () -- C:\Windows\SysWow64\nv-vk32.json [2017.01.02 14:02:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ASMBSW_01_11_00.Wdf [2017.01.02 14:02:19 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2017.01.02 12:50:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2017.01.02 12:47:22 | 000,002,387 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [2017.01.02 12:32:23 | 001,818,712 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI [2017.01.02 12:28:07 | 2552,844,287 | -HS- | C] () -- C:\hiberfil.sys [2017.01.02 12:27:56 | 000,047,428 | ---- | C] () -- C:\Windows\SysWow64\license.rtf [2017.01.02 12:27:56 | 000,047,428 | ---- | C] () -- C:\Windows\SysNative\license.rtf [2017.01.02 12:27:25 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2017.01.02 12:27:14 | 000,283,464 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2017.01.02 12:27:07 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys [2016.10.12 12:57:46 | 000,265,728 | ---- | C] () -- C:\Windows\SysWow64\Windows.Perception.Stub.dll [2016.09.09 19:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll [2016.09.09 19:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe [2016.07.16 12:47:57 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2016.07.16 12:47:57 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2016.07.16 12:43:04 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2016.07.16 12:43:00 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\GamePanelExternalHook.dll [2016.07.16 12:42:55 | 000,167,640 | ---- | C] () -- C:\Windows\SysWow64\chs_singlechar_pinyin.dat [2016.07.16 12:42:53 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2016.07.16 12:42:49 | 000,304,640 | ---- | C] () -- C:\Windows\SysWow64\HrtfApo.dll [2016.07.16 12:42:48 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2016.07.16 12:42:43 | 000,002,307 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2016.07.16 12:42:12 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== ZeroAccess Check ========== [2017.01.02 16:43:27 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2016.11.11 11:01:16 | 007,219,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2016.11.11 08:47:14 | 005,722,832 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016.07.16 12:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2016.07.16 12:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016.07.16 12:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2017.01.09 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Battle.net [2017.01.02 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DRPSu [2017.01.15 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\New Technology Studio [2017.01.03 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OBS [2017.01.02 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Riot Games [2017.01.19 17:16:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2017.01.19 17:41:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2017.01.15 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinISO Computing ========== Purity Check ========== < End of report > teil 2 Code:
ATTFilter OTL Extras logfile created on: 19.01.2017 17:36:25 - Run 1 OTL by OldTimer - Version Folder = C:\Users\User\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.14393.0) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 9,33 Gb Available Physical Memory | 58,50% Memory free 18,32 Gb Paging File | 9,90 Gb Available in Paging File | 54,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 255,68 Gb Total Space | 63,57 Gb Free Space | 24,86% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 887,13 Gb Free Space | 95,24% Space Free | Partition Type: NTFS Computer Name: DESKTOP-D193TCD | User Name: Sueyuki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 06 DE 96 98 EB 64 D2 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] "DontEnumerateCommonFilesUpgradeExe" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06654745-31E7-42AA-B618-ADAA710AA1BB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{3681DF01-932E-45D7-BBB8-C9E43DEA2F5A}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{3B96A369-90B0-439B-AE04-606941CE6D7D}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{5839CA4D-94B5-421B-BBBC-1757A6985EDD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{8E708222-BC1E-4F03-BDFE-E64A61B2C2A7}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{A1D9D2E1-94DC-454D-9A3D-82A8E375CF4F}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{079B660F-F5F5-4970-BFFF-11E35A35C5F3}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{0CAF9606-F8BF-4F4E-BE59-E36DAAD7C81A}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{1196CEDE-C747-480D-B217-46B1849A56C7}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{15FCBA82-89D0-4777-9BEC-D4D50DBEE37F}" = dir=out | name=xbox | "{165DFF8C-9810-4A07-908D-322D4C3B9B54}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{16D1DE7B-7102-4C74-979F-12D34401A2E1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{18D4C4B5-4F5A-4C94-AA01-A077EFF6825B}" = dir=out | name=microsoft solitaire collection | "{1AE7D45E-614D-440A-9D1E-EE9612A898F2}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{1DF21361-DB03-41A6-B749-6DB9DFADA625}" = protocol=6 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsixgame.exe | "{1F2B0239-8D05-445E-A060-40FD177F6F41}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{1F6C88B7-48CD-4A82-846F-CADAB30EE8BC}" = dir=out | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{20DCE514-369E-4200-ADD4-4F0E0BBFA138}" = dir=out | name=royal revolt 2 | "{221173F5-21B4-4D98-A268-4CD505715626}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{23398F53-2F1F-44EB-97F4-AE3FA8A90020}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{26AD8558-D6FC-41AE-B5FD-C526F0573184}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{283A2DD8-D5F3-44B8-A7E8-96F2DE1B40A0}" = protocol=17 | dir=in | app=c:\steamssd\steamapps\common\call of duty black ops iii\blackops3.exe | "{2E1C9EE9-FD9C-4A01-B119-0EE03272FC23}" = dir=in | name=microsoft sticky notes | "{30098E83-4FEF-4368-8066-F96D0EB4BD7A}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{364ABEE5-AD25-4174-9A47-7F3DC6A2FFA5}" = protocol=6 | dir=in | app=c:\steamssd\steamapps\common\call of duty black ops iii\blackops3.exe | "{391AEFB0-2D6E-4025-A26C-7807D26240AE}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{439FF6F8-CF04-46D1-9167-D2755D32CFA3}" = dir=out | name=@{microsoft.people_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{454E2301-D6C8-407C-BBA2-F4CDA2980E37}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{48A392A7-87FA-4570-A9B3-191AFD41B111}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{4D3E3E64-EFBE-47C8-A5A6-4791DF9AC367}" = dir=out | name=onenote | "{4D7EABF0-2B68-41DE-BE7D-5E9664B1AE24}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{4EAFEC2E-900E-494A-B571-270A3BB7CFE2}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | "{514A1A47-1924-491D-AA42-B7C2AC1C19F4}" = dir=in | name=microsoft solitaire collection | "{514AE5E1-45E2-45A5-8F1F-440D7C3F796F}" = dir=out | name=netflix | "{51B6605A-4840-47B8-A42A-343E675F8DF1}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{549B830D-D71C-4CA9-9B98-3252E7B087F1}" = dir=out | name=twitter | "{56A71A33-DF0F-4830-9836-867996AC5206}" = protocol=17 | dir=in | app=c:\steamssd\steamapps\common\steamvrperformancetest\bin\win64\vr.exe | "{5CC6135D-2159-4867-8A99-A7F9617E84A0}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{5CFFF282-F2BC-4F9C-AFC2-20258941DA66}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{60BD9AB8-8C74-455C-ABA5-9D2D1F7A020C}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{64687E9C-0071-4588-BE4C-89C644BF9845}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{6673AC2B-4EBD-4201-B653-BD2B551D7FE0}" = dir=out | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{67422236-8D09-4D4F-9FF7-65B8E603CDC0}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{67DFA4C7-5F61-4575-82C9-065F33F61FF2}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{6855503A-8647-40F6-94EF-88B9E24F1481}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{686BDEC8-66F9-4810-8332-BC70F19186B6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{6E5EFA93-D8B6-46CB-9C6D-B1D09CBF578A}" = protocol=17 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsix.exe | "{715025C2-38EC-4CF2-AD21-07B149D2455A}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{769714C5-6D15-4CC2-ADDD-B22D8EDBCBE4}" = dir=in | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{76D2D9C1-9E4A-4466-BBDF-DEAD9ED70456}" = dir=out | name=minecraft: windows 10 edition | "{856E81BB-AA86-4F1F-9EC0-4E3EFC252278}" = dir=in | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{87FE2D48-73B2-479E-B49B-7153CB5CF432}" = dir=in | name=onenote | "{8C9AC9E1-DE05-4766-B329-EDFDAF5BB49E}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{8D77DEA6-ECA3-4E16-A6B6-06C2F6507326}" = dir=out | name=store purchase app | "{8EB29A80-0BF8-4114-A9E6-B42CE05BD969}" = dir=out | name=microsoft sticky notes | "{930F8B6D-CE57-42CA-8C49-999DFB125D69}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{939E3796-F973-4653-AAD2-88F0413DA68B}" = dir=out | name=candy crush soda saga | "{93CA49AA-C29D-4A7D-8FEB-91E950792B1B}" = protocol=6 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsix.exe | "{9964549C-FD46-4470-98D7-78A419072546}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{99C4D9E9-DFAB-47FB-9A60-F34C2C1279FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9FD96644-DDAE-440F-9970-4AFC129960BE}" = dir=in | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{A86456FD-6100-4632-B6C8-122017DAD2C9}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{AA0FAA41-4D4C-40DA-B8D6-2B1BD74D1013}" = dir=in | name=netflix | "{AB56AC6E-F6BB-4793-8CE2-44AF2A643C85}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | "{ABF4E2EC-000F-4B0A-8444-8A8F5F1B5189}" = protocol=17 | dir=in | app=e:\gtav\gta5.exe | "{B139556B-BA46-43BC-BD17-EBA9AE984707}" = dir=in | name=minecraft: windows 10 edition | "{B93C8C3D-07F7-4CC1-BDB4-CCA9C039CDBE}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{B9FAD286-7F5A-4287-B309-92FB5A1DBC24}" = dir=in | name=royal revolt 2 | "{BA77D143-CE37-4E2A-AA0F-EEBF3515794A}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{BA90116A-E4DD-416E-AFCB-667A7BC811A2}" = dir=out | name=@{microsoft.getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{BB5D6D5E-509B-41CC-86BC-AB5F3ABF662E}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{C22CED5E-D82B-4D4E-BE52-96C3DEBFAB16}" = protocol=6 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe | "{C3B6E7E3-2292-4FF6-A013-4BFDB598A68F}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{CA6D4ED4-1638-415F-B2B0-422ECA6D86B9}" = protocol=17 | dir=in | app=e:\steam\steam.exe | "{D1E7C46F-4920-4C71-8736-3A925642F5FC}" = protocol=17 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsixgame.exe | "{D3044524-62E5-4431-8B4C-76DFF9262976}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{D33EE760-F10E-4881-98E4-D00C5B49EEA6}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{D4CBCFC7-7534-4258-82EA-9772A136EA81}" = dir=out | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{D622163D-7E19-41FF-B05F-9872AA52FBA7}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{DC12CF89-C2BC-4867-8BFD-2C8437469175}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{DC460EA0-3359-491C-B954-2E9388905CDD}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{E576559E-C46A-4FDC-ACBC-3160CAEE51EE}" = protocol=6 | dir=in | app=c:\steamssd\steamapps\common\steamvrperformancetest\bin\win64\vr.exe | "{E5805949-69C0-44DB-81E5-7F870D1F278B}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{E65698C6-5B24-4C92-A243-287F9BB12609}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{EBC2FEF3-1063-4DCD-844B-B9C0472C6EB1}" = protocol=6 | dir=in | app=e:\gtav\gta5.exe | "{ECAE38A0-59B4-495A-96FD-C570C5907642}" = dir=out | name=facebook | "{EE36568C-BE2B-45C6-84B8-DBA9BBC652D1}" = protocol=17 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe | "{EEB9A65F-ECE4-41CB-B7F3-21BA0C54AC0A}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{F09BD4EC-5213-4ABD-A529-3C6177E27D58}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{F1F72878-EA91-44DC-8489-9873D18D5262}" = dir=in | name=xbox | "{F58447A4-8B60-445E-97D4-17E9043ABC3B}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{F722953B-8BD6-414C-A242-389AEAB85D17}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{F8403A32-D36D-440A-ADFB-7D5F1F4E5303}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{F8A3751D-B169-4317-B9C5-6F3978345E56}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{FB78F881-81EC-4714-9DA3-E24E898B4D4B}" = protocol=6 | dir=in | app=e:\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918 "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 369.04 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.16.0318 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA Wireless Controller Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NvNodejs "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NvTelemetry "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer" = NVIDIA Telemetry Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci" = NvvHci "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 3.51.2 "{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918 "{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}" = Overwolf.Setup.VC100CRTx64.Dist "Steam App 311210" = Call of Duty: Black Ops III "Steam App 323910" = SteamVR Performance Test "Steam App 730" = Counter-Strike: Global Offensive "TeamSpeak 3 Client" = TeamSpeak 3 Client "VulkanRT1.0.26.0" = Vulkan Run Time Libraries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch "{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918 "{BD9CFD69-EB91-354E-9C98-D439E6091932}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918 "{C56877FD-6BEB-4717-81B3-1254FA1FD7FC}" = League of Legends "{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.30 "Battle.net" = Battle.net "Diablo III" = Diablo III "G DATA TOTAL SECURITY" = G DATA TOTAL SECURITY "GIGABYTE XTREME GAMING ENGINE_is1" = XTREME GAMING ENGINE "Google Chrome" = Google Chrome "League of Legends 4.2.1" = League of Legends "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Overwatch" = Overwatch "Overwolf" = Overwolf "Razer Chroma SDK" = Razer Chroma SDK Core Components "Razer Surround" = Razer Surround "Rockstar Games Social Club" = Rockstar Games Social Club "Steam" = Steam "Uplay" = Uplay "Uplay Install 635" = Tom Clancy's Rainbow Six Siege ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "OneDriveSetup.exe" = Microsoft OneDrive "OpenIV" = OpenIV "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = PerfNet | ID = 2004 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1023 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = PerfNet | ID = 2004 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1023 Description = [ System Events ] Error - 19.01.2017 08:11:43 | Computer Name = DESKTOP-D193TCD | Source = Service Control Manager | ID = 7000 Description = Der Dienst "asComSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 19.01.2017 08:11:44 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:11:52 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:11:54 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10010 Description = Error - 19.01.2017 08:11:54 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10010 Description = Error - 19.01.2017 08:12:02 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:13:24 | Computer Name = DESKTOP-D193TCD | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: Microsoft Sticky Notes Error - 19.01.2017 09:25:47 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 12:11:23 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 12:12:49 | Computer Name = DESKTOP-D193TCD | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: Microsoft Sticky Notes < End of report > hier die extras.txt Code:
ATTFilter OTL Extras logfile created on: 19.01.2017 17:36:25 - Run 1 OTL by OldTimer - Version Folder = C:\Users\User\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.14393.0) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,94 Gb Total Physical Memory | 9,33 Gb Available Physical Memory | 58,50% Memory free 18,32 Gb Paging File | 9,90 Gb Available in Paging File | 54,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 255,68 Gb Total Space | 63,57 Gb Free Space | 24,86% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 887,13 Gb Free Space | 95,24% Space Free | Partition Type: NTFS Computer Name: DESKTOP-D193TCD | User Name: Sueyuki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 06 DE 96 98 EB 64 D2 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] "DontEnumerateCommonFilesUpgradeExe" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06654745-31E7-42AA-B618-ADAA710AA1BB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{3681DF01-932E-45D7-BBB8-C9E43DEA2F5A}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{3B96A369-90B0-439B-AE04-606941CE6D7D}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvcontainer\nvcontainer.exe | "{5839CA4D-94B5-421B-BBBC-1757A6985EDD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{8E708222-BC1E-4F03-BDFE-E64A61B2C2A7}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{A1D9D2E1-94DC-454D-9A3D-82A8E375CF4F}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{079B660F-F5F5-4970-BFFF-11E35A35C5F3}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{0CAF9606-F8BF-4F4E-BE59-E36DAAD7C81A}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{1196CEDE-C747-480D-B217-46B1849A56C7}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{15FCBA82-89D0-4777-9BEC-D4D50DBEE37F}" = dir=out | name=xbox | "{165DFF8C-9810-4A07-908D-322D4C3B9B54}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{16D1DE7B-7102-4C74-979F-12D34401A2E1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{18D4C4B5-4F5A-4C94-AA01-A077EFF6825B}" = dir=out | name=microsoft solitaire collection | "{1AE7D45E-614D-440A-9D1E-EE9612A898F2}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{1DF21361-DB03-41A6-B749-6DB9DFADA625}" = protocol=6 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsixgame.exe | "{1F2B0239-8D05-445E-A060-40FD177F6F41}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{1F6C88B7-48CD-4A82-846F-CADAB30EE8BC}" = dir=out | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{20DCE514-369E-4200-ADD4-4F0E0BBFA138}" = dir=out | name=royal revolt 2 | "{221173F5-21B4-4D98-A268-4CD505715626}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{23398F53-2F1F-44EB-97F4-AE3FA8A90020}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{26AD8558-D6FC-41AE-B5FD-C526F0573184}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{283A2DD8-D5F3-44B8-A7E8-96F2DE1B40A0}" = protocol=17 | dir=in | app=c:\steamssd\steamapps\common\call of duty black ops iii\blackops3.exe | "{2E1C9EE9-FD9C-4A01-B119-0EE03272FC23}" = dir=in | name=microsoft sticky notes | "{30098E83-4FEF-4368-8066-F96D0EB4BD7A}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} | "{364ABEE5-AD25-4174-9A47-7F3DC6A2FFA5}" = protocol=6 | dir=in | app=c:\steamssd\steamapps\common\call of duty black ops iii\blackops3.exe | "{391AEFB0-2D6E-4025-A26C-7807D26240AE}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{439FF6F8-CF04-46D1-9167-D2755D32CFA3}" = dir=out | name=@{microsoft.people_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} | "{454E2301-D6C8-407C-BBA2-F4CDA2980E37}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} | "{48A392A7-87FA-4570-A9B3-191AFD41B111}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} | "{4D3E3E64-EFBE-47C8-A5A6-4791DF9AC367}" = dir=out | name=onenote | "{4D7EABF0-2B68-41DE-BE7D-5E9664B1AE24}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} | "{4EAFEC2E-900E-494A-B571-270A3BB7CFE2}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} | "{514A1A47-1924-491D-AA42-B7C2AC1C19F4}" = dir=in | name=microsoft solitaire collection | "{514AE5E1-45E2-45A5-8F1F-440D7C3F796F}" = dir=out | name=netflix | "{51B6605A-4840-47B8-A42A-343E675F8DF1}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{549B830D-D71C-4CA9-9B98-3252E7B087F1}" = dir=out | name=twitter | "{56A71A33-DF0F-4830-9836-867996AC5206}" = protocol=17 | dir=in | app=c:\steamssd\steamapps\common\steamvrperformancetest\bin\win64\vr.exe | "{5CC6135D-2159-4867-8A99-A7F9617E84A0}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{5CFFF282-F2BC-4F9C-AFC2-20258941DA66}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} | "{60BD9AB8-8C74-455C-ABA5-9D2D1F7A020C}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{64687E9C-0071-4588-BE4C-89C644BF9845}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7805.42277.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} | "{6673AC2B-4EBD-4201-B653-BD2B551D7FE0}" = dir=out | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{67422236-8D09-4D4F-9FF7-65B8E603CDC0}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} | "{67DFA4C7-5F61-4575-82C9-065F33F61FF2}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.693_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} | "{6855503A-8647-40F6-94EF-88B9E24F1481}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{686BDEC8-66F9-4810-8332-BC70F19186B6}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{6E5EFA93-D8B6-46CB-9C6D-B1D09CBF578A}" = protocol=17 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsix.exe | "{715025C2-38EC-4CF2-AD21-07B149D2455A}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{769714C5-6D15-4CC2-ADDD-B22D8EDBCBE4}" = dir=in | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} | "{76D2D9C1-9E4A-4466-BBDF-DEAD9ED70456}" = dir=out | name=minecraft: windows 10 edition | "{856E81BB-AA86-4F1F-9EC0-4E3EFC252278}" = dir=in | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{87FE2D48-73B2-479E-B49B-7153CB5CF432}" = dir=in | name=onenote | "{8C9AC9E1-DE05-4766-B329-EDFDAF5BB49E}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} | "{8D77DEA6-ECA3-4E16-A6B6-06C2F6507326}" = dir=out | name=store purchase app | "{8EB29A80-0BF8-4114-A9E6-B42CE05BD969}" = dir=out | name=microsoft sticky notes | "{930F8B6D-CE57-42CA-8C49-999DFB125D69}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{939E3796-F973-4653-AAD2-88F0413DA68B}" = dir=out | name=candy crush soda saga | "{93CA49AA-C29D-4A7D-8FEB-91E950792B1B}" = protocol=6 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsix.exe | "{9964549C-FD46-4470-98D7-78A419072546}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{99C4D9E9-DFAB-47FB-9A60-F34C2C1279FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9FD96644-DDAE-440F-9970-4AFC129960BE}" = dir=in | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{A86456FD-6100-4632-B6C8-122017DAD2C9}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{AA0FAA41-4D4C-40DA-B8D6-2B1BD74D1013}" = dir=in | name=netflix | "{AB56AC6E-F6BB-4793-8CE2-44AF2A643C85}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} | "{ABF4E2EC-000F-4B0A-8444-8A8F5F1B5189}" = protocol=17 | dir=in | app=e:\gtav\gta5.exe | "{B139556B-BA46-43BC-BD17-EBA9AE984707}" = dir=in | name=minecraft: windows 10 edition | "{B93C8C3D-07F7-4CC1-BDB4-CCA9C039CDBE}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} | "{B9FAD286-7F5A-4287-B309-92FB5A1DBC24}" = dir=in | name=royal revolt 2 | "{BA77D143-CE37-4E2A-AA0F-EEBF3515794A}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} | "{BA90116A-E4DD-416E-AFCB-667A7BC811A2}" = dir=out | name=@{microsoft.getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} | "{BB5D6D5E-509B-41CC-86BC-AB5F3ABF662E}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} | "{C22CED5E-D82B-4D4E-BE52-96C3DEBFAB16}" = protocol=6 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe | "{C3B6E7E3-2292-4FF6-A013-4BFDB598A68F}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} | "{CA6D4ED4-1638-415F-B2B0-422ECA6D86B9}" = protocol=17 | dir=in | app=e:\steam\steam.exe | "{D1E7C46F-4920-4C71-8736-3A925642F5FC}" = protocol=17 | dir=in | app=c:\uplayssd\tom clancy's rainbow six siege\rainbowsixgame.exe | "{D3044524-62E5-4431-8B4C-76DFF9262976}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} | "{D33EE760-F10E-4881-98E4-D00C5B49EEA6}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} | "{D4CBCFC7-7534-4258-82EA-9772A136EA81}" = dir=out | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} | "{D622163D-7E19-41FF-B05F-9872AA52FBA7}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} | "{DC12CF89-C2BC-4867-8BFD-2C8437469175}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} | "{DC460EA0-3359-491C-B954-2E9388905CDD}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{E576559E-C46A-4FDC-ACBC-3160CAEE51EE}" = protocol=6 | dir=in | app=c:\steamssd\steamapps\common\steamvrperformancetest\bin\win64\vr.exe | "{E5805949-69C0-44DB-81E5-7F870D1F278B}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} | "{E65698C6-5B24-4C92-A243-287F9BB12609}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{EBC2FEF3-1063-4DCD-844B-B9C0472C6EB1}" = protocol=6 | dir=in | app=e:\gtav\gta5.exe | "{ECAE38A0-59B4-495A-96FD-C570C5907642}" = dir=out | name=facebook | "{EE36568C-BE2B-45C6-84B8-DBA9BBC652D1}" = protocol=17 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe | "{EEB9A65F-ECE4-41CB-B7F3-21BA0C54AC0A}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} | "{F09BD4EC-5213-4ABD-A529-3C6177E27D58}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} | "{F1F72878-EA91-44DC-8489-9873D18D5262}" = dir=in | name=xbox | "{F58447A4-8B60-445E-97D4-17E9043ABC3B}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{F722953B-8BD6-414C-A242-389AEAB85D17}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} | "{F8403A32-D36D-440A-ADFB-7D5F1F4E5303}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} | "{F8A3751D-B169-4317-B9C5-6F3978345E56}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} | "{FB78F881-81EC-4714-9DA3-E24E898B4D4B}" = protocol=6 | dir=in | app=e:\steam\steam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 "{7B50D081-E670-3B43-A460-0E2CDB5CE984}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23918 "{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 "{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 376.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 369.04 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.16.0318 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA Wireless Controller Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend" = NVIDIA Backend "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer" = NVIDIA Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem" = NVIDIA LocalSystem Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus" = NVIDIA Message Bus for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService" = NVIDIA NetworkService Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session" = NVIDIA Session Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User" = NVIDIA User Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs" = NvNodejs "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog" = NVIDIA Watchdog Plugin for NvContainer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry" = NvTelemetry "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer" = NVIDIA Telemetry Container "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci" = NvvHci "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC" = Nvidia Share "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 3.51.2 "{DFFEB619-5455-3697-B145-243D936DB95B}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23918 "{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}" = Overwolf.Setup.VC100CRTx64.Dist "Steam App 311210" = Call of Duty: Black Ops III "Steam App 323910" = SteamVR Performance Test "Steam App 730" = Counter-Strike: Global Offensive "TeamSpeak 3 Client" = TeamSpeak 3 Client "VulkanRT1.0.26.0" = Vulkan Run Time Libraries [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 "{AC76BA86-0804-1033-1959-001824211354}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC - Deutsch "{B5FC62F5-A367-37A5-9FD2-A6E137C0096F}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23918 "{BD9CFD69-EB91-354E-9C98-D439E6091932}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23918 "{C56877FD-6BEB-4717-81B3-1254FA1FD7FC}" = League of Legends "{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.30 "Battle.net" = Battle.net "Diablo III" = Diablo III "G DATA TOTAL SECURITY" = G DATA TOTAL SECURITY "GIGABYTE XTREME GAMING ENGINE_is1" = XTREME GAMING ENGINE "Google Chrome" = Google Chrome "League of Legends 4.2.1" = League of Legends "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Overwatch" = Overwatch "Overwolf" = Overwolf "Razer Chroma SDK" = Razer Chroma SDK Core Components "Razer Surround" = Razer Surround "Rockstar Games Social Club" = Rockstar Games Social Club "Steam" = Steam "Uplay" = Uplay "Uplay Install 635" = Tom Clancy's Rainbow Six Siege ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "OneDriveSetup.exe" = Microsoft OneDrive "OpenIV" = OpenIV "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = PerfNet | ID = 2004 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1023 Description = Error - 19.01.2017 12:44:25 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1008 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = PerfNet | ID = 2004 Description = Error - 19.01.2017 12:46:22 | Computer Name = DESKTOP-D193TCD | Source = Perflib | ID = 1023 Description = [ System Events ] Error - 19.01.2017 08:11:43 | Computer Name = DESKTOP-D193TCD | Source = Service Control Manager | ID = 7000 Description = Der Dienst "asComSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 19.01.2017 08:11:44 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:11:52 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:11:54 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10010 Description = Error - 19.01.2017 08:11:54 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10010 Description = Error - 19.01.2017 08:12:02 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 08:13:24 | Computer Name = DESKTOP-D193TCD | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: Microsoft Sticky Notes Error - 19.01.2017 09:25:47 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 12:11:23 | Computer Name = DESKTOP-D193TCD | Source = DCOM | ID = 10016 Description = Error - 19.01.2017 12:12:49 | Computer Name = DESKTOP-D193TCD | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: Microsoft Sticky Notes < End of report > hier die extras.txt Code:
ATTFilter NlaSvc Manual Proxies Status : Scanned Object : HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ MD5 : - Publisher : - Size : - Version : - Detection : Potentially Unwanted Modification Cleaning Action : Delete Related Objects : Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\@ = 0hxxp://noblockweb.org/wpad.dat?5eb931c846419c2ee1b3c3d0c0ec5cd523775190 hab die datei gelöscht aber sie kommt immer wieder bzw ist da trotz löschung |
![]() | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen Aha. Und was soll ich mit diesen Logs jetzt tun? Wir hatten über Werkseinstellungen gesprochen, nciht über weitere Logs.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #10 |
| ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen am Anfang hatten sie mich drum gebeten logs reinzusenden von den verschiedenen programmen die ich durchgeführt hatte.ivh meinte daraufhin das ich sie am nächsten tag schicken werde. das mit den werkeinstellungen war eine frage rein aus interesse wie bereit beschrieben^^ |
![]() | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen dann entscheide dich doch einfach mal ![]() Ich analysiere hier doch keine Logs, schon garkeine die ich nicht angefordert habe, wenn du eh alles plätten und neu machen willst ![]()
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() |
Themen zu Chrome öffnet von alleine Werbetabs oder benutzt andere suchmaschienen |
andere, ausgeführt, browser, chip, cleaner, data, datei, deinstalliert, dringend, durchsucht, löschen, malware, nicht mehr, scan, scann, schutzprogramm, spiel, tagen, tan, trotz, virenschutzprogramm, werbung, öffnen, öffnet, öffnet von alleine |