| |
| |||||||
Log-Analyse und Auswertung: cloudfront.net und anderes entfernt - Ist jetzt alles sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.05.2017, 19:40
| #1 |
 |  cloudfront.net und anderes entfernt - Ist jetzt alles sauber? Hallo nochmal, (Zweiter Versuch, da der erste Beitrag scheinbar nicht geklappt hat) Ich habe hier nach der Anleitung den cloudfront.net Virus entfernt: http://www.trojaner-board.de/148787-...entfernen.html Ich hatte vorher immer wieder Malware-Funde bei MBAM, deswegen diese ganze Aktion. Ich habe Windows 10 Pro x64, Malwarebytes Anti Malware Free (Noch als Premium Trial) und Avast Free. Die frage ist, ob mein Rechner jetzt sauber ist, oder ob ich noch mehr machen muss. Hier die ganzen Logs mit Funden in chronologischer Reihenfolge: AdwCleaner: Code:
ATTFilter # AdwCleaner v6.047 - Bericht erstellt am 30/05/2017 um 10:15:38
# Aktualisiert am 19/05/2017 von Malwarebytes
# Datenbank : 2017-05-26.6 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : ***** - DESKTOP-NEE8C9I
# Gestartet von : D:\Downloads\adwcleaner_6.047__1_.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support
***** [ Dienste ] *****
Keine schädlichen Dienste gefunden.
***** [ Ordner ] *****
Ordner Gefunden: C:\Users\*****\AppData\Roaming\aMule
Ordner Gefunden: C:\ProgramData\vCore
Ordner Gefunden: C:\Program Files (x86)\VLC UPDATER
Ordner Gefunden: C:\Users\*****\AppData\Roaming\Firefox
Ordner Gefunden: C:\Users\*****\AppData\Local\Firefox
Ordner Gefunden: C:\ProgramData\BIT
***** [ Dateien ] *****
Datei Gefunden: C:\END
Datei Gefunden: C:\Users\Public\Documents\temp.dat
Datei Gefunden: C:\Users\Public\Documents\report.dat
***** [ DLL ] *****
Keine infizierten DLLs gefunden.
***** [ WMI ] *****
Keine schädlichen Schlüssel gefunden.
***** [ Verknüpfungen ] *****
Keine infizierten Verknüpfungen gefunden.
***** [ Aufgabenplanung ] *****
Aufgabe Gefunden: Qhtherberile
Aufgabe Gefunden: Microsoft\Windows\Media Center\VCore
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
Schlüssel Gefunden: HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Software\VideoBox
Schlüssel Gefunden: HKCU\Software\VideoBox
Schlüssel Gefunden: HKLM\SOFTWARE\ScreenShot
Schlüssel Gefunden: HKLM\SOFTWARE\msServer
Schlüssel Gefunden: HKLM\SOFTWARE\Dayglad
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{59B5A9CD-253D-4C41-A073-B387D4C9672D}
Schlüssel Gefunden: [x64] HKCU\Software\VideoBox
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\InterSect Alliance
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-632498878-1310639711-2934333010-1001\Products\9E2C7D317E80988449FF787E7081E435
Wert Gefunden: HKU\S-1-5-21-632498878-1310639711-2934333010-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [VLC Updater]
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Wert Gefunden: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [BIT]
***** [ Internetbrowser ] *****
Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2683 Bytes] - [30/05/2017 10:15:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2756 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by ***** (Administrator) on 30.05.2017 at 10:32:29,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 4
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\extensions\trash (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_***** (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_*****.job (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2017 at 10:33:46,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter C:\Insist\nne.pwb Variante von Win32/Adware.ELEX.NL Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\5af10c005214dd08f47949cd530a94d1[1] Win32/Adware.ELEX.OQ Anwendung
D:\Downloads\IObit Uninstaller - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
D:\Downloads\PDF24 Creator - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
G:\DESKTOP-NEE8C9I\Backup Set 2016-08-25 235255\Backup Files 2016-08-25 235255\Backup files 9.zip Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
G:\DESKTOP-NEE8C9I\Backup Set 2016-09-12 110409\Backup Files 2016-09-12 110409\Backup files 9.zip Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\background_fault\bf (2017_05_06 16_44_53 UTC).dll Variante von Win32/Adware.ELEX.QJ Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CSHMDR\Snare (2017_05_18 18_13_01 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CSHMDR\Snare (2017_05_18 23_25_39 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\CWASRE\Snare (2017_05_16 09_41_08 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\cache2\entries\48F911975B9356E821A9ACD3201E206B97ADA600 (2017_05_10 17_47_37 UTC) Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\edabkpso.default\cache2\entries\6A9BA8FBC8B47DDD2C13589459B37392373B7BD5 (2017_02_25 22_39_40 UTC) HTML/Refresh.BC Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\edabkpso.default\cache2\entries\F1584D7E4BF342407D91F81A8280B9D0F4923C35 (2017_02_25 22_39_40 UTC) HTML/Refresh.BC Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\SNARE\Snare (2017_04_28 15_25_47 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\SNARE\Snare (2017_05_01 18_36_30 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\@rdC7B (2017_05_18 15_25_27 UTC).tmp Variante von Win32/Adware.ELEX.QK Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\trotux (2017_02_25 22_39_40 UTC).msi Variante von Win32/Adware.ELEX.HD Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\videobox (2017_02_25 22_39_40 UTC).exe Variante von Win32/Adware.OxyPumper.BD Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk67FB (2017_04_28 15_25_47 UTC).tmp Variante von Win32/Adware.ELEX.OA Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk67FC (2017_04_28 15_25_47 UTC).tmp Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bk6C78 (2017_04_12 13_38_40 UTC).tmp Variante von Win32/Adware.ELEX.KX Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bkF08E (2017_05_11 17_26_35 UTC).tmp Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\~bkF08F (2017_05_11 17_26_35 UTC).tmp Mehrere Bedrohungen
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\Temp\0\SSS (2017_04_28 15_25_47 UTC).dll Variante von Win32/Adware.ELEX.OA Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\VNASRE\Snare (2017_05_10 17_47_37 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Local\WANARE\Snare (2017_05_05 22_11_17 UTC).dll Variante von Win64/Snarasite.F Trojaner
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Roaming\WinSAPSvc\WinSAP (2017_05_16 09_41_08 UTC).dll Variante von Win32/Adware.ELEX.QM Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\C\Users\*****\AppData\Roaming\WinSAPSvc\WinSAP (2017_05_18 15_25_27 UTC).dll Variante von Win32/Adware.ELEX.QM Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\D\Downloads\IObit Uninstaller - CHIP-Installer (2017_05_10 15_43_12 UTC).exe Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
H:\FileHistory\*****\DESKTOP-NEE8C9I\Data\D\Downloads\PDF24 Creator - CHIP-Installer (2016_09_12 17_53_17 UTC).exe Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
durchgeführt von ****** (Administrator) auf DESKTOP-NEE8C9I (30-05-2017 19:35:12)
Gestartet von D:\Downloads
Geladene Profile: ****** (Verfügbare Profile: ******)
Platform: Windows 10 Pro Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Electronic Arts) D:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCDBLog.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Skype Technologies S.A.) D:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Fortinet Inc.) D:\Program Files (x86)\Fortinet\FortiClient\FortiTray.exe
(AVAST Software s.r.o.) D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1302.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files\WindowsApps\ZattooEuropaAG.ZattooLiveTV_4.5.107.0_x64__cwpjhwd4pd0ma\Zattoo.exe
(Hewlett-Packard) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(freenet TV Player) D:\Program Files (x86)\freenet TV Player\freenet TV Player.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4708016 2016-07-30] (VIA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-04] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-05-14] ()
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-11] (Piriform Ltd)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [World of Tanks] => D:\Program Files (x86)\World of Tanks\WargamingGameUpdater.exe [3135752 2017-02-28] (Wargaming.net)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2088832 2016-12-22] (Sony)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-632498878-1310639711-2934333010-1001\...\Run: [Skype] => D:\Program Files (x86)\Skype\Phone\Skype.exe [27716568 2017-05-04] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-04] (AVAST Software)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2017-05-12]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeter.exe (VB-AUDIO Software)
GroupPolicy: Beschränkung <======= ACHTUNG
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4beea3e3-899f-4d05-a6a5-2d83c6087d76}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c7978f4d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-632498878-1310639711-2934333010-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> D:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 0ksa54iq.default-1493836180353
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 [2017-05-30]
FF Homepage: Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353 -> about:home
FF Extension: (I don't care about cookies) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-05-03]
FF Extension: (Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\0ksa54iq.default-1493836180353\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-05-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-09-26] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @FortinetCacheClean -> D:\Program Files (x86)\Fortinet\FortiClient\npccplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetCacheCleanEx -> D:\Program Files (x86)\Fortinet\FortiClient\npccpluginex.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> D:\Program Files (x86)\Fortinet\FortiClient\nptcplugin.dll [2017-03-08] (Fortinet Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\firefox.js [2017-02-25]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R3 aswbIDSAgent; D:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-04] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R2 FA_Scheduler; D:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe [119826 2017-03-08] (Fortinet Inc.) [Datei ist nicht signiert]
R3 hpqcxs08; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [254824 2011-04-29] (Hewlett-Packard Co.)
R2 hpqddsvc; D:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [138600 2011-04-29] (Hewlett-Packard Co.)
R2 IObitUnSvr; D:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-31] () [Datei ist nicht signiert]
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-09-30] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-09-30] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1326408 2017-05-14] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-20] (Microsoft Corporation)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies)
R2 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [27768 2016-07-30] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-04] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
S3 fortiapd; C:\WINDOWS\System32\drivers\fortiapd.sys [18000 2017-03-08] (Fortinet Inc)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [45792 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\WINDOWS\System32\drivers\FortiFW2.sys [37456 2017-03-08] (Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [147536 2017-03-08] (Fortinet Inc)
S3 fortisniff; C:\WINDOWS\System32\drivers\fortisniff2.sys [85072 2017-03-08] (Fortinet Inc)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [71928 2015-08-26] (Fortinet Inc)
S3 ggsomc; C:\WINDOWS\System32\drivers\ggsomc.sys [30424 2016-10-05] (Sony Mobile Communications)
R3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2017-05-06] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-30] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-30] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 pppop; C:\WINDOWS\System32\drivers\pppop64.sys [54344 2016-03-29] (Fortinet Inc.)
S3 RTL2831UBDA; C:\WINDOWS\system32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\WINDOWS\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 VBAudioVMVAIOMME; C:\WINDOWS\system32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2017-05-12] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-30 19:34 - 2017-05-30 19:35 - 00000000 ____D C:\FRST
2017-05-30 18:51 - 2017-05-30 18:51 - 00009628 _____ C:\Users\******\Desktop\ESET Bericht.txt
2017-05-30 10:35 - 2017-05-30 10:35 - 00000000 ____D C:\Program Files (x86)\ESET
2017-05-30 10:33 - 2017-05-30 10:33 - 00000903 _____ C:\Users\******\Desktop\JRT.txt
2017-05-30 10:29 - 2017-05-30 10:29 - 00001834 _____ C:\Users\******\Desktop\sc-cleaner.txt
2017-05-30 10:14 - 2017-05-30 10:23 - 00000000 ____D C:\AdwCleaner
2017-05-29 17:28 - 2017-05-29 18:58 - 00000000 ____D C:\Users\******\AppData\Roaming\EndNote
2017-05-29 12:43 - 2017-05-29 12:43 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-27 11:34 - 2017-05-27 11:34 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-22 11:55 - 2017-05-22 11:55 - 00001236 _____ C:\Users\******\Desktop\Firefox.lnk
2017-05-19 13:12 - 2017-05-30 16:28 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 13:12 - 2017-05-30 10:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 13:12 - 2017-05-19 13:12 - 00000974 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 13:12 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 12:31 - 2017-05-19 12:31 - 00000000 ____D C:\Users\******\AppData\Local\Macromedia
2017-05-18 16:44 - 2017-05-19 12:43 - 00003475 _____ C:\Users\******\AppData\Roaming\go00001.bak
2017-05-18 13:56 - 2017-05-18 13:56 - 00000000 ____D C:\Users\******\AppData\Local\PeerDistRepub
2017-05-17 22:55 - 2017-05-17 22:55 - 00002642 _____ C:\Users\Public\Desktop\Skype.lnk
2017-05-17 22:55 - 2017-05-17 22:55 - 00000000 ____D C:\Program Files (x86)\Skype
2017-05-17 12:54 - 2017-05-30 19:12 - 00000000 ____D C:\Users\******\AppData\LocalLow\Mozilla
2017-05-17 11:29 - 2017-05-17 11:29 - 00000000 ____D C:\Users\******\AppData\Roaming\Sun
2017-05-17 11:24 - 2017-05-29 09:13 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\******\AppData\Local\VirtualStore
2017-05-17 11:24 - 2017-05-17 11:24 - 00000000 ____D C:\Users\******\AppData\Local\DBG
2017-05-16 12:58 - 2017-05-16 12:58 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2017-05-12 16:14 - 2017-05-12 16:14 - 00000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll.backup
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2017-05-12 14:50 - 2017-05-30 01:55 - 00004421 _____ C:\Users\******\AppData\Roaming\VoiceMeeterDefault.xml
2017-05-12 14:46 - 2017-05-12 14:46 - 00041192 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vbaudio_vmvaio64_win7.sys
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files\VB
2017-05-12 14:46 - 2017-05-12 14:46 - 00000000 ____D C:\Program Files (x86)\VB
2017-05-12 14:05 - 2017-05-12 14:05 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-12 14:05 - 2017-05-12 14:05 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-12 14:05 - 2017-05-12 14:05 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-12 14:05 - 2017-05-12 14:05 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-12 14:05 - 2017-05-12 14:05 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-12 14:04 - 2017-05-12 14:04 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01452960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-12 14:04 - 2017-05-12 14:04 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-12 14:04 - 2017-05-12 14:04 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-12 14:04 - 2017-05-12 14:04 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-12 14:04 - 2017-05-12 14:04 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-12 14:04 - 2017-05-12 14:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-12 14:04 - 2017-05-12 14:04 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-12 14:04 - 2017-05-12 14:04 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-12 14:02 - 2017-05-12 13:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-12 14:01 - 2017-05-12 14:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-12 13:23 - 2017-05-12 13:23 - 00000020 ___SH C:\Users\******\ntuser.ini
2017-05-12 13:19 - 2017-05-30 10:30 - 02803596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-12 13:16 - 2017-05-12 13:17 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-12 13:15 - 2017-05-30 10:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-12 13:15 - 2017-05-12 13:25 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-12 13:15 - 2017-05-12 13:15 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00003392 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469838226
2017-05-12 13:15 - 2017-05-12 13:15 - 00003332 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-05-12 13:15 - 2017-05-12 13:15 - 00002942 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-05-12 13:15 - 2017-05-12 13:15 - 00002668 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2017-05-12 13:15 - 2017-05-12 13:15 - 00002254 _____ C:\WINDOWS\System32\Tasks\{3B57F17C-6AA3-4C62-82EB-0F2C06B4EF12}
2017-05-12 13:15 - 2017-05-12 13:15 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\R@1n-KMS
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-05-12 13:15 - 2017-05-12 13:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-05-12 13:10 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-12 13:10 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-12 13:09 - 2017-05-30 14:46 - 00000000 ____D C:\Users\******
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Vorlagen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Startmenü
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Netzwerkumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Lokale Einstellungen
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Eigene Dateien
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Druckumgebung
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Local\Verlauf
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\AppData\Local\Anwendungsdaten
2017-05-12 13:09 - 2017-05-12 13:09 - 00000000 _SHDL C:\Users\******\Anwendungsdaten
2017-05-12 13:09 - 2016-12-29 14:44 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 02477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-12 13:09 - 2016-12-29 14:44 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-12 13:09 - 2016-12-19 09:26 - 07651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-12 13:08 - 2017-05-25 08:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-12 13:08 - 2017-05-13 13:23 - 00390432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-05-12 13:08 - 2017-05-12 13:08 - 00000000 ____D C:\Program Files\VIA
2017-05-11 18:06 - 2017-05-11 18:06 - 00001100 _____ C:\Users\******\Desktop\TWD Staffel 7 - Verknüpfung.lnk
2017-05-11 17:48 - 2017-05-17 11:23 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-11 01:10 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 15:25 - 2017-05-10 15:25 - 00000000 ____D C:\Users\******\AppData\Local\UNP
2017-05-10 11:24 - 2017-05-10 11:24 - 00001252 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk
2017-05-09 19:10 - 2017-05-09 19:10 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-05-09 19:09 - 2017-05-12 13:13 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-09 19:09 - 2017-05-09 19:11 - 00000000 ____D C:\Program Files\UNP
2017-05-09 18:10 - 2017-05-09 18:12 - 00000000 ____D C:\Users\******\AppData\Roaming\IObit
2017-05-09 18:10 - 2017-05-09 18:10 - 00000000 ____D C:\Users\******\AppData\LocalLow\IObit
2017-05-09 18:09 - 2017-05-09 18:09 - 00000000 ____D C:\Users\******\AppData\Local\Downloaded Installations
2017-05-09 17:25 - 2017-05-11 18:06 - 00016896 ___SH C:\Users\******\Desktop\Thumbs.db
2017-05-09 17:06 - 2017-05-09 17:06 - 00001402 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.exe - Verknüpfung.lnk
2017-05-09 16:55 - 2017-05-09 16:55 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
2017-05-06 14:41 - 2017-05-17 11:26 - 00000831 _____ C:\Users\Public\Desktop\freenet TV Player.lnk
2017-05-06 14:41 - 2017-05-17 11:25 - 00000000 ____D C:\Users\******\AppData\Roaming\freenet TV Player
2017-05-06 14:41 - 2017-05-06 14:41 - 00098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbk.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-05-06 14:41 - 2017-05-06 14:41 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusb0.sys
2017-05-05 17:47 - 2017-05-05 17:47 - 00000000 ____D C:\Users\******\AppData\Local\Bluestacks
2017-05-05 17:46 - 2017-05-05 17:50 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-05-04 10:44 - 2017-05-04 10:44 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-05-03 18:39 - 2017-05-03 18:39 - 00000000 ____D C:\Program Files (x86)\IIS
2017-05-03 18:38 - 2017-05-03 18:38 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-05-30 19:25 - 2016-07-30 23:50 - 00000000 ____D C:\Users\******\AppData\Roaming\Skype
2017-05-30 10:30 - 2017-03-20 06:41 - 01325726 _____ C:\WINDOWS\system32\perfh007.dat
2017-05-30 10:30 - 2017-03-20 06:41 - 00315848 _____ C:\WINDOWS\system32\perfc007.dat
2017-05-30 10:25 - 2016-08-01 15:52 - 00000000 ____D C:\Users\******\AppData\Local\Overwolf
2017-05-30 10:23 - 2017-03-18 13:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-30 09:51 - 2016-07-30 10:49 - 00202476 _____ C:\WINDOWS\hpoins14.dat
2017-05-30 09:49 - 2015-10-30 09:24 - 00000127 _____ C:\WINDOWS\win.ini
2017-05-29 12:43 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-29 12:42 - 2016-07-30 00:25 - 00000000 ____D C:\Users\******\AppData\Roaming\Adobe
2017-05-29 09:12 - 2016-07-30 00:25 - 00000000 ____D C:\Users\******\AppData\Local\Packages
2017-05-28 23:52 - 2016-08-01 15:54 - 00000000 ____D C:\Users\******\AppData\Roaming\TS3Client
2017-05-27 11:35 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-27 11:33 - 2016-08-01 04:01 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-27 11:18 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-24 12:41 - 2016-07-30 10:20 - 00000000 ____D C:\Users\******\AppData\Roaming\vlc
2017-05-23 12:08 - 2016-07-31 00:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 12:06 - 2016-07-31 00:14 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-21 21:09 - 2016-07-30 00:27 - 00000000 ____D C:\Users\******\AppData\Local\Comms
2017-05-19 15:14 - 2017-04-26 16:23 - 00000000 ____D C:\Insist
2017-05-18 09:40 - 2017-03-30 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-05-18 09:40 - 2016-07-30 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-17 12:54 - 2016-07-30 00:32 - 00000000 ____D C:\Users\******\AppData\Roaming\Mozilla
2017-05-17 11:26 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-17 11:23 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\security
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-05-17 11:23 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-17 11:23 - 2016-07-30 00:31 - 00000000 ____D C:\Users\******\AppData\Local\MicrosoftEdge
2017-05-17 11:23 - 2014-04-09 23:47 - 00000000 ____D C:\temp
2017-05-16 11:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-16 11:30 - 2016-08-01 16:00 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-05-12 22:44 - 2016-07-30 02:21 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-05-12 16:14 - 2017-03-18 22:58 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2017-05-12 16:14 - 2017-03-18 22:58 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2017-05-12 14:07 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-12 14:05 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-12 13:25 - 2016-07-30 00:28 - 00002428 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-12 13:24 - 2016-09-30 09:57 - 00000000 ____D C:\Users\******\AppData\Local\ConnectedDevicesPlatform
2017-05-12 13:23 - 2016-04-27 07:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-12 13:18 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-05-12 13:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-12 13:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-12 13:15 - 2017-03-20 06:43 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-12 13:15 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-12 13:15 - 2016-09-30 09:54 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-12 13:13 - 2016-08-01 16:00 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2017-05-12 13:13 - 2016-08-01 15:17 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-05-12 13:13 - 2016-08-01 03:10 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-05-12 13:13 - 2016-07-30 01:42 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-12 13:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-05-12 13:11 - 2016-07-30 00:21 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-05-12 13:10 - 2017-02-11 12:11 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-05-12 13:10 - 2016-07-30 02:08 - 00000000 ____D C:\Program Files\Intel
2017-05-12 13:10 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-05-12 13:09 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-08 12:53 - 2016-09-26 01:02 - 00000735 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-05 15:12 - 2017-02-05 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-04 10:44 - 2017-03-02 21:09 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-05-04 10:44 - 2017-03-02 21:09 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-05-04 10:44 - 2016-07-30 02:22 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-05-04 10:44 - 2016-07-30 02:21 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-05-03 18:37 - 2017-04-28 16:48 - 00000000 _____ C:\WINDOWS\SysWOW64\11
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-05-18 16:44 - 2017-05-19 12:43 - 0003475 _____ () C:\Users\******\AppData\Roaming\go00001.bak
2017-05-12 14:50 - 2017-05-30 01:55 - 0004421 _____ () C:\Users\******\AppData\Roaming\VoiceMeeterDefault.xml
2016-08-01 04:09 - 2016-08-01 04:09 - 0000042 _____ () C:\Users\******\AppData\Roaming\WB.CFG
2017-04-05 20:20 - 2017-04-05 20:20 - 0007602 _____ () C:\Users\******\AppData\Local\Resmon.ResmonCfg
2016-07-30 10:49 - 2017-05-30 09:51 - 0008122 _____ () C:\ProgramData\hpzinstall.log
2017-05-16 11:32 - 2017-05-16 12:58 - 0003475 _____ () C:\ProgramData\_MC000001.bak
Einige Dateien in TEMP:
====================
2017-05-29 17:25 - 2013-04-24 20:16 - 0250080 _____ (Thomson Reuters) C:\Users\******\AppData\Local\Temp\Risweb32.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-05-22 14:04
==================== Ende von FRST.txt ============================
Addition.txt hat nicht mehr gepasst, ist deswegen im Anhang MfG uxel Geändert von uxel (30.05.2017 um 19:43 Uhr) Grund: Anhang |
| Themen zu cloudfront.net und anderes entfernt - Ist jetzt alles sauber? |
| administrator, adobe, adware, antivirus, avast, browser, defender, dll, explorer, flash player, frage, google, homepage, infizierte, malware, mozilla, msascuil.exe, nvidia, pdf, prozesse, realtek, server, services.exe, software, svchost, trojaner, virus, windows, windowsapps, wmi |
Baum-Darstellung