| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.04.2017, 20:30
| #1 |
 |  Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hallo liebes Trojaner Board Team, aufgrund der Startseite 123startpaging.com in Chrome habe ich MBAM angeworfen. Am 26.02.17 fand MBAM folgendes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 26.02.2017 Suchlaufzeit: 15:13 Protokolldatei: Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2017.01.30.04 Rootkit-Datenbank: v2017.02.15.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lucas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 318552 Abgelaufene Zeit: 6 Min., 11 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 13 PUP.Optional.StartGo123, C:\Windows\SysWOW64\NetUtils2016.exe, 2940, Löschen bei Neustart, [2be1daa8b7f14ceaf13091c72fd1f10f] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe, 3856, Löschen bei Neustart, [0a023052872156e0aabece00f90737c9] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe, 4468, Löschen bei Neustart, [0a023052872156e0aabece00f90737c9] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe, 4456, Löschen bei Neustart, [0a023052872156e0aabece00f90737c9] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, 4496, Löschen bei Neustart, [ba52047e3f694beba0c80cc20cf46f91] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, 2396, Löschen bei Neustart, [ba52047e3f694beba0c80cc20cf46f91] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, 3952, Löschen bei Neustart, [ba52047e3f694beba0c80cc20cf46f91] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe, 3896, Löschen bei Neustart, [29e3631f6147999dde8a2ba35fa1659b] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe, 2044, Löschen bei Neustart, [29e3631f6147999dde8a2ba35fa1659b] PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe, 2740, Löschen bei Neustart, [29e3631f6147999dde8a2ba35fa1659b] PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\57563f7863d419ce5e9ad5121c2391f5.exe, 5100, Löschen bei Neustart, [b15b8df54c5c191db985efbd06fdb34d] PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.exe, 4020, Löschen bei Neustart, [5ab28200e2c6e155f4501894798aa25e] Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Hotfresh.exe, 3088, Löschen bei Neustart, [fb11abd7d1d7c27427eb13b513edf808] Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 96 Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d393c14de1c20275022642add0d1a328, In Quarantäne, [fd0f9de54167280e3a74780cec14867a], PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, In Quarantäne, [ef1d028016922115c25f65f3867a8977], Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{D38BA724-F772-11E6-9601-64006A5CFC23}, In Quarantäne, [8b817012971138fefc0f842aae52d52b], Adware.Elex.SHHKRST, HKLM\SOFTWARE\CLASSES\CLSID\{D38BA724-F772-11E6-9601-64006A5CFC23}\INPROCSERVER32, In Quarantäne, [8b817012971138fefc0f842aae52d52b], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In Quarantäne, [63a919694365aa8c11b9e4abf11146ba], PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In Quarantäne, [cc408bf71b8db38334961a7558aa8c74], PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, In Quarantäne, [5daf2b5780282c0a4b7f503f32d04bb5], PUP.Optional.AppTrailers, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AppTrailers, In Quarantäne, [64a8c0c221878caa939854235fa1d828], PUP.Optional.Wajam.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\b68e9dcad3e2b79cb5acd57cdaaf854b, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CloudPrinter, In Quarantäne, [5ab28200e2c6e155f4501894798aa25e], Adware.Hicosmea, HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}, In Quarantäne, [8a82f68c5355de582c1ebadd46bd4bb5], PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [f5171e641b8d41f5fc149de3ce35eb15], PUP.Optional.Social2Search, HKLM\SOFTWARE\Socia2Sea Browser Enhancer, In Quarantäne, [41cb4b37f8b0f6401731d2eaab55dd23], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROLEAVES\Online.io Application, In Quarantäne, [0c00087a17912b0b7ad6a47f19e7768a], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROLEAVES\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, In Quarantäne, [a765146eb6f293a33bda8007916fef11], PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [87853151971131059df57f2faf54c43c], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{078F4C3E-1848-4730-B93B-C3EECB7E5FAC}, Löschen bei Neustart, [a369e79bd6d2ef473780c6a9b05005fb], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{14DF2CD0-2E7F-4FB4-9FA0-F7B9AB0C5D95}, Löschen bei Neustart, [12fa2161347472c438040d168e72e61a], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1ABFD0A2-9281-4A29-BD3A-5D0565DB8CFD}, Löschen bei Neustart, [8e7e433f7c2c4aecc8efe28d748c8b75], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{254BC8F4-3AF9-413B-87E4-72F9209A04B3}, Löschen bei Neustart, [0507c9b98e1ac175d3e447286e929868], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2970690F-0857-451C-B0C8-30DEE06F3CE3}, Löschen bei Neustart, [7399334fd6d2df57fabd0966f20e1de3], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A32A938-AC93-463D-850F-CCF4EE522F4C}, Löschen bei Neustart, [36d6ceb4fcac280e3507fb28f40c4bb5], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BE08A3A-5A98-4025-B1B8-2D43149FF6FE}, Löschen bei Neustart, [48c485fd377161d5073572b137c928d8], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4867A67D-A751-4E82-BF3B-69479B3089EF}, Löschen bei Neustart, [ee1e9be723856accf4c398d73dc3738d], PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D0D53DA-3900-4C1F-93F8-0EADDDC97658}, Löschen bei Neustart, [c646d4aee8c00333f460644b43c0a957], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4EF6D390-471E-47D8-B8B0-A668076F9842}, Löschen bei Neustart, [8a823f43c9df05310ea9fb74fc04cc34], PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B4334E7-C6C0-4818-BA4A-15BDD90586AA}, Löschen bei Neustart, [7f8dcab8367244f2f8187191da2609f7], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{710522E8-09E1-4670-A618-44D5B7604B6D}, Löschen bei Neustart, [dc30483a7335c3736eceaf749f6120e0], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A6EB60-9872-43C9-B88D-A01041B4CDB1}, Löschen bei Neustart, [0c00cab8a107ce68b58730f3996734cc], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A9103F2-6FE8-4013-BD09-917F903C70FB}, Löschen bei Neustart, [050785fd3474ac8a300c091aca365aa6], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96979067-5FC0-4503-B549-2E5C0B5078F8}, Löschen bei Neustart, [b95319693573e254b488ad7623ddd927], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE21AB44-439E-4EEC-A649-AD78FE01715D}, Löschen bei Neustart, [63a9bdc5a305a98dcc7079aa6e92df21], PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B1E8B33D-65D7-4CAE-B108-A217CD129BB5}, Löschen bei Neustart, [ea22fe84911743f3875fb3e29a662fd1], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C05DEDE6-734D-47CB-BFF6-422F80E27213}, Löschen bei Neustart, [25e7ceb4a206ff37db619d86718fe818], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D20A3CBA-0D42-4758-8140-AFF5E1AC6191}, Löschen bei Neustart, [21ebfc86a305310506b1f778847c27d9], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D368E713-2100-41E8-8A18-9FFF153821A3}, Löschen bei Neustart, [7e8e4d3552561b1be9cee28d5fa133cd], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E64089B8-DAFA-417C-8B72-658B3AADFC15}, Löschen bei Neustart, [e9235c2673353ff7dd5f57cc5ea2e11f], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB6BC041-4491-4E7F-A48E-6C48AA395B29}, Löschen bei Neustart, [d03cf78b5058989ead0a3b34ca36cc34], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FD9B2C23-D249-4988-A50F-C1F842A092E9}, Löschen bei Neustart, [c14bb3cf5751b1858e2981eedd239d63], PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GEN, Löschen bei Neustart, [44c8b7cbedbb49edde1f296c867a916f], PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\GEN_Interval, Löschen bei Neustart, [c547b2d042660d298bcafcb3d132946c], PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\HDWallPaper, Löschen bei Neustart, [7d8fc3bfc9df6fc782efa798b44cbd43], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application, Löschen bei Neustart, [0606f78b4167c6704722071cf709936d], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application Guard, Löschen bei Neustart, [dd2f047e41671a1cb4b570b34fb1758b], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application Guardian, Löschen bei Neustart, [65a73f43c1e7d066214850d3d52b7789], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application Updater, Löschen bei Neustart, [fc10e79b01a70531511867bc07f935cb], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v2, Löschen bei Neustart, [709c9fe3bfe9b87e7eeb968d23ddb44c], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v2 Guard, Löschen bei Neustart, [31db285a9c0cde587aef939037c9ec14], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v2 Guardian, Löschen bei Neustart, [36d6ea988226fa3c53160320b54b1ae6], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v209, Löschen bei Neustart, [3cd00181258347ef0e5b5bc809f75da3], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v209 Guard, Löschen bei Neustart, [31dbdea4733570c69dccb86b679953ad], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Online Application v209 Guardian, Löschen bei Neustart, [0efebac8cadeb87e1f4ad0537d83a858], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange, Löschen bei Neustart, [808cceb42781f73f7c1d2e4014ece41c], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Guard, Löschen bei Neustart, [6aa23e44eabeb581c7d21658c73924dc], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Guardian, Löschen bei Neustart, [c24a1171d8d0fb3b4455214dbf41d32d], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange Updater, Löschen bei Neustart, [26e6a9d9a20661d5f6a3412db44cac54], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 1, Löschen bei Neustart, [e32994eee1c7fc3a2e6b72fc3fc1b54b], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 2, Löschen bei Neustart, [ec20f88ad8d01125d6c3c8a6857ba759], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v2 - 3, Löschen bei Neustart, [41cb5d25e2c6b482524737371ce40cf4], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 1, Löschen bei Neustart, [9973dba7c8e0989e0693c8a68080cd33], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 2, Löschen bei Neustart, [5bb19fe3f8b02115c8d1105ea55b30d0], PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Traffic Exchange v209 - 3, Löschen bei Neustart, [d339a4dee7c13bfbbcdd73fbac5414ec], PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, In Quarantäne, [d23ad6acfeaa92a449c72b55699a4ab6], Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtHotfresh, In Quarantäne, [d339e79bf2b62d0950b1ae1a1ce46898], PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Socia2Sea Browser Enhancer, In Quarantäne, [e4282b57dace290dcf790ab247b9768a], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\youndooSoftware, In Quarantäne, [a4686c16f4b4ae88881a3a82f01213ed], PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application Installer, In Quarantäne, [8a82473b1791b185ae91561845bb847c], PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, In Quarantäne, [bd4f186ad2d664d20c44f52ea35d35cb], PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Traffic Exchange, In Quarantäne, [5daf6b173f69cd6924badf88c838d828], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, In Quarantäne, [e923a9d991171026507dcdde828125db], PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, In Quarantäne, [917bc5bdc8e0c86e385ac5e962a1926e], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASAPI32, In Quarantäne, [8389d9a9d1d786b0b6352f7d52b1b14f], PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CloudPrinter_RASMANCS, In Quarantäne, [4fbd0a788424e05606e55953ba49639d], Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Hotfresh_RASAPI32, In Quarantäne, [0a0251313e6aa4921d3342858b75619f], Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Hotfresh_RASMANCS, In Quarantäne, [2ede730ffdabd1650848eddae91726da], Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Hotfresh.exe, In Quarantäne, [35d7eb97674136002fc48244926e916f], PUP.Optional.HDWallPaper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HDWallPaper_is1, In Quarantäne, [8e7e542e90182a0c85b62e17fa06da26], Adware.Hicosmea, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{fd7bad22-3721-476e-e815-8e1e74df2bcd}, In Quarantäne, [b05ca1e172368ea8409d900fa858847c], PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A31BC23-3B53-421E-ACB3-79439E182409}, In Quarantäne, [808cc9b9357358deb7265a620bf751af], PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5290B155-5BF4-4346-995E-F1F04907DFF4}, In Quarantäne, [8e7e0d754266e05621e4dc8d7f84718f], PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}, In Quarantäne, [68a486fcfaaea98d16db1f5760a0768a], PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}, In Quarantäne, [bb51562c3a6e95a13e2c26f3f01019e7], Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\LS2HYJMI, In Quarantäne, [709c98ea62460a2ca1bcea9ce21e54ac], PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016srv, In Quarantäne, [4cc01f635d4b4ee8c2368fc8976902fe], PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, In Quarantäne, [8884e49e1296cc6a06ad7a33f013ee12], Adware.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HOTFRESH, In Quarantäne, [7399e1a13f69cd699f0b00c643bdb947], Adware.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\mtHotfresh, In Quarantäne, [907cb0d2d4d40432f1277156b54be51b], Adware.Hicosmea, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\tivecar, In Quarantäne, [c745cfb3dbcd4aecb2a1158beb15bc44], PUP.Optional.Wajam, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\WajIEnhance, In Quarantäne, [5ab2b3cfcfd9f145ab7a5822e023e818], PUP.Optional.AppTrailers, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\APPDATALOW\SOFTWARE\AppTrailers, In Quarantäne, [f517c0c2beea44f2decf6be8b0500af6], PUP.Optional.Linkury, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, In Quarantäne, [cf3dc1c141679a9c9735ab00020150b0], PUP.Optional.Hicosmea, HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}, In Quarantäne, [d5375b273f696ec8f26c490d1be8b54b], PUP.Optional.Hicosmea, HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\WOW6432NODE\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}, In Quarantäne, [8d7faed4acfc3df93b23a0b631d2cf31], PUP.Optional.Hicosmea, HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\WOW6432NODE\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}, In Quarantäne, [e824b0d2b7f1a690dfe55f118f716a96], Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HOTFRESH.EXE, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HOTFRESH.EXE, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Registrierungswerte: 43 PUP.Optional.HDWallPaper, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HDWallPaper, "C:\Program Files (x86)\HDWallPaper\TaskSetter.exe" /start, In Quarantäne, [9577c4be5f49c274f44998a9709015eb] Adware.Elex.SHHKRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS|{D38BA724-F772-11E6-9601-64006A5CFC23}, In Quarantäne, [8b817012971138fefc0f842aae52d52b], PUP.Optional.AppTrailers, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\AppTrailers.exe su, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{078F4C3E-1848-4730-B93B-C3EECB7E5FAC}|Path, \Traffic Exchange v2 - 3, Löschen bei Neustart, [a369e79bd6d2ef473780c6a9b05005fb] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{14DF2CD0-2E7F-4FB4-9FA0-F7B9AB0C5D95}|Path, \Online Application, Löschen bei Neustart, [12fa2161347472c438040d168e72e61a] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1ABFD0A2-9281-4A29-BD3A-5D0565DB8CFD}|Path, \Traffic Exchange v209 - 2, Löschen bei Neustart, [8e7e433f7c2c4aecc8efe28d748c8b75] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{254BC8F4-3AF9-413B-87E4-72F9209A04B3}|Path, \Traffic Exchange Updater, Löschen bei Neustart, [0507c9b98e1ac175d3e447286e929868] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2970690F-0857-451C-B0C8-30DEE06F3CE3}|Path, \Traffic Exchange v209 - 3, Löschen bei Neustart, [7399334fd6d2df57fabd0966f20e1de3] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3A32A938-AC93-463D-850F-CCF4EE522F4C}|Path, \Online Application v209 Guard, Löschen bei Neustart, [36d6ceb4fcac280e3507fb28f40c4bb5] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3BE08A3A-5A98-4025-B1B8-2D43149FF6FE}|Path, \Online Application Updater, Löschen bei Neustart, [48c485fd377161d5073572b137c928d8] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4867A67D-A751-4E82-BF3B-69479B3089EF}|Path, \Traffic Exchange Guardian, Löschen bei Neustart, [ee1e9be723856accf4c398d73dc3738d] PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4D0D53DA-3900-4C1F-93F8-0EADDDC97658}|Path, \GEN_Interval, Löschen bei Neustart, [c646d4aee8c00333f460644b43c0a957] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4EF6D390-471E-47D8-B8B0-A668076F9842}|Path, \Traffic Exchange v2 - 2, Löschen bei Neustart, [8a823f43c9df05310ea9fb74fc04cc34] PUP.Optional.HDWallPaper, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B4334E7-C6C0-4818-BA4A-15BDD90586AA}|Path, \HDWallPaper, Löschen bei Neustart, [7f8dcab8367244f2f8187191da2609f7] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{710522E8-09E1-4670-A618-44D5B7604B6D}|Path, \Online Application Guard, Löschen bei Neustart, [dc30483a7335c3736eceaf749f6120e0] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{79A6EB60-9872-43C9-B88D-A01041B4CDB1}|Path, \Online Application v2 Guardian, Löschen bei Neustart, [0c00cab8a107ce68b58730f3996734cc] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A9103F2-6FE8-4013-BD09-917F903C70FB}|Path, \Online Application v209 Guardian, Löschen bei Neustart, [050785fd3474ac8a300c091aca365aa6] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{96979067-5FC0-4503-B549-2E5C0B5078F8}|Path, \Online Application Guardian, Löschen bei Neustart, [b95319693573e254b488ad7623ddd927] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE21AB44-439E-4EEC-A649-AD78FE01715D}|Path, \Online Application v209, Löschen bei Neustart, [63a9bdc5a305a98dcc7079aa6e92df21] PUP.Optional.Geniv, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B1E8B33D-65D7-4CAE-B108-A217CD129BB5}|Path, \GEN, Löschen bei Neustart, [ea22fe84911743f3875fb3e29a662fd1] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C05DEDE6-734D-47CB-BFF6-422F80E27213}|Path, \Online Application v2, Löschen bei Neustart, [25e7ceb4a206ff37db619d86718fe818] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D20A3CBA-0D42-4758-8140-AFF5E1AC6191}|Path, \Traffic Exchange Guard, Löschen bei Neustart, [21ebfc86a305310506b1f778847c27d9] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D368E713-2100-41E8-8A18-9FFF153821A3}|Path, \Traffic Exchange, Löschen bei Neustart, [7e8e4d3552561b1be9cee28d5fa133cd] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E64089B8-DAFA-417C-8B72-658B3AADFC15}|Path, \Online Application v2 Guard, Löschen bei Neustart, [e9235c2673353ff7dd5f57cc5ea2e11f] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EB6BC041-4491-4E7F-A48E-6C48AA395B29}|Path, \Traffic Exchange v2 - 1, Löschen bei Neustart, [d03cf78b5058989ead0a3b34ca36cc34] PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FD9B2C23-D249-4988-A50F-C1F842A092E9}|Path, \Traffic Exchange v209 - 1, Löschen bei Neustart, [c14bb3cf5751b1858e2981eedd239d63] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, In Quarantäne, [e923a9d991171026507dcdde828125db] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, In Quarantäne, [60acdfa305a3b680ba22b9f46b987b85] PUP.Optional.Youndoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A31BC23-3B53-421E-ACB3-79439E182409}|DisplayName, youndoo - Uninstall, In Quarantäne, [808cc9b9357358deb7265a620bf751af] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5290B155-5BF4-4346-995E-F1F04907DFF4}|Publisher, Linkury, In Quarantäne, [8e7e0d754266e05621e4dc8d7f84718f] PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|Contact, contact@online.io, In Quarantäne, [cf3d2959c2e62e0817459ac621df37c9] PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}|URLInfoAbout, hxxp://traffic.io/, In Quarantäne, [68a486fcfaaea98d16db1f5760a0768a] PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|Contact, contact@online.io, In Quarantäne, [f8145c26f1b7cb6b64f8de821ce49a66] PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F0847AE0-465A-4D7B-A555-AABB43B550F0}|URLInfoAbout, hxxp://online.io/, In Quarantäne, [bb51562c3a6e95a13e2c26f3f01019e7] Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\ls2hyjmi|Name, C:\Program Files (x86)\Plemerylsuward Update\local64spl.dll, In Quarantäne, [709c98ea62460a2ca1bcea9ce21e54ac] PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLOUDPRINTER|ImagePath, C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a, In Quarantäne, [8785aed40f99d85e7535a409ce350cf4] Adware.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HOTFRESH|ImagePath, C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f "C:\ProgramData\\Hotfresh\\Hotfresh.dat" -l -a, In Quarantäne, [7399e1a13f69cd699f0b00c643bdb947] Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{10FF6E7C-74F2-431C-84E5-0F0C9B89F55E}|NameServer, 82.163.142.8,95.211.158.136, In Quarantäne, [db315e24bbed2214acd909a54cb739c7] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\ENVIRONMENT|SNF, C:\ProgramData\Hotfreshs\snp.sc, In Quarantäne, [c7454240f1b742f4293acede5ba830d0] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\ENVIRONMENT|SNP, https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFWakeNet&co=DE&userid=5dabce7c-f823-2e4a-198a-db1301c06c6f&searchtype=sc&installDate=26.02.2017&barcodeid=51198003&channelid=3&av=windows, In Quarantäne, [d834562c41671125bea638745aa954ac] PUP.Optional.Linkury, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, In Quarantäne, [cf3dc1c141679a9c9735ab00020150b0] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, In Quarantäne, [3cd090f2aefa56e016c4703de61d17e9] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, In Quarantäne, [927af58d8d1b88ae5d7eb7f68d766d93] Registrierungsdaten: 11 PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Hotfresh\Zer-Lax.dll, Gut: (), Schlecht: (C:\ProgramData\Hotfresh\Zer-Lax.dll),Ersetzt,[ae5efd853a6e2a0c45f33bfefa069a66] PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Hotfresh\Donglax.dll, Gut: (), Schlecht: (C:\ProgramData\Hotfresh\Donglax.dll),Ersetzt,[ad5f79096b3d4ee85b7e31083cc46997] Adware.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Hotfresh\Donglax.dll, Gut: (), Schlecht: (C:\ProgramData\Hotfresh\Donglax.dll),Ersetzt,[fb11abd7d1d7c27427eb13b513edf808] Adware.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Hotfresh\Zer-Lax.dll, Gut: (), Schlecht: (C:\ProgramData\Hotfresh\Zer-Lax.dll),Ersetzt,[fb11abd7d1d7c27427eb13b513edf808] PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[41cb760c6642a393175fdc242fd5ef11] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}),Ersetzt,[9478d9a9fbadaa8cc8b61ae630d4c43c] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aovXd236wr_kv2nnwdb57IMeCq5QpRqNgWySh5dWc9hBJF7E8IMX-byxkKbHtV-PdWCgCiXGjZKw0XEB4t5UIOpW4HxWQ,,, Gut: (www.google.com), Schlecht: (https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aovXd236wr_kv2nnwdb57IMeCq5QpRqNgWySh5dWc9hBJF7E8IMX-byxkKbHtV-PdWCgCiXGjZKw0XEB4t5UIOpW4HxWQ,,),Ersetzt,[af5da3dfdcccb6800b7339c7cb3903fd] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}),Ersetzt,[6f9d562cc7e1e155512d4fb171935fa1] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}),Ersetzt,[9676493952567eb8314df808d72d9f61] PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoH2MYuMKjx4ZJaMNIaL-juP5nfUrsF1B4yE7QwOhOsTmFXlFvWwc5HrNXOt6neqkkxF42l3UijOo_aojLmLbsDzNOg2ssOd_1mtAQDJNOn6oWKXH8pdK8doTopLLcu8WbzHs9IGTGukAbgQ_gGFRRInDdHBD1ZKvYaV0CWTCSQ,,&q={searchTerms}),Ersetzt,[61ab433f6642b97ddba4cc344db7da26] PUP.Optional.Linkury, HKU\S-1-5-21-1802964633-906943791-4234860916-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({ielnksrch}),Ersetzt,[fc10ea986b3d3cfa344134cc50b48977] Ordner: 41 PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers, In Quarantäne, [9a72463ce3c5a78f700c46ed32cef20e], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\index-dir, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Local Storage, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer, In Quarantäne, [e527a4deb2f6e84ef979e96a20e00ef2], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1920653, In Quarantäne, [67a5d0b2f3b537ff1e93b9d7da2627d9], Adware.Elex.Generic, C:\Program Files (x86)\Plemerylsuward Update, Löschen bei Neustart, [927a90f2a404ed4923dad9d10bf5f30d], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, In Quarantäne, [a864e69c3e6ae353b714a10a0af95aa6], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\fcb7be90f22d7c5ee010e9c297a88bd3, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b, Löschen bei Neustart, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter, Löschen bei Neustart, [5ab28200e2c6e155f4501894798aa25e], PUP.Optional.Geniv, C:\Users\Lucas\AppData\Local\Programs\GEN, In Quarantäne, [9c70fb87e4c40432d1814d627093a759], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper, In Quarantäne, [0dff542e5256ae88b9e84df26d93ef11], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\history, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1\0, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange, In Quarantäne, [76965d25693f13235b7e62186f91ad53], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates, In Quarantäne, [76965d25693f13235b7e62186f91ad53], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Online.io Application, In Quarantäne, [b458087a456361d578f34b32bb458080], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Online.io Application\updates, In Quarantäne, [b458087a456361d578f34b32bb458080], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application, Löschen bei Neustart, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange, Löschen bei Neustart, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise, In Quarantäne, [8587602224846bcb51214b6d9b658d73], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles, In Quarantäne, [8587602224846bcb51214b6d9b658d73], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\wsujwdz4.default, In Quarantäne, [8587602224846bcb51214b6d9b658d73], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh, Löschen bei Neustart, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\ondemand, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Freshstock, In Quarantäne, [7894f092456356e08b49c054a75def11], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfreshs, In Quarantäne, [927a62201e8a171fbed18f45847c8977], Dateien: 314 PUP.Optional.StartGo123, C:\Windows\SysWOW64\NetUtils2016.exe, Löschen bei Neustart, [2be1daa8b7f14ceaf13091c72fd1f10f], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe, Löschen bei Neustart, [0a023052872156e0aabece00f90737c9], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe, Löschen bei Neustart, [ba52047e3f694beba0c80cc20cf46f91], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe, Löschen bei Neustart, [29e3631f6147999dde8a2ba35fa1659b], Adware.Wajam.Generic, C:\Windows\System32\drivers\d393c14de1c20275022642add0d1a328.sys, In Quarantäne, [fd0f9de54167280e3a74780cec14867a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\TaskSetter.exe, In Quarantäne, [9577c4be5f49c274f44998a9709015eb], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfresh\Zer-Lax.dll, In Quarantäne, [ae5efd853a6e2a0c45f33bfefa069a66], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfresh\Donglax.dll, In Quarantäne, [ad5f79096b3d4ee85b7e31083cc46997], PUP.Optional.StartGo123, C:\Windows\System32\drivers\NetUtils2016.sys, In Quarantäne, [ef1d028016922115c25f65f3867a8977], Adware.Elex.SHHKRST, C:\Program Files (x86)\Emather\Drebosp.dll, Löschen bei Neustart, [8b817012971138fefc0f842aae52d52b], PUP.Optional.StartGo123, C:\Program Files (x86)\HDWallPaper\autoUpdate.exe, In Quarantäne, [25e7166ce8c03df945dc3226a55bcf31], PUP.Optional.StartGo123, C:\Program Files (x86)\HDWallPaper\HDInstaller.exe, In Quarantäne, [05071f635c4cee48fc252335669a39c7], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe, In Quarantäne, [68a4453d792f0531ec51f948ab55e11f], PUP.Optional.StartGo123, C:\Program Files (x86)\HDWallPaper\promote.exe, In Quarantäne, [5ab2f0928325ad89051c3622d12f2bd5], PUP.Optional.StartGo123, C:\Windows\System32\NetUtils2016.dll, Löschen bei Neustart, [5ab2c4bea5037abca00432f535cb857b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.5da80631af91f4.exe, In Quarantäne, [6e9e631f7137ff37a18a81f60af6b44c], Adware.Elex, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.6a0ed91bb2c348.exe, In Quarantäne, [d03caed480280e2895993e5feb15dc24], Adware.Hicosmea, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.f4b92d61d9836.exe, In Quarantäne, [709cd6acd0d840f605fbbfef21df42be], PUP.Optional.OnlineIO, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.f795413fecbfb8.exe, In Quarantäne, [48c4c3bfd6d21323b4bbeb8dd828d42c], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Local\Temp\1920653\ic-0.151d98d2cc7104.exe, In Quarantäne, [b458bac89b0d10265be2a49d926e54ac], Adware.Hicosmea, C:\Users\Lucas\AppData\Local\Temp\1920653\ic-0.a5440017aee95.exe, In Quarantäne, [19f39de5d2d6d75f9f616d41c04047b9], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\Uninstall.exe, In Quarantäne, [64a8c0c221878caa939854235fa1d828], Adware.Hicosmea, C:\Users\Lucas\AppData\Roaming\tlerauic\oviita.dll, In Quarantäne, [6e9ed7abc5e36ec84d0adfd6c13f7789], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application, In Quarantäne, [729a166ca008d4627bf96db6e21e0bf5], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application Guard, In Quarantäne, [10fc0c76a008d561b7bdee3590707789], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application Guardian, In Quarantäne, [fd0ff38faafef73f6d07a67dbc44e51b], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application Updater, In Quarantäne, [49c388fa33758fa794e0a281a35d0af6], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v2, In Quarantäne, [47c5255dc7e1e74f91e30221d22e40c0], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v2 Guard, In Quarantäne, [9d6f2d55c1e7eb4b7cf81e058e727789], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v2 Guardian, In Quarantäne, [5eae0f73d3d5c96d1f55e73c11ef39c7], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v209, In Quarantäne, [818b0c763a6ec1754430170c926e837d], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v209 Guard, In Quarantäne, [b05ccfb3bcec60d6155f54cf39c78b75], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Online Application v209 Guardian, In Quarantäne, [6ca0f88a396f38fee88c5cc750b0d12f], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers\AppTrailers.lnk, In Quarantäne, [9a72463ce3c5a78f700c46ed32cef20e], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers\Uninstall.lnk, In Quarantäne, [9a72463ce3c5a78f700c46ed32cef20e], PUP.Optional.HDWallPaper, C:\Windows\System32\Tasks\HDWallPaper, In Quarantäne, [31db424014941125cf649c9a01ff05fb], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Web Data, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\cookies, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\cookies-journal, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Web Data-journal, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\1905926e0dc27e4b_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\1e20774a42d716f3_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\2009bcf78a35d470_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\234986793e71f265_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\263ef2cfc35fe2f6_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\6bcd4c8f8fa200c0_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\735d6c542a45856f_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\7caf6a9ed71cee0a_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\7d8cebaadfd53fbf_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\7f5a773194a7ae21_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\c3329b5e71fb9773_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\c5c5eb6df3d99c3a_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\c9efb04ec241100a_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\dd1fa8967c9eedf1_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\e1c7854226713de7_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\2ac381ccd53e2ce0_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\2f2812f261524448_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\442182c02ee0a243_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\44582236c1e31e54_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\4e6eff9b133c383f_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\573bf150b655ff4c_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\5790f8de1b12d799_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\8501ac4b282b4a2e_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\ab6bc8112cf834f6_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\b268e9f7a3428b48_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\bd48447363dfb226_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\fb42fe0d5b102549_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\fbef9ceaf336383d_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\fddd11ea475c5135_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\index, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\83fe8ce968315cfc_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\ec30fb4a4dfde26a_0, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, In Quarantäne, [41cb631f83251a1cac69ce8249b78c74], PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer\Social2Search Website.lnk, In Quarantäne, [e527a4deb2f6e84ef979e96a20e00ef2], PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer\Settings.lnk, In Quarantäne, [e527a4deb2f6e84ef979e96a20e00ef2], PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer\SignIn with Twitter.lnk, In Quarantäne, [e527a4deb2f6e84ef979e96a20e00ef2], PUP.Optional.Social2Search.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sea Browser Enhancer\uninstall.lnk, In Quarantäne, [e527a4deb2f6e84ef979e96a20e00ef2], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\storage.json, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\AppTrailers.exe, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\AutoUpdater.Config, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\ffmpegsumo.dll, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\icudtl.dat, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\nw.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\hr.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\am.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ar.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\bg.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\bn.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ca.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\cs.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\da.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\de.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\el.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\en-GB.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\en-US.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\es-419.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\es.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\et.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\fa.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\fi.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\fil.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\fr.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\gu.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\hi.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\hu.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\id.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\it.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\iw.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ja.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\kn.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ko.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\lt.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\lv.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ml.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\mr.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ms.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\nl.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\no.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\pl.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\pt-BR.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\pt-PT.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ro.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ru.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\sk.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\sl.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\sr.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\sv.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\sw.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\ta.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\te.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\th.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\tr.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\uk.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\vi.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\zh-CN.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.AppTrailers, C:\Users\Lucas\AppData\Roaming\AppTrailers\locales\zh-TW.pak, In Quarantäne, [a369582af6b2e94dc2f16ce9ac54956b], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange, In Quarantäne, [1cf01f63387031059b768ed7f30d53ad], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange Guard, In Quarantäne, [719bdba7f2b62d093fd2b6af54ac6799], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange Guardian, In Quarantäne, [f91391f1228656e017fa78edd42ce31d], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange Updater, In Quarantäne, [7d8f4f33cade3bfb51c098cdbf419a66], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v2 - 1, In Quarantäne, [9379c7bbd1d7de58729fb9ac4fb1a957], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v2 - 2, In Quarantäne, [060672102a7e2511b859263f9b6555ab], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v2 - 3, In Quarantäne, [0a02671b288091a511009ec70cf4966a], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v209 - 1, In Quarantäne, [7696ee94832550e631e08bdace3216ea], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v209 - 2, In Quarantäne, [0a02790944645dd9060bf76ea55b09f7], PUP.Optional.OnlineIO, C:\Windows\System32\Tasks\Traffic Exchange v209 - 3, In Quarantäne, [f01c98eaf8b0b87efa172b3a8c7439c7], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange Updater.job, In Quarantäne, [ac6094ee7c2c8fa7060a6902fb054cb4], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v2 - 1.job, In Quarantäne, [0dff3250baee9d9968a893d811ef9f61], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v2 - 2.job, In Quarantäne, [0b01285a495f64d2af61d2997d835ea2], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v2 - 3.job, In Quarantäne, [aa6202804d5b67cf3fd16605be42867a], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v209 - 1.job, In Quarantäne, [8785067cc2e686b0010fea81ff01dd23], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v209 - 2.job, In Quarantäne, [7894d2b07f2951e5af614c1f6997f20e], PUP.Optional.OnlineIO, C:\Windows\Tasks\Traffic Exchange v209 - 3.job, In Quarantäne, [0a02f68c783059dd967acaa16e92ac54], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.6a0ed91bb2c348.exe, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\dlreport, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.71f7b3f8c0b8e8.exe, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.8a078aad5b326.exe, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.bb4654e611db2.exe, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1730503\ic-0.f4b92d61d9836.exe, In Quarantäne, [b854ceb4acfc2c0a961b2070a15f9868], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1920653\ic-0.a5440017aee95.exe, In Quarantäne, [67a5d0b2f3b537ff1e93b9d7da2627d9], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1920653\dlreport, In Quarantäne, [67a5d0b2f3b537ff1e93b9d7da2627d9], PUP.Optional.BundleInstaller, C:\Users\Lucas\AppData\Local\Temp\1920653\ic-0.dee726a9c0d43.exe, In Quarantäne, [67a5d0b2f3b537ff1e93b9d7da2627d9], PUP.Optional.Geniv, C:\Windows\System32\Tasks\GEN, In Quarantäne, [58b45f2391174cea2d5e1681e818a15f], Adware.Elex.Generic, C:\Program Files (x86)\Plemerylsuward Update\local64spl.dll.ini, In Quarantäne, [927a90f2a404ed4923dad9d10bf5f30d], Adware.Elex.Generic, C:\Program Files (x86)\Plemerylsuward Update\local64spl.dll, Löschen bei Neustart, [927a90f2a404ed4923dad9d10bf5f30d], PUP.Optional.Linkury.Generic, C:\Users\Lucas\AppData\Roaming\agent.dat, In Quarantäne, [d339b2d00a9e4ee8af340dc721dfb44c], PUP.Optional.Linkury, C:\Users\Lucas\AppData\Roaming\ApplicationHosting.dat, In Quarantäne, [24e800821e8a10266762456221e21fe1], PUP.Optional.Linkury, C:\Users\Lucas\AppData\Roaming\md.xml, In Quarantäne, [b458067c1296d56101c9aff86b981fe1], PUP.Optional.Linkury, C:\Users\Lucas\AppData\Roaming\noah.dat, In Quarantäne, [36d62062a7011422d9f2abfc56ad19e7], PUP.Optional.Linkury, C:\Users\Lucas\AppData\Roaming\uninstall_temp.ico, In Quarantäne, [5ab2ed952583ff3720acc0e711f2f709], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Touchflex.ico, In Quarantäne, [a864e69c3e6ae353b714a10a0af95aa6], PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Truelex.ico, In Quarantäne, [a864e69c3e6ae353b714a10a0af95aa6], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\fcb7be90f22d7c5ee010e9c297a88bd3\1dab161dd640e514dd8ea77682de0547.ico, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\fcb7be90f22d7c5ee010e9c297a88bd3\34829a018869d51a491f825b81d03074.ico, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\fcb7be90f22d7c5ee010e9c297a88bd3\432870a3c7c002780ab84511666b2a03.ico, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\1645a79c5e1b74f6c7cd9d78abc6f8b4.exe, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\1dab161dd640e514dd8ea77682de0547.ico, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\57563f7863d419ce5e9ad5121c2391f5.exe, Löschen bei Neustart, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\88abdca798eb692b2a1c41c7fc5764e8.exe, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Wajam.Gen, C:\Program Files\b68e9dcad3e2b79cb5acd57cdaaf854b\eb855d93fb85687aabb37acc24623ea4, In Quarantäne, [b15b8df54c5c191db985efbd06fdb34d], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.dat, Löschen bei Neustart, [5ab28200e2c6e155f4501894798aa25e], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\CloudPrinter.exe, Löschen bei Neustart, [5ab28200e2c6e155f4501894798aa25e], PUP.Optional.Linkury.ACMB1, C:\ProgramData\CloudPrinter\Config.xml, In Quarantäne, [5ab28200e2c6e155f4501894798aa25e], PUP.Optional.Linkury.ACMB1, C:\Windows\SysWOW64\findit.xml, In Quarantäne, [0507146e872138fe90d0486404ffdd23], PUP.Optional.Geniv, C:\Users\Lucas\AppData\Local\Programs\GEN\GEN.exe, In Quarantäne, [9c70fb87e4c40432d1814d627093a759], PUP.Optional.Geniv, C:\Users\Lucas\AppData\Local\Programs\GEN\custom1.txt, In Quarantäne, [9c70fb87e4c40432d1814d627093a759], PUP.Optional.Geniv, C:\Users\Lucas\AppData\Local\Programs\GEN\url.txt, In Quarantäne, [9c70fb87e4c40432d1814d627093a759], PUP.Optional.Geniv, C:\Users\Lucas\AppData\Local\Programs\GEN\version.txt, In Quarantäne, [9c70fb87e4c40432d1814d627093a759], PUP.Optional.Geniv, C:\Windows\System32\Tasks\GEN_Interval, In Quarantäne, [da32582a971150e6ff54614e62a19b65], PUP.Optional.Linkury.Gen, C:\Users\Lucas\AppData\Roaming\Doublehotdom.tst, In Quarantäne, [a468b7cb28800e28c04b4ecbb94b44bc], PUP.Optional.Linkury.Gen, C:\Users\Lucas\AppData\Roaming\Sailwarm.tst, In Quarantäne, [21eb93ef0f99c571ea211ffacf359a66], PUP.Optional.Linkury, C:\Users\Lucas\AppData\Roaming\lobby.dat, In Quarantäne, [6d9fa2e05a4e90a6f737e638ab59e21e], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Hotfresh.dat, Löschen bei Neustart, [7399e1a13f69cd699f0b00c643bdb947], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\deInit.exe, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\unins000.dat, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\unins000.exe, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images\title_chinese.png, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\images\title_english.png, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language\ChineseSimp.lng, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\Program Files (x86)\HDWallPaper\Language\English.lng, In Quarantäne, [828abac87434d264eeaac9769070f60a], PUP.Optional.HDWallPaper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper\HDWallPaper.lnk, In Quarantäne, [0dff542e5256ae88b9e84df26d93ef11], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\config.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\history.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\ndArrInfo_0.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\ndArrInfo_1.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\ndArrInfo_2.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\ndArrInfo_3.ini, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32656.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32657.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32658.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32659.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32660.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32668.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32677.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32678.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32691.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32692.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32694.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32700.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32701.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon\0\32703.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1\0\32654.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1\0\32655.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1\0\32661.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.HDWallPaper, C:\Users\Lucas\AppData\Roaming\HDWallPaper\wallPaper\data\SmallIcon1\0\32702.png, In Quarantäne, [57b56f13208860d6bb5fe75aba4632ce], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates\mupdates.aiu, In Quarantäne, [76965d25693f13235b7e62186f91ad53], PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Online.io Application\updates\updates.aiu, In Quarantäne, [b458087a456361d578f34b32bb458080], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.ini, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online.io EULA.url, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Online.io Privacy.url, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Online.io Application\Uninstall Online Application.lnk, In Quarantäne, [1fed87fb2e7aeb4bc614d8c8c13f58a8], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online.io EULA.url, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Online.io Privacy.url, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.ini, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.OnlineIO, C:\Program Files (x86)\Microleaves\Traffic Exchange\Uninstall Traffic Exchange.lnk, In Quarantäne, [808c067caff9d75fdb70f5acfe027a86], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\wsujwdz4.default\prefs.js, In Quarantäne, [8587602224846bcb51214b6d9b658d73], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\wsujwdz4.default\profiles.ini, In Quarantäne, [8587602224846bcb51214b6d9b658d73], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\wsujwdz4.default\search.json, In Quarantäne, [8587602224846bcb51214b6d9b658d73], PUP.Optional.FakeFFProfile, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\wsujwdz4.default\search.json.mozlz4, In Quarantäne, [8587602224846bcb51214b6d9b658d73], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Airtax.dat, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\bovjkxr5.xml, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\conf.config, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Damjoybam.exe, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Damjoybam.exe.config, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Damranbam.exe, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Damranbam.exe.config, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Donglax.dll, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Donplus.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Flex-Tex.dat, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Hotfresh.d.dat, Löschen bei Neustart, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Hotfresh.exe, Löschen bei Neustart, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Inchcom.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Kontough.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\md.xml, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Med-Phase.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Medlax.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Sailkix.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\uninstall.dat, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Vaiain.bin, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Vivasantech.dat, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], Adware.Linkury.ACMB1, C:\ProgramData\Hotfresh\Zer-Lax.dll, In Quarantäne, [fb11abd7d1d7c27427eb13b513edf808], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Freshstock\InstallationConfiguration.xml, In Quarantäne, [7894f092456356e08b49c054a75def11], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Freshstock\uninstall.dat, In Quarantäne, [7894f092456356e08b49c054a75def11], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Freshstock\uninstall.exe, In Quarantäne, [7894f092456356e08b49c054a75def11], PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Freshstock\uninstall.ico, In Quarantäne, [7894f092456356e08b49c054a75def11], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfreshs\ff.HP, In Quarantäne, [927a62201e8a171fbed18f45847c8977], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfreshs\ff.NT, In Quarantäne, [927a62201e8a171fbed18f45847c8977], PUP.Optional.Linkury.ACMB1, C:\ProgramData\Hotfreshs\snp.sc, In Quarantäne, [927a62201e8a171fbed18f45847c8977], PUP.Optional.Linkury.ACMB1, C:\Users\Lucas\AppData\Roaming\Config.xml, In Quarantäne, [0c009fe3198f94a2785866ae3fc515eb], PUP.Optional.Linkury.ACMB1, C:\Users\Lucas\AppData\Roaming\InstallationConfiguration.xml, In Quarantäne, [2fdd760ca3053bfbba1719fb60a4827e], PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\wsujwdz4.default\searchplugins\ls2hyjmi.xml, In Quarantäne, [5daf7e04f3b5bb7b1827b95ca460ce32], PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.youndoo.com/?z=e1d09d927840680bb2558f1gcz1bdb8gcgdm2m0q4t&from=wak&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509&type=hp");), Ersetzt,[b458532f238578be4792b36b27d9e917] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (gine-update-timer", 1487959656); user_pref("app.update.l), Ersetzt,[e9233b472d7b191d32a7a47a30d0a060] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (s file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual cha), Ersetzt,[4dbf8200ecbc8ea8d60374aaaf51db25] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (tion is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("accessibility.t), Ersetzt,[e527493948602e08ffdaf42a10f024dc] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (e to preferences, you can visit the URL about:config */ user_pref("accessibility.typeaheadfind", true); user_pref("app.update.auto", false); user_pref("app.update.enabled", false); user_pref(), Ersetzt,[8488bec4c6e21620d70267b70ef2cf31] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (e changes will be overwritten when the application exi), Ersetzt,[0efe6e1483258ea8e0f936e88a76867a] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\prefs.js, Gut: (), Schlecht: (ypeaheadfind", true); user_pref("app.update.auto", false); user_pref("app.update.enabled", false); user_pref("app.update.lastUpdateTime.addon-background-update-timer"), Ersetzt,[3dcfbbc7e1c7ae886277ca54ee128977] PUP.Optional.Youndoo, C:\Users\Lucas\AppData\Roaming\Profiles\Kuwotnibither.default\searchplugins\ls2hyjmi.xml, In Quarantäne, [d537c2c0feaa43f35b0b41dd8d739b65], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Vier Wochen später habe ich erneut gescannt: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 31.03.2017 Suchlaufzeit: 13:28 Protokolldatei: Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2017.03.31.04 Rootkit-Datenbank: v2017.03.11.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lucas Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 332111 Abgelaufene Zeit: 10 Min., 54 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ED2KIDLE, In Quarantäne, [97f9def2ddcb171fb1b6a12cf70aab55], Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WinSnare, In Quarantäne, [9df36f61e1c731052f39616c25dc24dc], Registrierungswerte: 1 Adware.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ED2KIDLE|ImagePath, "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle, In Quarantäne, [97f9def2ddcb171fb1b6a12cf70aab55] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 12 Adware.Elex, C:\Program Files (x86)\Emather\ClearData.exe, In Quarantäne, [424e59777c2cff37ac53b7a2e2200ef2], Adware.Elex, C:\Windows\Temp\tmp7DC.tmp\amule.msi, In Quarantäne, [c5cb6868c3e5f442250d5dbae220da26], Adware.Elex, C:\Windows\Temp\tmp7DC.tmp\Kyubey.exe, In Quarantäne, [e5abe5eba800e3536ccb986e57ab6a96], Trojan.Agent, C:\Users\Lucas\AppData\Roaming\Doublehotdom.exe, In Quarantäne, [068afcd44167d5619d55c73a719128d8], Trojan.Agent, C:\Users\Lucas\AppData\Roaming\Sailwarm.exe, In Quarantäne, [bcd403cddace8bab7f731ee3847ef907], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application Updater.job, In Quarantäne, [1b75656bb0f8f93dfd85a7756c96b050], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v2 Guard.job, In Quarantäne, [444cebe55c4c96a0e9994ece34cee917], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v2 Guardian.job, In Quarantäne, [87090ac64a5e082ef38faf6d7e8442be], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v2.job, In Quarantäne, [9df367693771c37389f9da42d32f966a], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v209 Guard.job, In Quarantäne, [523ebe120e9abb7bc9b9a07c33cf936d], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v209 Guardian.job, In Quarantäne, [4947f2debeea57dfec9686969b676799], PUP.Optional.OnlineIO, C:\Windows\Tasks\Online Application v209.job, In Quarantäne, [8709646cf9afcf67513118045aa8c33d], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Da ich mehr als 120.000 Zeichen habt, folgt gleich Teil II |
|
01.04.2017, 20:31
| #2 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hier die gewünschten Logs:
__________________FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Lucas (Administrator) auf LUCAS-PC (01-04-2017 21:16:29)
Gestartet von C:\Users\Lucas\Downloads
Geladene Profile: Lucas (Verfügbare Profile: Lucas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\MountPoints2: {c30d90b1-440a-11e5-8121-806e6f6e6963} - E:\autorun.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\WINDOWS\System32\SPReview\SPReview.exe [301568 2015-08-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{10FF6E7C-74F2-431C-84E5-0F0C9B89F55E}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-18] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-30] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: wsujwdz4.default
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\wsujwdz4.default [2017-04-01]
FF Homepage: Mozilla\Firefox\Profiles\wsujwdz4.default -> about:home
FF Extension: (Site Deployment Checker) - C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\wsujwdz4.default\features\{ad553caf-d817-44ae-a6cd-69fd4c28096b}\deployment-checker@mozilla.org.xpi [2017-03-26]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-04-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509
CHR StartupUrls: Profile 1 -> "hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509"
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-27] <==== ACHTUNG
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-01]
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-27]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-01-13] (Advanced Micro Devices) [Datei ist nicht signiert]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-05] (BitRaider, LLC)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-12] (Windows (R) Win 7 DDK provider)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-04-09] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-30] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-30] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-01-13] (Advanced Micro Devices)
R3 L1C; C:\WINDOWS\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-01] (Malwarebytes)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\WINDOWS\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2017-02-22] () [Datei ist nicht signiert]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-01 21:16 - 2017-04-01 21:16 - 02424832 _____ (Farbar) C:\Users\Lucas\Downloads\FRST64.exe
2017-04-01 21:16 - 2017-04-01 21:16 - 00013382 _____ C:\Users\Lucas\Downloads\FRST.txt
2017-04-01 21:16 - 2017-04-01 21:16 - 00000000 ____D C:\FRST
2017-04-01 20:45 - 2017-04-01 20:45 - 00003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-01 20:45 - 2017-04-01 20:45 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-01 20:45 - 2017-04-01 20:45 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 20:45 - 2017-04-01 20:45 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-01 10:50 - 2017-04-01 10:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-01 10:50 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-03-18 18:17 - 2017-03-04 19:24 - 00394448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-03-18 18:17 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-03-18 18:17 - 2017-03-04 10:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2017-03-18 18:17 - 2017-03-04 10:20 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2017-03-18 18:17 - 2017-03-04 10:02 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2017-03-18 18:17 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-18 18:17 - 2017-03-04 10:01 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2017-03-18 18:17 - 2017-03-04 10:01 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-03-18 18:17 - 2017-03-04 10:01 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2017-03-18 18:17 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-18 18:17 - 2017-03-04 09:52 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2017-03-18 18:17 - 2017-03-04 09:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2017-03-18 18:17 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-18 18:17 - 2017-03-04 09:46 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-03-18 18:17 - 2017-03-04 09:45 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-03-18 18:17 - 2017-03-04 09:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2017-03-18 18:17 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-03-18 18:17 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-03-18 18:17 - 2017-03-04 09:36 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2017-03-18 18:17 - 2017-03-04 09:32 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2017-03-18 18:17 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-18 18:17 - 2017-03-04 09:23 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2017-03-18 18:17 - 2017-03-04 09:21 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2017-03-18 18:17 - 2017-03-04 09:16 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2017-03-18 18:17 - 2017-03-04 09:16 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-03-18 18:17 - 2017-03-04 09:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-03-18 18:17 - 2017-03-04 09:11 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2017-03-18 18:17 - 2017-03-04 08:57 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-03-18 18:17 - 2017-03-04 08:55 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-03-18 18:17 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-03-18 18:17 - 2017-03-04 08:52 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-18 18:17 - 2017-03-04 08:52 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2017-03-18 18:17 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-18 18:17 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-18 18:17 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-18 18:17 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-03-18 18:17 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-18 18:17 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2017-03-18 18:17 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2017-03-18 18:17 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-18 18:17 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2017-03-18 18:17 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2017-03-18 18:17 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-03-18 18:17 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-18 18:17 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2017-03-18 18:17 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2017-03-18 18:17 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2017-03-18 18:17 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2017-03-18 18:17 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-03-18 18:17 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-18 18:17 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2017-03-18 18:17 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-18 18:17 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2017-03-18 18:17 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2017-03-18 18:17 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-03-18 18:17 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-03-18 18:17 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2017-03-18 18:17 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-18 18:17 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-03-18 18:17 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-03-18 18:17 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-18 18:17 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2017-03-18 18:17 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-18 18:17 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-18 18:17 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-18 18:17 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-03-18 18:17 - 2017-02-23 01:42 - 00084712 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-18 18:17 - 2017-02-23 01:37 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-18 18:17 - 2017-02-18 16:05 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-18 18:17 - 2017-02-18 16:05 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-18 18:17 - 2017-02-11 17:58 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-18 18:17 - 2017-02-11 17:58 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-18 18:17 - 2017-02-11 17:58 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-03-18 18:17 - 2017-02-10 18:32 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2017-03-18 18:17 - 2017-02-10 18:32 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-03-18 18:17 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2017-03-18 18:17 - 2017-02-10 18:17 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-03-18 18:17 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-18 18:17 - 2017-02-09 18:36 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-18 18:17 - 2017-02-09 18:35 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-18 18:17 - 2017-02-09 18:35 - 00706792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-18 18:17 - 2017-02-09 18:35 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-03-18 18:17 - 2017-02-09 18:35 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-03-18 18:17 - 2017-02-09 18:33 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcsPlugInService.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2017-03-18 18:17 - 2017-02-09 18:32 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 01460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00625664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:31 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
2017-03-18 18:17 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
2017-03-18 18:17 - 2017-02-09 18:16 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:14 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 18:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-03-18 18:17 - 2017-02-09 18:03 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-03-18 18:17 - 2017-02-09 18:03 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-03-18 18:17 - 2017-02-09 18:02 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2017-03-18 18:17 - 2017-02-09 18:00 - 03220480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-18 18:17 - 2017-02-09 17:59 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2017-03-18 18:17 - 2017-02-09 17:58 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2017-03-18 18:17 - 2017-02-09 17:55 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-03-18 18:17 - 2017-02-09 17:55 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-18 18:17 - 2017-02-09 17:55 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-18 18:17 - 2017-02-09 17:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2017-03-18 18:17 - 2017-02-09 17:54 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-03-18 18:17 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
2017-03-18 18:17 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcsPlugInService.dll
2017-03-18 18:17 - 2017-02-09 17:50 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2017-03-18 18:17 - 2017-02-09 17:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2017-03-18 18:17 - 2017-02-09 17:50 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2017-03-18 18:17 - 2017-02-09 17:50 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2017-03-18 18:17 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
2017-03-18 18:17 - 2017-02-09 17:49 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 17:49 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 17:49 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 17:49 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-18 18:17 - 2017-02-09 16:06 - 01648128 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-18 18:17 - 2017-02-09 16:06 - 01180160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-18 18:17 - 2017-02-06 18:14 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-18 18:17 - 2017-01-13 20:00 - 00976896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-18 18:17 - 2017-01-13 20:00 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2017-03-18 18:17 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-18 18:17 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2017-03-18 18:17 - 2017-01-11 20:01 - 01887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-18 18:17 - 2017-01-11 20:01 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2017-03-18 18:17 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-18 18:17 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2017-03-18 18:17 - 2017-01-06 20:00 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-18 18:17 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-18 18:17 - 2016-12-31 17:36 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-18 18:17 - 2016-12-31 17:36 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-18 18:17 - 2016-12-31 17:36 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-03-18 18:17 - 2016-12-31 17:36 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-18 18:17 - 2016-12-31 17:36 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-07 20:20 - 2009-06-10 23:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170307-192033.backup
2017-03-07 20:12 - 2017-03-07 20:12 - 00000000 ____D C:\Users\Lucas\Documents\ProcAlyzer Dumps
2017-03-07 20:08 - 2017-04-01 16:21 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-07 20:08 - 2017-04-01 10:50 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-07 20:08 - 2017-03-07 20:08 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-07 20:08 - 2017-03-07 20:08 - 00001379 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-07 20:08 - 2017-03-07 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-07 20:08 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-03-07 19:58 - 2017-03-07 19:59 - 00000000 ____D C:\AMD
2017-03-07 19:58 - 2017-03-07 19:58 - 35000000 _____ (AMD Inc.) C:\Users\Lucas\Downloads\radeon-crimson-relive-17.2.1-minimalsetup-170228_64bit.exe
2017-03-06 19:51 - 2017-03-06 19:51 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-06 19:51 - 2017-03-06 19:51 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-06 19:51 - 2017-03-06 19:51 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-03 14:04 - 2017-03-06 19:54 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-03 14:03 - 2017-03-06 19:49 - 00000000 ____D C:\Program Files (x86)\ls2hyjmi
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-01 21:11 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 21:11 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 20:48 - 2009-07-14 19:58 - 00699092 _____ C:\WINDOWS\system32\perfh007.dat
2017-04-01 20:48 - 2009-07-14 19:58 - 00149232 _____ C:\WINDOWS\system32\perfc007.dat
2017-04-01 20:48 - 2009-07-14 07:13 - 01619284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-01 20:48 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\inf
2017-04-01 20:45 - 2016-10-19 19:18 - 00000000 ____D C:\Users\Lucas\AppData\Local\Deployment
2017-04-01 20:45 - 2016-05-20 20:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-01 20:42 - 2015-12-05 20:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 20:39 - 2016-11-17 21:15 - 00000000 ____D C:\WINDOWS\pss
2017-04-01 20:39 - 2015-12-24 22:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-01 20:39 - 2009-07-14 07:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-01 20:39 - 2009-07-14 06:45 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-01 20:18 - 2015-09-08 21:03 - 00001194 _____ C:\Users\Lucas\Desktop\nativelog.txt
2017-04-01 20:18 - 2015-08-16 14:33 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\.minecraft
2017-04-01 17:29 - 2016-11-20 13:21 - 00000000 ____D C:\Users\Lucas\AppData\LocalLow\Mozilla
2017-04-01 13:13 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\rescache
2017-04-01 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\security
2017-03-31 13:51 - 2017-02-26 16:02 - 00000000 ____D C:\Program Files (x86)\Emather
2017-03-31 13:32 - 2015-08-16 13:40 - 00001042 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-31 08:54 - 2015-10-15 14:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-30 21:08 - 2015-08-16 14:21 - 00513192 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-29 07:29 - 2016-06-08 19:57 - 00001348 _____ C:\Users\Lucas\Desktop\ROBLOX Player.lnk
2017-03-29 07:29 - 2016-06-08 19:57 - 00001167 _____ C:\Users\Lucas\Desktop\ROBLOX Studio.lnk
2017-03-29 07:29 - 2016-06-08 19:57 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-03-28 08:30 - 2009-07-14 06:45 - 00269296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-28 08:28 - 2015-08-16 14:40 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-03-28 08:28 - 2015-08-16 14:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-28 08:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-26 19:54 - 2015-08-16 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-26 19:53 - 2015-08-16 14:38 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-26 19:52 - 2015-08-16 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-26 19:52 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-26 19:52 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-21 09:01 - 2017-02-22 15:53 - 00000000 ____D C:\Users\Lucas\AppData\Local\Battle.net
2017-03-21 09:01 - 2017-02-22 15:52 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-07 20:20 - 2009-07-14 04:34 - 00454232 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170401-152724.backup
2017-03-07 18:17 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-06 20:26 - 2017-02-27 19:34 - 00000877 _____ C:\Users\Lucas\Desktop\HitFilm 4 Express.lnk
2017-03-06 20:26 - 2017-02-27 17:51 - 00001270 _____ C:\Users\Lucas\Desktop\screenshots - Verknüpfung.lnk
2017-03-06 20:26 - 2017-02-27 17:38 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-03-06 20:26 - 2017-02-27 17:38 - 00001282 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-03-06 20:26 - 2017-02-27 15:28 - 00001070 _____ C:\Users\Lucas\Desktop\LoiLo Game Recorder.lnk
2017-03-06 20:26 - 2017-02-27 15:24 - 00000618 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-03-06 20:26 - 2017-02-27 15:24 - 00000600 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-03-06 20:26 - 2017-02-22 16:28 - 00000535 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-03-06 20:26 - 2017-02-22 15:53 - 00000892 _____ C:\Users\Public\Desktop\Battle.net.lnk
2017-03-06 20:26 - 2017-01-30 20:33 - 00000811 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-03-06 20:26 - 2016-11-20 12:50 - 00000737 _____ C:\Users\Public\Desktop\Die Siedler IV Gold Edition.lnk
2017-03-06 20:26 - 2016-05-20 21:22 - 00000238 _____ C:\Users\Lucas\Desktop\Star Wars Empire at War Forces of Corruption.lnk
2017-03-06 20:26 - 2016-05-20 21:20 - 00000224 _____ C:\Users\Lucas\Desktop\Star Wars Empire at War.lnk
2017-03-06 20:26 - 2015-12-05 20:21 - 00001096 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-03-06 20:26 - 2015-10-15 14:00 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2017-03-06 20:26 - 2015-09-26 13:20 - 00000973 _____ C:\Users\Public\Desktop\Origin.lnk
2017-03-06 20:26 - 2015-09-16 10:53 - 00001954 _____ C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
2017-03-06 20:26 - 2015-08-21 19:44 - 00001495 _____ C:\Users\Lucas\Desktop\FTB_Launcher - Verknüpfung.lnk
2017-03-06 20:26 - 2015-08-16 15:00 - 00001209 _____ C:\Users\Lucas\Desktop\TechnicLauncher - Verknüpfung.lnk
2017-03-06 20:26 - 2015-08-16 14:40 - 00001098 _____ C:\Users\Public\Desktop\HD VDeck.lnk
2017-03-06 20:26 - 2015-08-16 14:32 - 00000691 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-03-06 20:26 - 2015-08-16 14:11 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-03-06 20:26 - 2015-08-16 13:37 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-06 20:26 - 2015-08-16 13:37 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-06 20:26 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2017-03-06 20:26 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-03-06 20:26 - 2009-07-14 06:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2017-03-06 20:26 - 2009-07-14 06:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2017-03-06 20:26 - 2009-07-14 06:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2017-03-06 20:26 - 2009-07-14 06:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2017-03-06 20:26 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2017-03-06 20:25 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\PLA
2017-03-03 13:04 - 2015-10-15 15:06 - 00000000 ____D C:\Users\Lucas\Documents\My Games
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-27 18:33 - 2017-02-27 18:33 - 0000000 ___RH () C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2
2017-02-26 16:06 - 2017-02-26 16:06 - 0140288 _____ () C:\Users\Lucas\AppData\Roaming\Installer.dat
2017-02-26 16:06 - 2017-02-26 16:06 - 0018432 _____ () C:\Users\Lucas\AppData\Roaming\Main.dat
2015-08-27 18:57 - 2015-08-27 18:57 - 0007597 _____ () C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:00 - 2017-02-24 20:00 - 0004110 _____ () C:\ProgramData\kjiixkes.ghp
2017-02-24 20:00 - 2017-02-24 20:00 - 0000016 _____ () C:\ProgramData\mntemp
Einige Dateien in TEMP:
====================
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is20AA.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is66EC.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is72E0.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is9E91.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_isB451.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-01 11:29
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Lucas (01-04-2017 21:16:50)
Gestartet von C:\Users\Lucas\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-08-16 11:40:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1802964633-906943791-4234860916-500 - Administrator - Disabled)
Gast (S-1-5-21-1802964633-906943791-4234860916-501 - Limited - Disabled)
Lucas (S-1-5-21-1802964633-906943791-4234860916-1000 - Administrator - Enabled) => C:\Users\Lucas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
ACP Application (Version: 2017.0113.1111.22 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Catalyst Control Center Next Localization BR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0113.1201.21594 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Curse Client (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
ROBLOX Player for Lucas (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TerraTech Demo (HKLM\...\Steam App 313990) (Version: - Payload Studios)
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
The Elder Scrolls IV: Oblivion (HKLM\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Unity Web Player (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{05bde6b6-6900-44e5-a477-d7c6cdcd80fa}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\RobloxProxy64.dll (ROBLOX Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2607D0F4-CBC7-40D6-8D09-C3E2F6464555} - System32\Tasks\{1D0C8784-6CAB-495C-9B9A-B77F4B37AA4B} => F:\siedler4\S4.exe [2016-11-20] ()
Task: {26D9BA8F-25C8-4586-8399-BAEBA9E3D688} - System32\Tasks\{DC53BF79-0366-4E11-A053-9977B2D7B645} => F:\Games\Minecraft\MinecraftLauncher.exe [2017-03-11] (Mojang)
Task: {46C3B05E-C4D2-4AB4-8590-87D9C3A2254F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {AE46311A-7652-40FA-B406-C9AE158B7240} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-01-13] (Advanced Micro Devices, Inc.)
Task: {CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} - \Zejerdomnajuse -> Keine Datei <==== ACHTUNG
Task: {D24BCFCD-78D1-42AE-8D29-8CCF59E20E77} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2017-01-13] (Advanced Micro Devices, Inc.)
Task: {EC2B2C6A-17C0-44B2-A5AE-9E72399DF2C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {F538A098-6E29-4A26-A22F-72AEAC9DD067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {FA0ACA68-0047-4CBE-9CBF-81BACF53FFD8} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-09-14 03:20 - 2016-09-14 03:20 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-14 03:20 - 2016-09-14 03:20 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2015-08-16 14:40 - 2012-11-14 09:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-08-16 14:40 - 2012-11-14 09:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-12-13 19:29 - 2013-10-29 14:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-12-13 19:29 - 2012-12-11 12:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-04-01 20:45 - 2017-03-29 10:47 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-01 20:45 - 2017-03-29 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-03-07 20:08 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-07 20:08 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-07 20:08 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-07 20:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-07 20:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-13 19:29 - 2013-01-15 18:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-12-13 19:29 - 2011-11-22 15:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-04-01 15:27 - 00454348 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15591 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: chip1click => 2
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Kyubey => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\WINDOWS\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{8F0D51B1-6E4F-4ED7-AFE3-8CF475953E58}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F27C648F-BE63-4483-95B2-EE348E88E5E2}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{343011D2-133F-4168-9AE2-42FF7C19274A}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [UDP Query User{1F606B6E-74E1-4EF1-B5B2-42E1CBDBC2F4}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [TCP Query User{3E994D4B-1DCF-4A9F-A0B7-7B5B655BABEB}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{9B5064A8-7450-46FB-9610-02C53E34B6E6}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{E91D8466-26A1-4FA7-AC0B-B20E604783AF}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{24C6D0E3-D6F1-4C08-BB19-0640CC89B55C}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{5E3925E0-A8A1-4E6F-AEC4-62F64CC12BBB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C6D42C3-582F-493C-90AE-C29CFB4B2BC6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8AF1E23E-B86D-477F-A02C-75D3DF2A9D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{835DE4FA-FBAA-4B38-AB33-524BB8A24593}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{720DFEB8-BEC5-4A07-A5D3-BC05F8231179}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4620907-2EAE-45A7-904E-EB0459D6657C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAF4B3B4-EAAF-465A-BA1A-D67E34150D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB811861-78CC-4B60-9402-849CDDB5CEFA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C34FC61F-A2B8-46AA-B9D2-0A914EAF844D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7CE60997-A7DF-4B12-B1C3-0E95EF72D609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{463B23BE-389F-4FB0-8DA3-06B8DDA10A6E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{6CCEEF7C-EDFF-4BB7-A15E-36D28A94C69E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{80BDBA77-16A7-491E-942D-CDCB4ADB14D5}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{E8406712-0943-4913-9296-24E7AB4A6525}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{39C213DC-1909-4A88-8C95-27BFFD198A87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3CEC925-1ACD-40E8-8D9C-048CD4324B0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B41B9138-2D17-4DF0-9378-10AB2538E805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E9E8F999-777C-43F4-A957-ECECB2927CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{EC14CE79-CDFB-4748-BB4B-B736255DEB16}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BC5C8BBE-FE6C-40C5-ACC6-DBAD17CD93BB}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{885853C0-B217-445A-943F-23CCF983361B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{776AB501-65BB-43AA-BB0C-71C4BAD5F19E}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{4735D599-D858-4FE6-A70F-5DECCDA30E41}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{10E99BFE-0A6B-45D2-B8DE-61031C5D440D}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{640D859B-E927-4317-90E3-DFC1BD6818FF}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2B576BC0-668A-4794-88FD-4D55A5F9E7DB}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{5CF531E9-9500-4555-B6CB-FE54967A4257}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [UDP Query User{6DDA6577-783F-47DB-8680-D7FB26B38291}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [{0729E4DC-3296-4274-ABAA-21C2626C077E}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AE0BA52F-256D-41AD-8908-8EE5834EA85F}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{ED64B98B-5816-4AF5-835B-B6B4FD4A7CA0}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{7AF5E95A-CA71-417B-B1BC-4FDFCD6C93C6}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{B752E32A-8251-4E97-869D-57714505F93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9AE7EEA6-EADD-426E-983B-A106813888F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{71DC1D5E-B1DF-40E5-82B6-317B1D93FAF0}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{D75FF60F-82E1-4B76-AE2F-79F1F40D5F17}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{AE314C7C-AC46-4236-85FC-C67AA8C2DEC8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{3697F69D-3B9F-423D-9FEC-D9FA5B2FCC8F}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{EF06CB97-CB20-48B0-8933-465ADFAF9A43}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{E019FAAE-58F3-4A32-BCB9-CBDEAE1E16C4}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [TCP Query User{694D11BC-8765-4F6B-A691-D573F146078C}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{00173E86-F589-48D3-ABD3-0F733427CB9D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{4342FDFD-3BD0-44A3-A362-0A03BC5F4D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [{A111308A-39D6-43B2-9364-7C88FBFF419B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [TCP Query User{AC051ACD-0C64-4E29-B019-0339E49E95D5}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3837F4A4-70CB-49F4-8010-68A98034D173}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AF795322-AE31-452A-BAE6-8EB22F983C30}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{6A885944-C52F-43D5-AC7B-3FDAF2387260}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{8E8E12AB-6874-4E3E-B6AE-06D5DE6854F3}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [UDP Query User{41285C5B-CE1D-4C73-91D7-5586D7DE5CF1}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [TCP Query User{C2EE438D-421F-4E7D-89E3-5BD4A20CD02B}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{2A8DA712-DA0A-47E0-9726-C197639A09C6}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{D2BC5687-9C9A-4C20-8346-D3BCF3552F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{B4BE0EE2-B352-4138-8C28-F8A8121A30A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{D7555D66-1BA9-4F8F-B550-A0E17BDF9158}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B8B668E-4969-41F7-A923-FD7D25584BFB}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{FF525BD8-44A9-4581-969D-73359A9248B0}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [UDP Query User{009BA7F1-CAB4-457B-A544-49F8A9409C67}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [{3590D940-0A34-4005-9312-0D0FDC4BFABF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D4F75AB-1FE6-42CF-942D-0142FC1D97BD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B8913806-0507-4786-A257-F862C60FA864}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EB9834F1-523A-47B1-83B9-68F9D1E78774}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{16093E6A-A8C2-423B-92BF-A8D5CE68F989}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D3B7646B-8A36-463B-AFC4-C9C22A6F2593}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{268CC1A0-4DBF-4BFC-BABA-23B5003B20D6}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{C972DEBB-6942-4AD9-B099-85F247905DAA}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{CBA946D8-8DED-4D6B-AF41-A2E21C252871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{7D8A49C8-F108-4E35-A8CB-0FEF7BBA6162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{499A58FD-B2AA-483D-B19C-0413C078FC98}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF0231BD-E16D-44C3-ACDA-5B70E8F652B3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{DBEAC1FD-6417-4654-A67F-860DF9ED40A3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{9B0B0CF3-7238-460B-B6CD-BC0F9F190AF0}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4E015EA8-D69E-4AA7-BF27-7EE5A4315884}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [{77DEA3B3-A030-46B6-A833-BA4513460AC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
30-03-2017 12:38:59 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/01/2017 10:53:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/31/2017 06:58:35 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/30/2017 12:34:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RobloxPlayerBeta.exe, Version: 0.284.0.46686, Zeitstempel: 0x58d987a9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23677, Zeitstempel: 0x589c957a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000222e2
ID des fehlerhaften Prozesses: 0xc28
Startzeit der fehlerhaften Anwendung: 0x01d2a94068cb766d
Pfad der fehlerhaften Anwendung: C:\Users\Lucas\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\RobloxPlayerBeta.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SysWOW64\ntdll.dll
Berichtskennung: 816fd2e0-1534-11e7-b652-902b3433cce9
Error: (03/30/2017 07:18:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/28/2017 08:36:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/21/2017 06:42:57 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/21/2017 06:42:57 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/21/2017 05:03:14 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/21/2017 05:03:14 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/21/2017 09:00:10 AM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (04/01/2017 08:40:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/01/2017 08:40:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/01/2017 10:45:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/01/2017 10:45:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (03/30/2017 05:14:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (03/28/2017 08:32:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ed2k idle service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/28/2017 08:30:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/28/2017 08:30:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (03/26/2017 06:48:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ed2k idle service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (03/26/2017 06:46:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8150.86 MB
Verfügbarer physikalischer RAM: 5983.94 MB
Summe virtueller Speicher: 16299.9 MB
Verfügbarer virtueller Speicher: 13831.55 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:12.01 GB) NTFS
Drive d: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive f: (Speicherort) (Fixed) (Total:931.51 GB) (Free:704.39 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8DC378B)
Partition 1: (Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AAF3711E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Danke vorab. Viele Grüße Grolltar |
|
25.04.2017, 11:01
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Dein Thema ist untergegangen weil du dir selbst hier geantwortet, solche Themen werden als "in Arbeit" betrachtet und idR nicht weiter beachtet...
__________________Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.04.2017, 19:01
| #4 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hallo Cosinus, leider konnte ich nicht alle Logs in einem Post unterbringen, da die Zeichenanzahl überschritten war. Aber egal... Hier die aktuellen Logs: FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
durchgeführt von Lucas (Administrator) auf LUCAS-PC (25-04-2017 19:56:08)
Gestartet von C:\Users\Lucas\Desktop
Geladene Profile: Lucas (Verfügbare Profile: Lucas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\MountPoints2: {c30d90b1-440a-11e5-8121-806e6f6e6963} - E:\LaunchEAWG.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\WINDOWS\System32\SPReview\SPReview.exe [301568 2015-08-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{10FF6E7C-74F2-431C-84E5-0F0C9B89F55E}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: wsujwdz4.default
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\wsujwdz4.default [2017-04-25]
FF Homepage: Mozilla\Firefox\Profiles\wsujwdz4.default -> about:home
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509
CHR StartupUrls: Profile 1 -> "hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509"
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-27] <==== ACHTUNG
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-25]
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-27]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-01]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-03-16] (Advanced Micro Devices) [Datei ist nicht signiert]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-05] (BitRaider, LLC)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-12] (Windows (R) Win 7 DDK provider)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-04-09] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-30] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-30] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-03-17] (Advanced Micro Devices)
R3 L1C; C:\WINDOWS\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\WINDOWS\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2017-02-22] () [Datei ist nicht signiert]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-25 19:56 - 2017-04-25 19:56 - 00013059 _____ C:\Users\Lucas\Desktop\FRST.txt
2017-04-25 19:46 - 2017-04-25 19:46 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-04-25 19:46 - 2017-03-27 20:13 - 00394448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-25 19:46 - 2017-03-27 19:28 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-25 19:46 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-25 19:46 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-25 19:46 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-25 19:46 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-25 19:46 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-25 19:46 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-25 19:46 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-25 19:46 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-25 19:46 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-25 19:46 - 2017-03-25 20:47 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2017-04-25 19:46 - 2017-03-25 20:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2017-04-25 19:46 - 2017-03-25 20:44 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2017-04-25 19:46 - 2017-03-25 20:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-25 19:46 - 2017-03-25 20:35 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2017-04-25 19:46 - 2017-03-25 20:35 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2017-04-25 19:46 - 2017-03-25 20:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2017-04-25 19:46 - 2017-03-25 20:14 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2017-04-25 19:46 - 2017-03-25 20:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2017-04-25 19:46 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-25 19:46 - 2017-03-25 20:13 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-04-25 19:46 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-25 19:46 - 2017-03-25 20:04 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2017-04-25 19:46 - 2017-03-25 20:02 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2017-04-25 19:46 - 2017-03-25 19:57 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2017-04-25 19:46 - 2017-03-25 19:56 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-25 19:46 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-25 19:46 - 2017-03-25 19:45 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2017-04-25 19:46 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-25 19:46 - 2017-03-25 19:41 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2017-04-25 19:46 - 2017-03-25 19:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2017-04-25 19:46 - 2017-03-25 19:29 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2017-04-25 19:46 - 2017-03-25 19:24 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2017-04-25 19:46 - 2017-03-25 19:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-25 19:46 - 2017-03-25 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-25 19:46 - 2017-03-25 19:19 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2017-04-25 19:46 - 2017-03-25 19:17 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2017-04-25 19:46 - 2017-03-25 19:06 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2017-04-25 19:46 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-25 19:46 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-25 19:46 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-25 19:46 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-25 19:46 - 2017-03-25 18:57 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2017-04-25 19:46 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-25 19:46 - 2017-03-25 18:27 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2017-04-25 19:46 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-25 19:46 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-25 19:46 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-25 19:46 - 2017-03-25 00:50 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-25 19:46 - 2017-03-25 00:42 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 03165184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-25 19:46 - 2017-03-22 17:30 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-04-25 19:46 - 2017-03-22 17:24 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-25 19:46 - 2017-03-22 17:17 - 02651136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-25 19:46 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-25 19:46 - 2017-03-22 17:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-25 19:46 - 2017-03-22 17:05 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2017-04-25 19:46 - 2017-03-14 17:34 - 00986344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-25 19:46 - 2017-03-14 17:34 - 00265448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 19:46 - 2017-03-14 17:30 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-04-25 19:46 - 2017-03-10 18:35 - 00382696 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 19:46 - 2017-03-10 18:32 - 01389056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2017-04-25 19:46 - 2017-03-10 18:32 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2017-04-25 19:46 - 2017-03-10 18:27 - 00308456 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2017-04-25 19:46 - 2017-03-10 18:00 - 03219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-25 19:46 - 2017-03-10 17:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2017-04-25 19:46 - 2017-03-10 17:55 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-04-25 19:46 - 2017-03-10 17:55 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2017-04-25 19:46 - 2017-03-10 17:53 - 00034304 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 19:46 - 2017-03-09 18:34 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-04-25 19:46 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-04-25 19:46 - 2017-03-08 22:20 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2017-04-25 19:46 - 2017-03-08 22:10 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2017-04-25 19:46 - 2017-03-08 06:37 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-04-25 19:46 - 2017-03-08 06:36 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-25 19:46 - 2017-03-08 06:36 - 00706792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-04-25 19:46 - 2017-03-08 06:36 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-04-25 19:46 - 2017-03-08 06:36 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-04-25 19:46 - 2017-03-08 06:34 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:26 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
2017-04-25 19:46 - 2017-03-08 06:26 - 03945192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
2017-04-25 19:46 - 2017-03-08 06:24 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-04-25 19:46 - 2017-03-08 06:03 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2017-04-25 19:46 - 2017-03-08 06:03 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-04-25 19:46 - 2017-03-08 06:03 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-04-25 19:46 - 2017-03-08 06:00 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2017-04-25 19:46 - 2017-03-08 05:59 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2017-04-25 19:46 - 2017-03-08 05:57 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
2017-04-25 19:46 - 2017-03-08 05:56 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-25 19:46 - 2017-03-08 05:56 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-25 19:46 - 2017-03-08 05:56 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-25 19:46 - 2017-03-08 05:55 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2017-04-25 19:46 - 2017-03-08 05:55 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2017-04-25 19:46 - 2017-03-08 05:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2017-04-25 19:46 - 2017-03-08 05:53 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-25 19:46 - 2017-03-07 18:30 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 19:46 - 2017-03-07 18:17 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 19:46 - 2017-03-07 16:05 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-25 19:46 - 2017-03-04 03:27 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 19:46 - 2017-03-04 03:27 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 19:46 - 2017-03-04 03:14 - 01329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 19:46 - 2017-03-04 03:14 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 19:46 - 2016-03-24 00:40 - 03181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-25 19:46 - 2016-03-24 00:40 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpGroupPolicyExtension.dll
2017-04-25 19:44 - 2017-04-25 19:44 - 00000000 ____D C:\Users\Lucas\Desktop\FRST-OlderVersion
2017-04-17 08:47 - 2017-04-17 08:47 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00001226 _____ C:\Users\Public\Desktop\Windows Movie Maker.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\WMM
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Movie Maker
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-04-17 08:45 - 2017-04-17 08:45 - 26689458 _____ (videowinsoft.com ) C:\Users\Lucas\Downloads\windows-movie-maker-2016.exe
2017-04-16 20:00 - 2017-04-16 20:00 - 00000000 ____D C:\Users\Lucas\AppData\Local\TeamSpeak 3
2017-04-16 20:00 - 2017-04-16 20:00 - 00000000 ____D C:\Users\Lucas\.TeamSpeak 3
2017-04-16 19:59 - 2017-04-19 20:46 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\TS3Client
2017-04-16 19:59 - 2017-04-17 17:37 - 00000000 ____D C:\Users\Lucas\AppData\Local\TeamSpeak 3 Client
2017-04-16 19:59 - 2017-04-16 19:59 - 00001207 _____ C:\Users\Lucas\Desktop\TeamSpeak 3 Client.lnk
2017-04-16 19:59 - 2017-04-16 19:59 - 00001165 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-04-16 19:58 - 2017-04-16 19:58 - 77586344 _____ (TeamSpeak Systems GmbH) C:\Users\Lucas\Downloads\TeamSpeak3-Client-win64-3.1.3.exe
2017-04-16 19:57 - 2017-04-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-16 19:57 - 2017-04-25 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-16 19:57 - 2017-04-16 19:57 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-16 19:57 - 2017-04-16 19:57 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-16 19:56 - 2017-04-16 19:56 - 00245640 _____ C:\Users\Lucas\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-12 18:40 - 2017-04-12 18:40 - 00854584 _____ (ROBLOX Corporation) C:\Users\Lucas\Downloads\RobloxPlayerLauncher (2).exe
2017-04-09 19:27 - 2017-04-09 19:27 - 00854584 _____ (ROBLOX Corporation) C:\Users\Lucas\Downloads\RobloxPlayerLauncher (1).exe
2017-04-01 22:09 - 2017-04-01 22:09 - 00003152 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-04-01 22:09 - 2017-04-01 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-04-01 22:09 - 2017-04-01 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-04-01 22:07 - 2017-03-17 00:26 - 09685760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2017-04-01 22:07 - 2017-03-17 00:26 - 01286616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-04-01 22:07 - 2017-03-17 00:26 - 00036232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00537992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00469384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2017-04-01 22:07 - 2017-03-17 00:25 - 00160648 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00135048 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00129416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00108936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2017-04-01 22:07 - 2017-03-17 00:25 - 00059784 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2017-04-01 22:07 - 2017-03-17 00:25 - 00033672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-04-01 22:07 - 2017-03-17 00:24 - 09575304 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2017-04-01 22:07 - 2017-03-17 00:24 - 07528328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2017-04-01 22:07 - 2017-03-17 00:24 - 00849288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-04-01 22:07 - 2017-03-17 00:24 - 00683400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 09354112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 07608768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00281992 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-04-01 22:07 - 2017-03-17 00:16 - 00275336 _____ C:\WINDOWS\system32\GameManager64.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00240008 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00124288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00020360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-04-01 22:07 - 2017-03-17 00:16 - 00020360 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-04-01 22:07 - 2017-03-17 00:15 - 00516488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2017-04-01 22:07 - 2017-03-17 00:15 - 00286600 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2017-04-01 22:07 - 2017-03-17 00:15 - 00110472 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-04-01 22:07 - 2017-03-17 00:14 - 00527240 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-04-01 22:07 - 2017-03-17 00:14 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-04-01 22:07 - 2017-03-17 00:14 - 00290184 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-04-01 22:07 - 2017-03-17 00:14 - 00230280 _____ C:\WINDOWS\system32\atieah64.exe
2017-04-01 22:07 - 2017-03-17 00:14 - 00208264 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-04-01 22:07 - 2017-03-17 00:14 - 00176520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-04-01 22:07 - 2017-03-17 00:14 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2017-04-01 22:07 - 2017-03-17 00:14 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 15728008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 14318984 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 12375088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 11334288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00942472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00942472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00915336 _____ (AMD) C:\WINDOWS\system32\coinst_16.60.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-04-01 22:07 - 2017-03-17 00:13 - 00269192 _____ C:\WINDOWS\system32\clinfo.exe
2017-04-01 22:07 - 2017-03-17 00:13 - 00112520 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00103304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00078728 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00072072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00068488 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2017-04-01 22:07 - 2017-03-17 00:13 - 00065416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 59102600 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 46392200 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 32694152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2017-04-01 22:07 - 2017-03-17 00:12 - 28656008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 22657416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 09872264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 07919496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 02498952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 02178952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00305544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2017-04-01 22:07 - 2017-03-17 00:12 - 00248200 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00221064 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00115000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-04-01 22:07 - 2017-03-17 00:12 - 00103152 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 26347400 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00155016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amduve64.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amduve32.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-04-01 22:07 - 2017-03-17 00:11 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2017-04-01 22:07 - 2017-03-16 23:00 - 00785488 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-04-01 22:07 - 2017-03-16 23:00 - 00785488 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-04-01 22:07 - 2017-03-16 22:58 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-04-01 22:07 - 2017-03-16 22:54 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-04-01 22:07 - 2017-02-27 12:13 - 00941223 _____ C:\WINDOWS\system32\amdicdxx.dat
2017-04-01 22:07 - 2017-02-10 00:36 - 00368832 _____ C:\WINDOWS\system32\ativvaxy_el_nd.dat
2017-04-01 22:07 - 2017-02-02 22:34 - 00234292 _____ C:\WINDOWS\system32\ativvaxy_cik.dat
2017-04-01 22:07 - 2017-02-02 22:34 - 00234032 _____ C:\WINDOWS\system32\ativvaxy_cik_nd.dat
2017-04-01 22:07 - 2017-02-02 22:24 - 00325316 _____ C:\WINDOWS\system32\ativvaxy_vi.dat
2017-04-01 22:07 - 2017-02-02 22:24 - 00325056 _____ C:\WINDOWS\system32\ativvaxy_vi_nd.dat
2017-04-01 22:07 - 2017-02-02 22:15 - 00266772 _____ C:\WINDOWS\system32\ativvaxy_FJ.dat
2017-04-01 22:07 - 2017-02-02 22:15 - 00266512 _____ C:\WINDOWS\system32\ativvaxy_FJ_nd.dat
2017-04-01 22:07 - 2017-02-02 22:12 - 00276832 _____ C:\WINDOWS\system32\ativvaxy_stn_nd.dat
2017-04-01 22:07 - 2017-02-02 22:09 - 00271456 _____ C:\WINDOWS\system32\ativvaxy_cz_nd.dat
2017-04-01 22:07 - 2017-01-26 00:19 - 00160768 _____ C:\WINDOWS\system32\ativce03.dat
2017-04-01 22:07 - 2017-01-26 00:19 - 00159072 _____ C:\WINDOWS\system32\amde31a.dat
2017-04-01 22:07 - 2017-01-18 18:07 - 00166560 _____ C:\WINDOWS\system32\amde34b.dat
2017-04-01 22:07 - 2017-01-18 18:06 - 00166560 _____ C:\WINDOWS\system32\amde34a.dat
2017-04-01 22:07 - 2016-12-22 22:09 - 00120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-04-01 22:07 - 2016-12-20 14:41 - 00096256 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdW76.sys
2017-04-01 22:07 - 2016-12-20 14:40 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2017-04-01 22:07 - 2016-11-02 17:47 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2017-04-01 22:07 - 2016-10-17 21:28 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-04-01 22:07 - 2016-09-03 00:30 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-04-01 22:07 - 2016-09-02 17:24 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-04-01 21:48 - 2017-04-01 21:49 - 497568392 _____ (AMD Inc.) C:\Users\Lucas\Downloads\non-whql-win7-64bit-radeon-software-crimson-relive-17.3.3-mar16.exe
2017-04-01 21:36 - 2017-02-14 18:33 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-01 21:36 - 2017-02-14 18:19 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32spl.dll
2017-04-01 21:36 - 2017-02-09 18:32 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-01 21:36 - 2017-02-09 18:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-01 21:36 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-01 21:16 - 2017-04-25 19:56 - 00000000 ____D C:\FRST
2017-04-01 21:16 - 2017-04-25 19:44 - 02426368 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe
2017-04-01 21:16 - 2017-04-01 21:17 - 00054158 _____ C:\Users\Lucas\Desktop\FRST1.txt
2017-04-01 21:16 - 2017-04-01 21:17 - 00043688 _____ C:\Users\Lucas\Desktop\Addition1.txt
2017-04-01 20:45 - 2017-04-25 19:48 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 20:45 - 2017-04-25 19:48 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-01 20:45 - 2017-04-13 12:51 - 00003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-01 20:45 - 2017-04-13 12:51 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-01 10:50 - 2017-04-01 10:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-01 10:50 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-25 19:55 - 2016-11-20 13:21 - 00000000 ____D C:\Users\Lucas\AppData\LocalLow\Mozilla
2017-04-25 19:54 - 2015-12-24 22:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-25 19:54 - 2009-07-14 07:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 19:54 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-25 19:54 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-25 19:51 - 2009-07-14 07:32 - 00000000 ____D C:\WINDOWS\Performance
2017-04-25 19:51 - 2009-07-14 06:45 - 00269296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 19:50 - 2015-08-16 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 19:50 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-25 19:50 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-25 19:48 - 2015-08-16 14:38 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-25 19:48 - 2015-08-16 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-25 19:47 - 2015-08-16 14:20 - 01592628 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-25 19:47 - 2009-07-14 19:58 - 00699092 _____ C:\WINDOWS\system32\perfh007.dat
2017-04-25 19:47 - 2009-07-14 19:58 - 00149232 _____ C:\WINDOWS\system32\perfc007.dat
2017-04-25 19:47 - 2009-07-14 07:13 - 01592628 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-25 19:47 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\inf
2017-04-25 19:46 - 2017-02-18 21:03 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-25 19:46 - 2015-08-21 19:42 - 00000000 ____D C:\Program Files\Java
2017-04-25 19:46 - 2015-08-21 19:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-25 19:46 - 2015-08-16 14:53 - 00000000 ____D C:\ProgramData\Oracle
2017-04-25 19:46 - 2015-08-16 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-25 19:45 - 2016-01-24 20:58 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-25 19:45 - 2015-10-15 14:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-20 15:17 - 2015-09-08 21:03 - 00001194 _____ C:\Users\Lucas\Desktop\nativelog.txt
2017-04-20 15:17 - 2015-08-16 14:33 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\.minecraft
2017-04-19 08:09 - 2016-06-08 19:57 - 00001348 _____ C:\Users\Lucas\Desktop\ROBLOX Player.lnk
2017-04-19 08:09 - 2016-06-08 19:57 - 00001167 _____ C:\Users\Lucas\Desktop\ROBLOX Studio.lnk
2017-04-19 08:09 - 2016-06-08 19:57 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-04-18 15:16 - 2015-08-21 19:39 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\ftblauncher
2017-04-18 15:16 - 2015-08-21 19:39 - 00000000 ____D C:\Users\Lucas\AppData\Local\ftblauncher
2017-04-18 15:16 - 2015-08-21 19:38 - 07662317 _____ C:\Users\Lucas\Downloads\FTB_Launcher.exe
2017-04-17 20:23 - 2015-12-05 20:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-17 17:35 - 2009-07-14 07:32 - 00000000 ____D C:\WINDOWS\Downloaded Program Files
2017-04-17 08:24 - 2017-02-27 15:25 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\Audacity
2017-04-16 20:00 - 2015-08-16 13:40 - 00000000 ____D C:\Users\Lucas
2017-04-13 15:33 - 2015-08-27 18:57 - 00007597 _____ C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2017-04-08 00:06 - 2015-08-16 14:21 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-02 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-02 14:07 - 2016-06-08 19:57 - 00000252 _____ C:\Users\Lucas\AppData\LocalLow\rbxcsettings.rbx
2017-04-02 11:50 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\rescache
2017-04-02 11:14 - 2015-12-24 22:16 - 00000000 ____D C:\Users\Lucas\AppData\Local\AMD
2017-04-01 22:13 - 2016-11-15 20:04 - 00000000 ____D C:\Users\Lucas\AppData\LocalLow\AMD
2017-04-01 22:09 - 2015-12-24 22:14 - 00000000 ____D C:\Program Files\AMD
2017-04-01 22:07 - 2015-08-16 14:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 20:45 - 2016-10-19 19:18 - 00000000 ____D C:\Users\Lucas\AppData\Local\Deployment
2017-04-01 20:45 - 2016-05-20 20:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-01 20:39 - 2016-11-17 21:15 - 00000000 ____D C:\WINDOWS\pss
2017-04-01 20:39 - 2009-07-14 06:45 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-01 16:21 - 2017-03-07 20:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-01 10:50 - 2017-03-07 20:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-01 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\security
2017-03-31 13:51 - 2017-02-26 16:02 - 00000000 ____D C:\Program Files (x86)\Emather
2017-03-31 13:32 - 2015-08-16 13:40 - 00001042 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-28 08:28 - 2015-08-16 14:40 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-03-28 08:28 - 2015-08-16 14:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-28 08:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-27 18:33 - 2017-02-27 18:33 - 0000000 ___RH () C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2
2017-02-26 16:06 - 2017-02-26 16:06 - 0140288 _____ () C:\Users\Lucas\AppData\Roaming\Installer.dat
2017-02-26 16:06 - 2017-02-26 16:06 - 0018432 _____ () C:\Users\Lucas\AppData\Roaming\Main.dat
2015-08-27 18:57 - 2017-04-13 15:33 - 0007597 _____ () C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:00 - 2017-02-24 20:00 - 0004110 _____ () C:\ProgramData\kjiixkes.ghp
2017-02-24 20:00 - 2017-02-24 20:00 - 0000016 _____ () C:\ProgramData\mntemp
Einige Dateien in TEMP:
====================
2017-04-09 20:24 - 2017-04-09 20:26 - 0065536 _____ (Sony DADC Austria AG) C:\Users\Lucas\AppData\Local\Temp\drm_dialogs.dll
2017-04-25 19:45 - 2017-04-25 19:45 - 0739904 _____ (Oracle Corporation) C:\Users\Lucas\AppData\Local\Temp\jre-8u131-windows-au.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is20AA.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is66EC.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is72E0.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is9E91.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_isB451.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-13 14:17
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-04-2017 01
durchgeführt von Lucas (25-04-2017 19:56:39)
Gestartet von C:\Users\Lucas\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-16 11:40:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1802964633-906943791-4234860916-500 - Administrator - Disabled)
Gast (S-1-5-21-1802964633-906943791-4234860916-501 - Limited - Disabled)
Lucas (S-1-5-21-1802964633-906943791-4234860916-1000 - Administrator - Enabled) => C:\Users\Lucas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
ACP Application (Version: 2017.0316.1703.13 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Catalyst Control Center Next Localization BR (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0316.1721.29397 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Curse Client (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 de)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
ROBLOX Player for Lucas (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\TeamSpeak 3 Client) (Version: 3.1.3 - TeamSpeak Systems GmbH)
TerraTech Demo (HKLM\...\Steam App 313990) (Version: - Payload Studios)
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
The Elder Scrolls IV: Oblivion (HKLM\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Unity Web Player (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{05bde6b6-6900-44e5-a477-d7c6cdcd80fa}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2607D0F4-CBC7-40D6-8D09-C3E2F6464555} - System32\Tasks\{1D0C8784-6CAB-495C-9B9A-B77F4B37AA4B} => F:\siedler4\S4.exe [2016-11-20] ()
Task: {26D9BA8F-25C8-4586-8399-BAEBA9E3D688} - System32\Tasks\{DC53BF79-0366-4E11-A053-9977B2D7B645} => F:\Games\Minecraft\MinecraftLauncher.exe [2017-04-12] (Mojang)
Task: {73CDDB89-7C27-424B-894B-DAD176301AC7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} - \Zejerdomnajuse -> Keine Datei <==== ACHTUNG
Task: {DA30909A-BC2B-44F7-B0B7-B92BF02EEC04} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-03-16] (Advanced Micro Devices, Inc.)
Task: {EC2B2C6A-17C0-44B2-A5AE-9E72399DF2C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {F538A098-6E29-4A26-A22F-72AEAC9DD067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {FA0ACA68-0047-4CBE-9CBF-81BACF53FFD8} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-16 14:40 - 2012-11-14 09:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-08-16 14:40 - 2012-11-14 09:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-12-13 19:29 - 2013-10-29 14:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-12-13 19:29 - 2012-12-11 12:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-03-07 20:08 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-07 20:08 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-07 20:08 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-07 20:08 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-07 20:08 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-12-13 19:29 - 2013-01-15 18:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-12-13 19:29 - 2011-11-22 15:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-04-01 15:27 - 00454348 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15591 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: chip1click => 2
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Kyubey => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\WINDOWS\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{8F0D51B1-6E4F-4ED7-AFE3-8CF475953E58}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F27C648F-BE63-4483-95B2-EE348E88E5E2}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{343011D2-133F-4168-9AE2-42FF7C19274A}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [UDP Query User{1F606B6E-74E1-4EF1-B5B2-42E1CBDBC2F4}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [TCP Query User{3E994D4B-1DCF-4A9F-A0B7-7B5B655BABEB}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{9B5064A8-7450-46FB-9610-02C53E34B6E6}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{E91D8466-26A1-4FA7-AC0B-B20E604783AF}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{24C6D0E3-D6F1-4C08-BB19-0640CC89B55C}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{5E3925E0-A8A1-4E6F-AEC4-62F64CC12BBB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C6D42C3-582F-493C-90AE-C29CFB4B2BC6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8AF1E23E-B86D-477F-A02C-75D3DF2A9D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{835DE4FA-FBAA-4B38-AB33-524BB8A24593}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{720DFEB8-BEC5-4A07-A5D3-BC05F8231179}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4620907-2EAE-45A7-904E-EB0459D6657C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAF4B3B4-EAAF-465A-BA1A-D67E34150D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB811861-78CC-4B60-9402-849CDDB5CEFA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C34FC61F-A2B8-46AA-B9D2-0A914EAF844D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7CE60997-A7DF-4B12-B1C3-0E95EF72D609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{463B23BE-389F-4FB0-8DA3-06B8DDA10A6E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{6CCEEF7C-EDFF-4BB7-A15E-36D28A94C69E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{80BDBA77-16A7-491E-942D-CDCB4ADB14D5}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{E8406712-0943-4913-9296-24E7AB4A6525}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{39C213DC-1909-4A88-8C95-27BFFD198A87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3CEC925-1ACD-40E8-8D9C-048CD4324B0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B41B9138-2D17-4DF0-9378-10AB2538E805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E9E8F999-777C-43F4-A957-ECECB2927CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{EC14CE79-CDFB-4748-BB4B-B736255DEB16}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BC5C8BBE-FE6C-40C5-ACC6-DBAD17CD93BB}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{885853C0-B217-445A-943F-23CCF983361B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{776AB501-65BB-43AA-BB0C-71C4BAD5F19E}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{4735D599-D858-4FE6-A70F-5DECCDA30E41}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{10E99BFE-0A6B-45D2-B8DE-61031C5D440D}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{640D859B-E927-4317-90E3-DFC1BD6818FF}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2B576BC0-668A-4794-88FD-4D55A5F9E7DB}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{5CF531E9-9500-4555-B6CB-FE54967A4257}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [UDP Query User{6DDA6577-783F-47DB-8680-D7FB26B38291}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [{0729E4DC-3296-4274-ABAA-21C2626C077E}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AE0BA52F-256D-41AD-8908-8EE5834EA85F}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{ED64B98B-5816-4AF5-835B-B6B4FD4A7CA0}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{7AF5E95A-CA71-417B-B1BC-4FDFCD6C93C6}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{B752E32A-8251-4E97-869D-57714505F93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9AE7EEA6-EADD-426E-983B-A106813888F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{71DC1D5E-B1DF-40E5-82B6-317B1D93FAF0}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{D75FF60F-82E1-4B76-AE2F-79F1F40D5F17}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{AE314C7C-AC46-4236-85FC-C67AA8C2DEC8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{3697F69D-3B9F-423D-9FEC-D9FA5B2FCC8F}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{EF06CB97-CB20-48B0-8933-465ADFAF9A43}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{E019FAAE-58F3-4A32-BCB9-CBDEAE1E16C4}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [TCP Query User{694D11BC-8765-4F6B-A691-D573F146078C}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{00173E86-F589-48D3-ABD3-0F733427CB9D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{4342FDFD-3BD0-44A3-A362-0A03BC5F4D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [{A111308A-39D6-43B2-9364-7C88FBFF419B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [TCP Query User{AC051ACD-0C64-4E29-B019-0339E49E95D5}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3837F4A4-70CB-49F4-8010-68A98034D173}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AF795322-AE31-452A-BAE6-8EB22F983C30}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{6A885944-C52F-43D5-AC7B-3FDAF2387260}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{8E8E12AB-6874-4E3E-B6AE-06D5DE6854F3}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [UDP Query User{41285C5B-CE1D-4C73-91D7-5586D7DE5CF1}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [TCP Query User{C2EE438D-421F-4E7D-89E3-5BD4A20CD02B}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{2A8DA712-DA0A-47E0-9726-C197639A09C6}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{D2BC5687-9C9A-4C20-8346-D3BCF3552F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{B4BE0EE2-B352-4138-8C28-F8A8121A30A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{D7555D66-1BA9-4F8F-B550-A0E17BDF9158}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B8B668E-4969-41F7-A923-FD7D25584BFB}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{FF525BD8-44A9-4581-969D-73359A9248B0}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [UDP Query User{009BA7F1-CAB4-457B-A544-49F8A9409C67}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [{3590D940-0A34-4005-9312-0D0FDC4BFABF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D4F75AB-1FE6-42CF-942D-0142FC1D97BD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B8913806-0507-4786-A257-F862C60FA864}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EB9834F1-523A-47B1-83B9-68F9D1E78774}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{16093E6A-A8C2-423B-92BF-A8D5CE68F989}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D3B7646B-8A36-463B-AFC4-C9C22A6F2593}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{268CC1A0-4DBF-4BFC-BABA-23B5003B20D6}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{C972DEBB-6942-4AD9-B099-85F247905DAA}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{CBA946D8-8DED-4D6B-AF41-A2E21C252871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{7D8A49C8-F108-4E35-A8CB-0FEF7BBA6162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{499A58FD-B2AA-483D-B19C-0413C078FC98}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF0231BD-E16D-44C3-ACDA-5B70E8F652B3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{DBEAC1FD-6417-4654-A67F-860DF9ED40A3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{9B0B0CF3-7238-460B-B6CD-BC0F9F190AF0}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4E015EA8-D69E-4AA7-BF27-7EE5A4315884}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{10D61C6A-9695-4FC9-AAE6-A524F9B7DF96}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [UDP Query User{94A3D65B-14C9-4B30-9953-5ABFE9259F5F}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [{F70DF336-25B1-4441-B8B0-2D5A43CD477C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC91F95F-DC6A-4860-AABF-6D445CFE810F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC2E5E62-AC61-4D3D-9F59-48EAD6D8D808}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Wiederherstellungspunkte =========================
25-04-2017 19:46:14 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/25/2017 07:46:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/25/2017 07:45:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "c:\program files\amd\cim\bin64\SetACL64.exe".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/25/2017 07:41:16 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/25/2017 07:41:16 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:18:07 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:18:07 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:12:10 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:12:10 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:11:30 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Error: (04/20/2017 04:11:30 PM) (Source: amdacpusrsvc) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (04/25/2017 07:55:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/25/2017 07:55:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/25/2017 07:52:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/25/2017 07:52:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/20/2017 04:11:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (04/19/2017 03:49:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (04/19/2017 12:01:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.
Error: (04/17/2017 05:35:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/17/2017 05:35:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/16/2017 04:59:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 8150.86 MB
Verfügbarer physikalischer RAM: 6363.46 MB
Summe virtueller Speicher: 16299.9 MB
Verfügbarer virtueller Speicher: 14312.93 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:19.87 GB) NTFS
Drive d: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (EAWG_1D) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
Drive f: (Speicherort) (Fixed) (Total:931.51 GB) (Free:646.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8DC378B)
Partition 1: (Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AAF3711E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Grolltar |
|
25.04.2017, 22:00
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Danach bitte mit MBAR weitermachen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.04.2017, 19:19
| #6 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hallo Cosinus, hier das Ergebnis nach dem ersten MBAR Lauf: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.04.26.05
rootkit: v2017.04.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18638
Lucas :: LUCAS-PC [administrator]
26.04.2017 18:23:31
mbar-log-2017-04-26 (18-23-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 300330
Time elapsed: 10 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA0ACA68-0047-4CBE-9CBF-81BACF53FFD8} (Adware.DNSUnlocker.ACMB2) -> Delete on reboot. [d2dba253b2f6fe38c06cde35f20f9070]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\QForlLgs0EYm (Adware.DNSUnlocker.ACMB2) -> Delete on reboot. [2a830ce900a8c76f85c84dc5da2760a0]
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA0ACA68-0047-4CBE-9CBF-81BACF53FFD8}|Path (Adware.DNSUnlocker.ACMB2) -> Data: \QForlLgs0EYm -> Delete on reboot. [d2dba253b2f6fe38c06cde35f20f9070]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\Program Files (x86)\Emather (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9193a41 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9f8b0 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
Files Detected: 7
C:\Windows\System32\Tasks\QForlLgs0EYm (Adware.DNSUnlocker) -> Delete on reboot. [1598d2230d9bd165e2eb8f82c0418a76]
C:\Program Files (x86)\Emather\CrashReport.dll (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\pruherle.exe (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9193a41\3 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9193a41\4 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9f8b0\3 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
C:\Program Files (x86)\Emather\_ALLOWDEL_9f8b0\4 (Adware.Elex) -> Delete on reboot. [45686194acfcde5854d4a86942bf6d93]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2017.04.26.05
rootkit: v2017.04.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18638
Lucas :: LUCAS-PC [administrator]
26.04.2017 19:48:40
mbar-log-2017-04-26 (19-48-40).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 300236
Time elapsed: 10 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
 Grüße Grolltar |
|
26.04.2017, 20:59
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2017, 17:58
| #8 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hi Cosinus, hier die gewünschten Logs: 1. AD 1. Suchlauf Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 27/04/2017 um 18:48:13
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-04-25.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Lucas - LUCAS-PC
# Gestartet von : C:\Users\Lucas\Downloads\AdwCleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Lucas\AppData\Roaming\Microleaves
[-] Ordner gelöscht: C:\Users\Lucas\AppData\Roaming\tlerauic
[-] Ordner gelöscht: C:\ProgramData\Microleaves
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Microleaves
[-] Ordner gelöscht: C:\Program Files (x86)\Microleaves
[-] Ordner gelöscht: C:\WINDOWS\SysWOW64\sstmp
***** [ Dateien ] *****
[-] Datei gelöscht: C:\Users\Lucas\AppData\Roaming\Installer.dat
[-] Datei gelöscht: C:\Users\Lucas\AppData\Roaming\Main.dat
[-] Datei gelöscht: C:\WINDOWS\unins000.dat
[-] Datei gelöscht: C:\WINDOWS\unins000.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Kyubey
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microleaves
[-] Schlüssel gelöscht: HKLM\SOFTWARE\msServer
[-] Schlüssel gelöscht: HKLM\SOFTWARE\QForlLgs0EYm Updater
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microleaves
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-1802964633-906943791-4234860916-1000\Products\22dab7df1273e6748e51e8e147fdb2dc
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Browser ] *****
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1] [startup_urls] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] Gelöscht: hxxp://www.startpageing123.com/searchfavicon.ico
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1] [homepage] Gelöscht: hxxp://www.startpageing123.com/?type=hp&ts=1488822688&z=abe94673a2d4ff27248c69cg2z5bfbfb0o8o5q2b3m&from=che0812&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web data] [Search Provider] Gelöscht: youndoo
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [startup_urls] Gelöscht: hxxp://www.youndoo.com/?z=e1d09d927840680bb2558f1gcz1bdb8gcgdm2m0q4t&from=wak&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509&type=hp
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [homepage] Gelöscht: hxxp://www.youndoo.com/?z=e1d09d927840680bb2558f1gcz1bdb8gcgdm2m0q4t&from=wak&uid=SAMSUNGXSSDX830XSeries_S0Z3NSAC923509&type=hp
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3547 Bytes] - [27/04/2017 18:48:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [3570 Bytes] - [27/04/2017 18:47:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3693 Bytes] ##########
Code:
ATTFilter # AdwCleaner v6.046 - Bericht erstellt am 27/04/2017 um 18:52:27
# Aktualisiert am 24/04/2017 von Malwarebytes
# Datenbank : 2017-04-25.1 [Lokal]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : Lucas - LUCAS-PC
# Gestartet von : C:\Users\Lucas\Downloads\AdwCleaner_6.046.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Gelöscht: startpageing123
[-] [C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] Gelöscht: hxxp://www.startpageing123.com/searchfavicon.ico
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3792 Bytes] - [27/04/2017 18:48:13]
C:\AdwCleaner\AdwCleaner[C2].txt - [1322 Bytes] - [27/04/2017 18:52:27]
C:\AdwCleaner\AdwCleaner[S0].txt - [3570 Bytes] - [27/04/2017 18:47:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [1712 Bytes] - [27/04/2017 18:52:03]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1541 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Lucas (Administrator) on 27.04.2017 at 18:53:52,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 27
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KC0QX4M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EFXFXJ8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GH0D5QHO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPOJ23TO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1LOG6CC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N15UK6V7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGGFP9EV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lucas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFLC8GOQ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3KC0QX4M (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8EFXFXJ8 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GH0D5QHO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IPOJ23TO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1LOG6CC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N15UK6V7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGGFP9EV (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QFLC8GOQ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\SysWOW64\RENB5E9.tmp (File)
Registry: 1
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2017 at 18:54:27,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grolltar |
|
28.04.2017, 09:04
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2017, 19:11
| #10 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Nabend Cosinus, hier die frischen Logs: FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
durchgeführt von Lucas (Administrator) auf LUCAS-PC (28-04-2017 20:04:54)
Gestartet von C:\Users\Lucas\Desktop
Geladene Profile: Lucas (Verfügbare Profile: Lucas)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.3\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-26] (VIA)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\MountPoints2: {c30d90b1-440a-11e5-8121-806e6f6e6963} - E:\LaunchEAWG.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\WINDOWS\System32\SPReview\SPReview.exe [301568 2015-08-16] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{10FF6E7C-74F2-431C-84E5-0F0C9B89F55E}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131354330990114869&GUID=1310BF68-DA5B-4FCF-9DCD-1E502A1E4739
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: wsujwdz4.default
FF ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\wsujwdz4.default [2017-04-27]
FF Homepage: Mozilla\Firefox\Profiles\wsujwdz4.default -> about:home
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1802964633-906943791-4234860916-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-27] <==== ACHTUNG
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-28]
CHR Extension: (Google Docs) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-27]
CHR Extension: (Google Drive) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-27]
CHR Extension: (YouTube) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-27]
CHR Extension: (Google Docs Offline) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01]
CHR Extension: (Google Mail) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-27]
CHR Extension: (Chrome Media Router) - C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-04-10] (Advanced Micro Devices) [Datei ist nicht signiert]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-12-05] (BitRaider, LLC)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42792 2016-09-12] (Windows (R) Win 7 DDK provider)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [245544 2016-04-09] (EasyAntiCheat Ltd)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-30] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-30] (Electronic Arts)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305544 2017-04-10] (Advanced Micro Devices)
R3 L1C; C:\WINDOWS\System32\DRIVERS\L1C60x64.sys [121032 2013-07-16] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\WINDOWS\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2017-02-22] () [Datei ist nicht signiert]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-27 18:54 - 2017-04-27 18:54 - 00004775 _____ C:\Users\Lucas\Desktop\JRT.txt
2017-04-27 18:50 - 2017-04-27 18:50 - 01663672 _____ (Malwarebytes) C:\Users\Lucas\Downloads\JRT.exe
2017-04-27 18:50 - 2017-04-27 18:50 - 00003795 _____ C:\Users\Lucas\Desktop\AdwCleaner[C0].txt
2017-04-27 18:46 - 2017-04-27 18:52 - 00000000 ____D C:\AdwCleaner
2017-04-27 18:43 - 2017-04-27 18:43 - 04102600 _____ C:\Users\Lucas\Downloads\AdwCleaner_6.046.exe
2017-04-26 18:23 - 2017-04-27 18:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-26 18:22 - 2017-04-26 20:16 - 00000000 ____D C:\Users\Lucas\Desktop\mbar
2017-04-26 18:22 - 2017-04-26 18:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lucas\Downloads\mbar-1.09.3.1001.exe
2017-04-26 18:19 - 2017-04-26 18:19 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-04-26 18:18 - 2017-04-26 18:18 - 00000488 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-04-26 18:18 - 2017-04-26 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-04-26 18:17 - 2017-04-26 18:17 - 07178424 _____ (VS Revo Group ) C:\Users\Lucas\Downloads\revosetup_v2.0.3.exe
2017-04-26 18:16 - 2017-04-26 18:16 - 00000000 ____D C:\Users\Lucas\AppData\Local\AMD
2017-04-25 20:10 - 2017-04-25 20:10 - 00004226 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2017-04-25 20:10 - 2017-04-25 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-04-25 20:09 - 2017-04-25 20:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-25 20:02 - 2017-04-25 20:02 - 00000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-04-25 20:01 - 2017-04-25 20:01 - 41305000 _____ (AMD Inc.) C:\Users\Lucas\Downloads\radeon-crimson-relive-17.4.3-minimalsetup-170417_64bit.exe
2017-04-25 19:56 - 2017-04-28 20:05 - 00011885 _____ C:\Users\Lucas\Desktop\FRST.txt
2017-04-25 19:56 - 2017-04-25 19:57 - 00042713 _____ C:\Users\Lucas\Desktop\Addition.txt
2017-04-25 19:46 - 2017-04-25 19:46 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-04-25 19:46 - 2017-03-27 20:13 - 00394448 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-25 19:46 - 2017-03-27 19:28 - 00346320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-25 19:46 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-25 19:46 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-04-25 19:46 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-25 19:46 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-25 19:46 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-25 19:46 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-25 19:46 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-25 19:46 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-25 19:46 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-25 19:46 - 2017-03-25 20:47 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-25 19:46 - 2017-03-25 20:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2017-04-25 19:46 - 2017-03-25 20:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2017-04-25 19:46 - 2017-03-25 20:45 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2017-04-25 19:46 - 2017-03-25 20:44 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2017-04-25 19:46 - 2017-03-25 20:44 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-25 19:46 - 2017-03-25 20:35 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2017-04-25 19:46 - 2017-03-25 20:35 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2017-04-25 19:46 - 2017-03-25 20:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2017-04-25 19:46 - 2017-03-25 20:14 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2017-04-25 19:46 - 2017-03-25 20:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2017-04-25 19:46 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-25 19:46 - 2017-03-25 20:13 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-04-25 19:46 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-25 19:46 - 2017-03-25 20:04 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2017-04-25 19:46 - 2017-03-25 20:02 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2017-04-25 19:46 - 2017-03-25 19:57 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-04-25 19:46 - 2017-03-25 19:56 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2017-04-25 19:46 - 2017-03-25 19:56 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-04-25 19:46 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-25 19:46 - 2017-03-25 19:45 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2017-04-25 19:46 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-04-25 19:46 - 2017-03-25 19:41 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2017-04-25 19:46 - 2017-03-25 19:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2017-04-25 19:46 - 2017-03-25 19:29 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2017-04-25 19:46 - 2017-03-25 19:24 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2017-04-25 19:46 - 2017-03-25 19:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-25 19:46 - 2017-03-25 19:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-25 19:46 - 2017-03-25 19:19 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2017-04-25 19:46 - 2017-03-25 19:17 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2017-04-25 19:46 - 2017-03-25 19:06 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2017-04-25 19:46 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-25 19:46 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-25 19:46 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-25 19:46 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-25 19:46 - 2017-03-25 18:57 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2017-04-25 19:46 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-25 19:46 - 2017-03-25 18:27 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2017-04-25 19:46 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-25 19:46 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-25 19:46 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-25 19:46 - 2017-03-25 00:50 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-04-25 19:46 - 2017-03-25 00:42 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 03165184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-04-25 19:46 - 2017-03-22 17:32 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-04-25 19:46 - 2017-03-22 17:30 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-04-25 19:46 - 2017-03-22 17:24 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-04-25 19:46 - 2017-03-22 17:17 - 02651136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-04-25 19:46 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-04-25 19:46 - 2017-03-22 17:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-04-25 19:46 - 2017-03-22 17:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-04-25 19:46 - 2017-03-22 17:05 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-04-25 19:46 - 2017-03-22 17:05 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2017-04-25 19:46 - 2017-03-14 17:34 - 00986344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-25 19:46 - 2017-03-14 17:34 - 00265448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 19:46 - 2017-03-14 17:30 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-04-25 19:46 - 2017-03-10 18:35 - 00382696 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 19:46 - 2017-03-10 18:32 - 01389056 _____ (Microsoft Corporation) C:\WINDOWS\system32\pla.dll
2017-04-25 19:46 - 2017-03-10 18:32 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2017-04-25 19:46 - 2017-03-10 18:31 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2017-04-25 19:46 - 2017-03-10 18:27 - 00308456 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pla.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2017-04-25 19:46 - 2017-03-10 18:20 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2017-04-25 19:46 - 2017-03-10 18:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2017-04-25 19:46 - 2017-03-10 18:00 - 03219968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-04-25 19:46 - 2017-03-10 17:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2017-04-25 19:46 - 2017-03-10 17:55 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-04-25 19:46 - 2017-03-10 17:55 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2017-04-25 19:46 - 2017-03-10 17:53 - 00034304 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 19:46 - 2017-03-09 18:34 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-04-25 19:46 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-04-25 19:46 - 2017-03-08 22:20 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdosys.dll
2017-04-25 19:46 - 2017-03-08 22:10 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdosys.dll
2017-04-25 19:46 - 2017-03-08 06:37 - 00631176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-04-25 19:46 - 2017-03-08 06:36 - 05548264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-25 19:46 - 2017-03-08 06:36 - 00706792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-04-25 19:46 - 2017-03-08 06:36 - 00154856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-04-25 19:46 - 2017-03-08 06:36 - 00095464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-04-25 19:46 - 2017-03-08 06:34 - 01732864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01460736 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 01163264 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptbase.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\secur32.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:26 - 04000488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntkrnlpa.exe
2017-04-25 19:46 - 2017-03-08 06:26 - 03945192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntoskrnl.exe
2017-04-25 19:46 - 2017-03-08 06:24 - 01314112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 01416192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 01114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\secur32.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2017-04-25 19:46 - 2017-03-08 06:22 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apisetschema.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00005120 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 06:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-04-25 19:46 - 2017-03-08 06:03 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\auditpol.exe
2017-04-25 19:46 - 2017-03-08 06:03 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-04-25 19:46 - 2017-03-08 06:03 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-04-25 19:46 - 2017-03-08 06:00 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2017-04-25 19:46 - 2017-03-08 05:59 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2017-04-25 19:46 - 2017-03-08 05:57 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\auditpol.exe
2017-04-25 19:46 - 2017-03-08 05:56 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-04-25 19:46 - 2017-03-08 05:56 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-04-25 19:46 - 2017-03-08 05:56 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-04-25 19:46 - 2017-03-08 05:55 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2017-04-25 19:46 - 2017-03-08 05:55 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2017-04-25 19:46 - 2017-03-08 05:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2017-04-25 19:46 - 2017-03-08 05:54 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2017-04-25 19:46 - 2017-03-08 05:53 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptbase.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00006144 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00004608 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00003584 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-25 19:46 - 2017-03-08 05:53 - 00003072 ____H (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-25 19:46 - 2017-03-07 18:30 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 19:46 - 2017-03-07 18:17 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 19:46 - 2017-03-07 16:05 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-25 19:46 - 2017-03-04 03:27 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 19:46 - 2017-03-04 03:27 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 19:46 - 2017-03-04 03:14 - 01329664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 19:46 - 2017-03-04 03:14 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 19:46 - 2016-03-24 00:40 - 03181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-25 19:46 - 2016-03-24 00:40 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpGroupPolicyExtension.dll
2017-04-25 19:44 - 2017-04-28 20:04 - 00000000 ____D C:\Users\Lucas\Desktop\FRST-OlderVersion
2017-04-17 08:47 - 2017-04-17 08:47 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00001226 _____ C:\Users\Public\Desktop\Windows Movie Maker.lnk
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\WMM
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Movie Maker
2017-04-17 08:47 - 2017-04-17 08:47 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-04-17 08:45 - 2017-04-17 08:45 - 26689458 _____ (videowinsoft.com ) C:\Users\Lucas\Downloads\windows-movie-maker-2016.exe
2017-04-16 20:00 - 2017-04-16 20:00 - 00000000 ____D C:\Users\Lucas\AppData\Local\TeamSpeak 3
2017-04-16 20:00 - 2017-04-16 20:00 - 00000000 ____D C:\Users\Lucas\.TeamSpeak 3
2017-04-16 19:59 - 2017-04-19 20:46 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\TS3Client
2017-04-16 19:59 - 2017-04-17 17:37 - 00000000 ____D C:\Users\Lucas\AppData\Local\TeamSpeak 3 Client
2017-04-16 19:59 - 2017-04-16 19:59 - 00001207 _____ C:\Users\Lucas\Desktop\TeamSpeak 3 Client.lnk
2017-04-16 19:59 - 2017-04-16 19:59 - 00001165 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2017-04-16 19:58 - 2017-04-16 19:58 - 77586344 _____ (TeamSpeak Systems GmbH) C:\Users\Lucas\Downloads\TeamSpeak3-Client-win64-3.1.3.exe
2017-04-16 19:57 - 2017-04-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-16 19:57 - 2017-04-25 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-16 19:57 - 2017-04-16 19:57 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-16 19:57 - 2017-04-16 19:57 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-16 19:56 - 2017-04-16 19:56 - 00245640 _____ C:\Users\Lucas\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-12 18:40 - 2017-04-12 18:40 - 00854584 _____ (ROBLOX Corporation) C:\Users\Lucas\Downloads\RobloxPlayerLauncher (2).exe
2017-04-10 19:32 - 2017-04-10 19:32 - 09446336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 07663888 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00543112 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-04-10 19:32 - 2017-04-10 19:32 - 00522632 _____ C:\WINDOWS\system32\GameManager64.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00356744 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00207760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00185088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00161344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2017-04-10 19:32 - 2017-04-10 19:32 - 00143864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 15728008 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 14318984 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 12139760 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 10088520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 01649736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 01342784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 01032072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 01032072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00768392 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00544136 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00543112 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00537992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00520072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2017-04-10 19:31 - 2017-04-10 19:31 - 00475016 _____ C:\WINDOWS\system32\atieah64.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00469384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00325512 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00236424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00194952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00182664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00161160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00155528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00142216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00126344 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00114056 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00078728 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00072072 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00068488 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2017-04-10 19:31 - 2017-04-10 19:31 - 00065416 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00060296 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00036232 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00033672 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00020360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-04-10 19:31 - 2017-04-10 19:31 - 00020360 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 59237256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 46456712 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 36547976 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2017-04-10 19:30 - 2017-04-10 19:30 - 28797832 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 22739336 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 14413536 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 13254256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 09899912 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 07955848 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 02527624 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 02189704 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00915848 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00855432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00687496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00505736 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00351624 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00305544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys
2017-04-10 19:30 - 2017-04-10 19:30 - 00269704 _____ C:\WINDOWS\system32\clinfo.exe
2017-04-10 19:30 - 2017-04-10 19:30 - 00185600 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00159112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00154152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00128968 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00121240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00121240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00112520 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00106248 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00103304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00092840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-04-10 19:30 - 2017-04-10 19:30 - 00092840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 32732552 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 26826120 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 10311560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 08470408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00166280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amduve64.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00135560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amduve32.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-04-10 19:29 - 2017-04-10 19:29 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2017-04-10 18:52 - 2017-04-10 18:52 - 00791456 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-04-10 18:52 - 2017-04-10 18:52 - 00791456 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-04-10 18:51 - 2017-04-10 18:51 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-04-10 18:46 - 2017-04-10 18:46 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-04-10 13:01 - 2017-04-10 13:01 - 02428928 _____ C:\WINDOWS\system32\amdacpusl.pdb
2017-04-10 12:55 - 2017-04-10 12:55 - 00364544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\amdacpusl.dll
2017-04-10 12:55 - 2017-04-10 12:55 - 00306176 _____ C:\WINDOWS\system32\amdacpusl.pdb.pub
2017-04-10 12:55 - 2017-04-10 12:55 - 00248832 _____ (Advanced Micro Devices) C:\WINDOWS\SysWOW64\amdacpusl.dll
2017-04-09 19:27 - 2017-04-09 19:27 - 00854584 _____ (ROBLOX Corporation) C:\Users\Lucas\Downloads\RobloxPlayerLauncher (1).exe
2017-04-01 21:48 - 2017-04-01 21:49 - 497568392 _____ (AMD Inc.) C:\Users\Lucas\Downloads\non-whql-win7-64bit-radeon-software-crimson-relive-17.3.3-mar16.exe
2017-04-01 21:36 - 2017-02-14 18:33 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-04-01 21:36 - 2017-02-14 18:19 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32spl.dll
2017-04-01 21:36 - 2017-02-09 18:32 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-04-01 21:36 - 2017-02-09 18:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-04-01 21:36 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:36 - 00011608 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-01 21:36 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-01 21:16 - 2017-04-28 20:04 - 02427392 _____ (Farbar) C:\Users\Lucas\Desktop\FRST64.exe
2017-04-01 21:16 - 2017-04-28 20:04 - 00000000 ____D C:\FRST
2017-04-01 21:16 - 2017-04-01 21:17 - 00054158 _____ C:\Users\Lucas\Desktop\FRST1.txt
2017-04-01 21:16 - 2017-04-01 21:17 - 00043688 _____ C:\Users\Lucas\Desktop\Addition1.txt
2017-04-01 20:45 - 2017-04-25 19:48 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-01 20:45 - 2017-04-25 19:48 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-01 20:45 - 2017-04-13 12:51 - 00003542 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-01 20:45 - 2017-04-13 12:51 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-01 10:50 - 2017-04-01 10:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-01 10:50 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-04-28 20:03 - 2009-07-14 07:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-27 19:05 - 2015-12-24 22:17 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-27 19:01 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-27 19:01 - 2009-07-14 06:45 - 00013568 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-27 18:58 - 2009-07-14 19:58 - 00699092 _____ C:\WINDOWS\system32\perfh007.dat
2017-04-27 18:58 - 2009-07-14 19:58 - 00149232 _____ C:\WINDOWS\system32\perfc007.dat
2017-04-27 18:58 - 2009-07-14 07:13 - 01619284 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-27 18:58 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\inf
2017-04-27 18:51 - 2016-11-20 13:21 - 00000000 ____D C:\Users\Lucas\AppData\LocalLow\Mozilla
2017-04-26 19:48 - 2015-12-05 20:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-26 19:48 - 2015-12-05 20:21 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-04-26 18:16 - 2009-07-14 07:08 - 00032632 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2017-04-25 20:12 - 2016-11-15 20:04 - 00000000 ____D C:\Users\Lucas\AppData\LocalLow\AMD
2017-04-25 20:10 - 2015-12-24 22:14 - 00000000 ____D C:\Program Files\AMD
2017-04-25 20:06 - 2015-08-16 14:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-25 20:05 - 2017-03-07 19:58 - 00000000 ____D C:\AMD
2017-04-25 19:51 - 2009-07-14 07:32 - 00000000 ____D C:\WINDOWS\Performance
2017-04-25 19:51 - 2009-07-14 06:45 - 00269296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 19:50 - 2015-08-16 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 19:50 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-25 19:50 - 2015-08-16 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-25 19:48 - 2015-08-16 14:38 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-25 19:48 - 2015-08-16 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-25 19:47 - 2015-08-16 14:20 - 01592628 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-25 19:46 - 2017-02-18 21:03 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-25 19:46 - 2015-08-21 19:42 - 00000000 ____D C:\Program Files\Java
2017-04-25 19:46 - 2015-08-21 19:41 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-25 19:46 - 2015-08-16 14:53 - 00000000 ____D C:\ProgramData\Oracle
2017-04-25 19:46 - 2015-08-16 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-25 19:45 - 2016-01-24 20:58 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-25 19:45 - 2015-10-15 14:00 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-20 15:17 - 2015-09-08 21:03 - 00001194 _____ C:\Users\Lucas\Desktop\nativelog.txt
2017-04-20 15:17 - 2015-08-16 14:33 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\.minecraft
2017-04-19 08:09 - 2016-06-08 19:57 - 00001348 _____ C:\Users\Lucas\Desktop\ROBLOX Player.lnk
2017-04-19 08:09 - 2016-06-08 19:57 - 00001167 _____ C:\Users\Lucas\Desktop\ROBLOX Studio.lnk
2017-04-19 08:09 - 2016-06-08 19:57 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-04-18 15:16 - 2015-08-21 19:39 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\ftblauncher
2017-04-18 15:16 - 2015-08-21 19:39 - 00000000 ____D C:\Users\Lucas\AppData\Local\ftblauncher
2017-04-18 15:16 - 2015-08-21 19:38 - 07662317 _____ C:\Users\Lucas\Downloads\FTB_Launcher.exe
2017-04-17 17:35 - 2009-07-14 07:32 - 00000000 ____D C:\WINDOWS\Downloaded Program Files
2017-04-17 08:24 - 2017-02-27 15:25 - 00000000 ____D C:\Users\Lucas\AppData\Roaming\Audacity
2017-04-16 20:00 - 2015-08-16 13:40 - 00000000 ____D C:\Users\Lucas
2017-04-13 15:33 - 2015-08-27 18:57 - 00007597 _____ C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2017-04-10 19:31 - 2016-04-16 11:41 - 01507720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-04-08 00:06 - 2015-08-16 14:21 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-02 20:31 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-02 14:07 - 2016-06-08 19:57 - 00000252 _____ C:\Users\Lucas\AppData\LocalLow\rbxcsettings.rbx
2017-04-02 11:50 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\rescache
2017-04-01 20:45 - 2016-10-19 19:18 - 00000000 ____D C:\Users\Lucas\AppData\Local\Deployment
2017-04-01 20:45 - 2016-05-20 20:54 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-01 20:39 - 2016-11-17 21:15 - 00000000 ____D C:\WINDOWS\pss
2017-04-01 20:39 - 2009-07-14 06:45 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-01 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\security
2017-03-31 13:32 - 2015-08-16 13:40 - 00001042 _____ C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-02-27 18:33 - 2017-02-27 18:33 - 0000000 ___RH () C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2
2015-08-27 18:57 - 2017-04-13 15:33 - 0007597 _____ () C:\Users\Lucas\AppData\Local\Resmon.ResmonCfg
2017-02-24 20:00 - 2017-02-24 20:00 - 0004110 _____ () C:\ProgramData\kjiixkes.ghp
2017-04-25 20:02 - 2017-04-25 20:02 - 0000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
Einige Dateien in TEMP:
====================
2017-04-25 20:03 - 2017-04-25 20:03 - 1178504 _____ () C:\Users\Lucas\AppData\Local\Temp\AMDCleanupUtility.exe
2017-04-25 20:03 - 2017-04-25 20:03 - 0250248 _____ () C:\Users\Lucas\AppData\Local\Temp\Cleanup.dll
2017-04-25 20:03 - 2017-04-25 20:03 - 0065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\Lucas\AppData\Local\Temp\ddu.exe
2017-04-25 20:03 - 2017-04-25 20:03 - 0414152 _____ (Microsoft Corporation) C:\Users\Lucas\AppData\Local\Temp\difxapi.dll
2017-04-09 20:24 - 2017-04-09 20:26 - 0065536 _____ (Sony DADC Austria AG) C:\Users\Lucas\AppData\Local\Temp\drm_dialogs.dll
2017-04-25 19:45 - 2017-04-25 19:45 - 0739904 _____ (Oracle Corporation) C:\Users\Lucas\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-04-25 20:03 - 2017-04-25 20:03 - 0516096 _____ (Microsoft Corporation) C:\Users\Lucas\AppData\Local\Temp\msvcm80.dll
2017-04-25 20:03 - 2017-04-25 20:03 - 1061376 _____ (Microsoft Corporation) C:\Users\Lucas\AppData\Local\Temp\msvcp80.dll
2017-04-25 20:03 - 2017-04-25 20:03 - 0796672 _____ (Microsoft Corporation) C:\Users\Lucas\AppData\Local\Temp\msvcr80.dll
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is20AA.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is66EC.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is72E0.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_is9E91.exe
2007-02-28 01:08 - 2007-02-28 01:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Lucas\AppData\Local\Temp\_isB451.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-04-26 18:51
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-04-2017
durchgeführt von Lucas (28-04-2017 20:05:34)
Gestartet von C:\Users\Lucas\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-16 11:40:16)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1802964633-906943791-4234860916-500 - Administrator - Disabled)
Gast (S-1-5-21-1802964633-906943791-4234860916-501 - Limited - Disabled)
Lucas (S-1-5-21-1802964633-906943791-4234860916-1000 - Administrator - Enabled) => C:\Users\Lucas
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
ACP Application (Version: 2017.0410.1255.23 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Counter-Strike (HKLM\...\Steam App 10) (Version: - Valve)
Curse Client (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Siedler IV (HKLM-x32\...\S4Uninst) (Version: - )
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
HitFilm 4 Express (HKLM\...\{F8BB3662-69A1-4EF1-8674-ADD90AAD3D08}) (Version: 4.0.5723.10801 - FXHOME)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.1 - LoiLo inc.)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 53.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 de)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
ROBLOX Player for Lucas (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Robocraft (HKLM\...\Steam App 301520) (Version: - Freejam)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\TeamSpeak 3 Client) (Version: 3.1.3 - TeamSpeak Systems GmbH)
TerraTech Demo (HKLM\...\Steam App 313990) (Version: - Payload Studios)
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
The Elder Scrolls IV: Oblivion (HKLM\...\Steam App 22330) (Version: - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Unity Web Player (HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version: - videowinsoft.com)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{05bde6b6-6900-44e5-a477-d7c6cdcd80fa}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1802964633-906943791-4234860916-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lucas\AppData\Local\Roblox\Versions\version-88b966c853f84435\RobloxProxy64.dll (ROBLOX Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2607D0F4-CBC7-40D6-8D09-C3E2F6464555} - System32\Tasks\{1D0C8784-6CAB-495C-9B9A-B77F4B37AA4B} => F:\siedler4\S4.exe [2016-11-20] ()
Task: {262CC4ED-0B8B-4354-8590-3C33737FD1D0} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe [2017-04-10] (Advanced Micro Devices, Inc.)
Task: {26D9BA8F-25C8-4586-8399-BAEBA9E3D688} - System32\Tasks\{DC53BF79-0366-4E11-A053-9977B2D7B645} => F:\Games\Minecraft\MinecraftLauncher.exe [2017-04-12] (Mojang)
Task: {27C095A6-5A9B-444F-95A6-EC016BC559FE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} - \Zejerdomnajuse -> Keine Datei <==== ACHTUNG
Task: {EC2B2C6A-17C0-44B2-A5AE-9E72399DF2C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
Task: {F538A098-6E29-4A26-A22F-72AEAC9DD067} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-04-01] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-16 14:40 - 2012-11-14 09:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-08-16 14:40 - 2012-11-14 09:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-12-13 19:29 - 2013-10-29 14:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-12-13 19:29 - 2012-12-11 12:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-04-25 19:48 - 2017-04-19 07:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libglesv2.dll
2017-04-25 19:48 - 2017-04-19 07:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\libegl.dll
2015-12-13 19:29 - 2013-01-15 18:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-12-13 19:29 - 2011-11-22 15:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2017-04-01 15:27 - 00454348 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15591 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: chip1click => 2
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Lucas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\WINDOWS\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{8F0D51B1-6E4F-4ED7-AFE3-8CF475953E58}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{F27C648F-BE63-4483-95B2-EE348E88E5E2}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{343011D2-133F-4168-9AE2-42FF7C19274A}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [UDP Query User{1F606B6E-74E1-4EF1-B5B2-42E1CBDBC2F4}F:\temp\bin\javaw.exe] => (Block) F:\temp\bin\javaw.exe
FirewallRules: [TCP Query User{3E994D4B-1DCF-4A9F-A0B7-7B5B655BABEB}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{9B5064A8-7450-46FB-9610-02C53E34B6E6}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{E91D8466-26A1-4FA7-AC0B-B20E604783AF}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{24C6D0E3-D6F1-4C08-BB19-0640CC89B55C}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe
FirewallRules: [{5E3925E0-A8A1-4E6F-AEC4-62F64CC12BBB}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7C6D42C3-582F-493C-90AE-C29CFB4B2BC6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8AF1E23E-B86D-477F-A02C-75D3DF2A9D0C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{835DE4FA-FBAA-4B38-AB33-524BB8A24593}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{720DFEB8-BEC5-4A07-A5D3-BC05F8231179}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4620907-2EAE-45A7-904E-EB0459D6657C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAF4B3B4-EAAF-465A-BA1A-D67E34150D3D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DB811861-78CC-4B60-9402-849CDDB5CEFA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C34FC61F-A2B8-46AA-B9D2-0A914EAF844D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7CE60997-A7DF-4B12-B1C3-0E95EF72D609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{463B23BE-389F-4FB0-8DA3-06B8DDA10A6E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{6CCEEF7C-EDFF-4BB7-A15E-36D28A94C69E}C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Block) C:\program files (x86)\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [TCP Query User{80BDBA77-16A7-491E-942D-CDCB4ADB14D5}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [UDP Query User{E8406712-0943-4913-9296-24E7AB4A6525}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_65\bin\javaw.exe
FirewallRules: [{39C213DC-1909-4A88-8C95-27BFFD198A87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3CEC925-1ACD-40E8-8D9C-048CD4324B0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B41B9138-2D17-4DF0-9378-10AB2538E805}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{E9E8F999-777C-43F4-A957-ECECB2927CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{EC14CE79-CDFB-4748-BB4B-B736255DEB16}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BC5C8BBE-FE6C-40C5-ACC6-DBAD17CD93BB}] => (Allow) F:\Games\Star Wars - The Old Republic\launcher.exe
FirewallRules: [TCP Query User{885853C0-B217-445A-943F-23CCF983361B}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{776AB501-65BB-43AA-BB0C-71C4BAD5F19E}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{4735D599-D858-4FE6-A70F-5DECCDA30E41}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [UDP Query User{10E99BFE-0A6B-45D2-B8DE-61031C5D440D}C:\program files\java\jre1.8.0_71\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_71\bin\javaw.exe
FirewallRules: [TCP Query User{640D859B-E927-4317-90E3-DFC1BD6818FF}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2B576BC0-668A-4794-88FD-4D55A5F9E7DB}C:\program files\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{5CF531E9-9500-4555-B6CB-FE54967A4257}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [UDP Query User{6DDA6577-783F-47DB-8680-D7FB26B38291}F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe] => (Allow) F:\games\homm5tote\heroes of might and magic v - tribes of the east\bin\h5_game.exe
FirewallRules: [{0729E4DC-3296-4274-ABAA-21C2626C077E}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{AE0BA52F-256D-41AD-8908-8EE5834EA85F}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{ED64B98B-5816-4AF5-835B-B6B4FD4A7CA0}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{7AF5E95A-CA71-417B-B1BC-4FDFCD6C93C6}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{B752E32A-8251-4E97-869D-57714505F93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{9AE7EEA6-EADD-426E-983B-A106813888F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [TCP Query User{71DC1D5E-B1DF-40E5-82B6-317B1D93FAF0}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [UDP Query User{D75FF60F-82E1-4B76-AE2F-79F1F40D5F17}C:\program files\java\jre1.8.0_77\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\javaw.exe
FirewallRules: [{AE314C7C-AC46-4236-85FC-C67AA8C2DEC8}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{3697F69D-3B9F-423D-9FEC-D9FA5B2FCC8F}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War\GameData\sweaw.exe
FirewallRules: [{EF06CB97-CB20-48B0-8933-465ADFAF9A43}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [{E019FAAE-58F3-4A32-BCB9-CBDEAE1E16C4}] => (Allow) C:\Program Files (x86)\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe
FirewallRules: [TCP Query User{694D11BC-8765-4F6B-A691-D573F146078C}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{00173E86-F589-48D3-ABD3-0F733427CB9D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{4342FDFD-3BD0-44A3-A362-0A03BC5F4D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [{A111308A-39D6-43B2-9364-7C88FBFF419B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Demo\TerraTechWin64.exe
FirewallRules: [TCP Query User{AC051ACD-0C64-4E29-B019-0339E49E95D5}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3837F4A4-70CB-49F4-8010-68A98034D173}F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) F:\games\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{AF795322-AE31-452A-BAE6-8EB22F983C30}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{6A885944-C52F-43D5-AC7B-3FDAF2387260}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{8E8E12AB-6874-4E3E-B6AE-06D5DE6854F3}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [UDP Query User{41285C5B-CE1D-4C73-91D7-5586D7DE5CF1}C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war forces of corruption\swfoc.exe
FirewallRules: [TCP Query User{C2EE438D-421F-4E7D-89E3-5BD4A20CD02B}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{2A8DA712-DA0A-47E0-9726-C197639A09C6}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{D2BC5687-9C9A-4C20-8346-D3BCF3552F04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{B4BE0EE2-B352-4138-8C28-F8A8121A30A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [TCP Query User{D7555D66-1BA9-4F8F-B550-A0E17BDF9158}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{0B8B668E-4969-41F7-A923-FD7D25584BFB}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{FF525BD8-44A9-4581-969D-73359A9248B0}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [UDP Query User{009BA7F1-CAB4-457B-A544-49F8A9409C67}C:\bluebyte\die siedler iv\exe\s4_main.exe] => (Allow) C:\bluebyte\die siedler iv\exe\s4_main.exe
FirewallRules: [{3590D940-0A34-4005-9312-0D0FDC4BFABF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4D4F75AB-1FE6-42CF-942D-0142FC1D97BD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B8913806-0507-4786-A257-F862C60FA864}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{EB9834F1-523A-47B1-83B9-68F9D1E78774}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{16093E6A-A8C2-423B-92BF-A8D5CE68F989}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{D3B7646B-8A36-463B-AFC4-C9C22A6F2593}] => (Allow) F:\Games\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [TCP Query User{268CC1A0-4DBF-4BFC-BABA-23B5003B20D6}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{C972DEBB-6942-4AD9-B099-85F247905DAA}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{CBA946D8-8DED-4D6B-AF41-A2E21C252871}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{7D8A49C8-F108-4E35-A8CB-0FEF7BBA6162}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{499A58FD-B2AA-483D-B19C-0413C078FC98}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{FF0231BD-E16D-44C3-ACDA-5B70E8F652B3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{DBEAC1FD-6417-4654-A67F-860DF9ED40A3}C:\program files\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{9B0B0CF3-7238-460B-B6CD-BC0F9F190AF0}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{4E015EA8-D69E-4AA7-BF27-7EE5A4315884}F:\games\overwatch\overwatch.exe] => (Allow) F:\games\overwatch\overwatch.exe
FirewallRules: [TCP Query User{10D61C6A-9695-4FC9-AAE6-A524F9B7DF96}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [UDP Query User{94A3D65B-14C9-4B30-9953-5ABFE9259F5F}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe] => (Allow) C:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe
FirewallRules: [{F70DF336-25B1-4441-B8B0-2D5A43CD477C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC91F95F-DC6A-4860-AABF-6D445CFE810F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC2E5E62-AC61-4D3D-9F59-48EAD6D8D808}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
25-04-2017 20:06:22 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123
26-04-2017 18:19:15 Revo Uninstaller's restore point - Spybot - Search & Destroy
26-04-2017 19:45:53 Malwarebytes Anti-Rootkit Restore Point
27-04-2017 18:53:53 JRT Pre-Junkware Removal
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/27/2017 07:04:58 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:04:41 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:04:34 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:04:28 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:04:04 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:03:55 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:03:48 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:03:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:03:31 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (04/27/2017 07:03:25 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Systemfehler:
=============
Error: (04/28/2017 08:04:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/28/2017 08:04:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/27/2017 06:53:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Origin Web Helper Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/27/2017 06:53:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Origin Web Helper Service erreicht.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ACP User Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/27/2017 06:52:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 8150.86 MB
Verfügbarer physikalischer RAM: 5970.41 MB
Summe virtueller Speicher: 16299.9 MB
Verfügbarer virtueller Speicher: 13921.32 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:19.64 GB) NTFS
Drive d: () (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (EAWG_1D) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
Drive f: (Speicherort) (Fixed) (Total:931.51 GB) (Free:646.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: A8DC378B)
Partition 1: (Active) - (Size=100 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AAF3711E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Grolltar |
|
28.04.2017, 19:35
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-27] <==== ACHTUNG
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
HKU\S-1-5-18\...\Run: [] => [X]
BootExecute: autocheck autochk * sdnclean64.exe
C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2
C:\ProgramData\kjiixkes.ghp
Task: {CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} - \Zejerdomnajuse -> Keine Datei <==== ACHTUNG
hosts:
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2017, 20:02
| #12 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Nabend, das ging aber fix. Hier das Fixlog. Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-04-2017
durchgeführt von Lucas (28-04-2017 20:59:25) Run:1
Gestartet von C:\Users\Lucas\Desktop
Geladene Profile: Lucas (Verfügbare Profile: Lucas)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CHR Profile: C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-27] <==== ACHTUNG
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
HKU\S-1-5-18\...\Run: [] => [X]
BootExecute: autocheck autochk * sdnclean64.exe
C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2
C:\ProgramData\kjiixkes.ghp
Task: {CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} - \Zejerdomnajuse -> Keine Datei <==== ACHTUNG
hosts:
emptytemp:
*****************
C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\ChromeDefaultData => erfolgreich verschoben
HKU\S-1-5-21-1802964633-906943791-4234860916-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => Wert erfolgreich entfernt
C:\Program Files\Common Files\AV\Spybot - Search and Destroy => erfolgreich verschoben
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wert erfolgreich wiederhergestellt
C:\Users\Lucas\AppData\Roaming\37d7133dd918aff24c52b4f4f8b5c53b2 => erfolgreich verschoben
C:\ProgramData\kjiixkes.ghp => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFBF5BB6-1BF9-4B7D-9504-78034AB4DF67} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Zejerdomnajuse => Schlüssel erfolgreich entfernt
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12152281 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 23460710 B
Edge => 0 B
Chrome => 279102133 B
Firefox => 232665391 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 70632 B
LocalService => 66228 B
NetworkService => 9350072 B
Lucas => 1246996634 B
RecycleBin => 73225898 B
EmptyTemp: => 1.8 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 20:59:32 ====
Grolltar |
|
28.04.2017, 20:05
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: Malwarebytes Version 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
2. Schritt: ESET ESET Online Scanner
3. Schritt: SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2017, 09:45
| #14 |
| | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf Hi Cosinus, so Aufgabe erledigt. Hier die Logs: 1. MBAM V3 Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 28.04.17
Scan-Zeit: 21:11
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.103
Version des Aktualisierungspakets: 1.0.1832
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lucas-PC\Lucas
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 339480
Abgelaufene Zeit: 3 Min., 4 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3e074d8974e93045b2c9c7350aadc187
# end=init
# utc_time=2017-04-28 07:49:01
# local_time=2017-04-28 09:49:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 33211
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3e074d8974e93045b2c9c7350aadc187
# end=updated
# utc_time=2017-04-28 07:52:04
# local_time=2017-04-28 09:52:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3e074d8974e93045b2c9c7350aadc187
# engine=33211
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-04-28 09:06:03
# local_time=2017-04-28 11:06:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 12551131 116397557 0 0
# scanned=337362
# found=3
# cleaned=0
# scan_time=4439
sh=85A0D588502634CA19075E1A2916FA4535C1969E ft=1 fh=c926e29312972a12 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Lucas\Downloads\Steam - CHIP-Installer.exe"
sh=CD0E90BEB662D104CD88A6ECFC82B01EE4F42F3F ft=1 fh=8a6f8b91542ab3cc vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Lucas\Downloads\The Powder Toy - CHIP-Installer.exe"
sh=1D8B5A732F39E94BADE5746D36CB6647582D6362 ft=0 fh=0000000000000000 vn="Win32/Adware.Hicosmea.I Anwendung" ac=I fn="C:\Windows\Installer\83009.msi"
Code:
ATTFilter Results of screen317's Security Check version 1.009 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Malwarebytes Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 131 Java version 32-bit out of Date! Mozilla Firefox (53.0) Google Chrome (58.0.3029.81) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Viele Grüße Grolltar |
|
29.04.2017, 09:48
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder aufZitat:
Die verarschen ihre Kunden aus reiner Profitgier. Siehe auch http://www.trojaner-board.de/168364-...mpfehlung.html und CHIP-Installer - was ist das? - Anleitungen FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Lucas\Downloads\*CHIP-Installer.exe
C:\Windows\Installer\83009.msi
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7 Professional - Trojaner entfernt, taucht aber immer wieder auf |
| browser, desktop, entfernen, explorer, firefox, folge, install.exe, internet, internet explorer, log, löschen, microsoft, mozilla, neustart, rechner, seite, software, startseite, system32, temp, tmp, trojaner, trojaner board, updates, websites, windows |
dann auf 
und dann auf 
. 
Linear-Darstellung
