Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Plagegeister aller Art und deren Bekämpfung: Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 25.07.2017, 13:27   #16
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Scan Finished: No malware found!


hxxp://www.trojaner-board.de/attachment.php?attachmentid=80715&stc=1&d=1500985589
Miniaturansicht angehängter Grafiken
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!-mbar-scan1707251524.jpg  

Alt 25.07.2017, 13:37   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Auman, warum macht denn JEDER jetz tdavon Screenshots......issen das so schwieirg das Log herauszukopieren
__________________

__________________
Alt 25.07.2017, 16:22   #18
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Nein wäre es nicht.

Code:
ATTFilter
Es wäre auch kein problem das Log als Code einzufügen.
Voraussetzung wäre allerdings, das es ein Log gibt.
mbar meldet - "es gibt keine Funde".
Also erstellt mbar auch kein LOGfile"

Und damit du das siehst, habe ich das als jpg gepostet.

WIe sonst hätte ich es, nicht nur schreiben sondern, zeigen können?

-------------------------------------------------------------------------------------------------
Ich verstehe es nicht ganz.

Natürlich ersuche ich hier Hilfe und daher möchte und werde ich auch nicht großartig rumdiskutieren.
Aber ich verstehe es nicht ganz.

Am Anfang hast du mich beschossen, weil ich mich nicht klar und deutlich artizukulieren wusste.
Obwohl dies so nicht stimmte. Ich hatte klar und deutlich geschrieben: "NACH dem Aufspielens des Backups"

Jetzt wieder ein Missverständnis. Ich habe mich versucht klar zu artikulieren indem ich vor der jpg schrieb:
"Scan Finished: No malware found!" !
ich kannte das mbar vorher nicht. Aber es hat eben udU kein LOG erstellt.

Was hätte ich tun sollen? ein LOG selbst schreiben?
Ich suche Hilfe. Keine Angriffe aufgrund von, durch mich höchstens zu 50%, verursachte Missverständnisse.
Es ist ausreichend bekannt, dass es sehr schwer ist, sich ausschließlich mit Text vollumfänglich verständlich auszudrücken.

Daher sollten wir alle vorsichtig damit umgehen was wir wie schreiben, mit unseren emotional gesteuerten Meinungen und/oder was wir wie lesen.
Vielleicht lese/interpretiere ich das von dir geschrieben ja auch nur falsch.
__________________
Geändert von Codo der III (25.07.2017 um 17:02 Uhr) Grund: Nachtrag.

Alt 25.07.2017, 19:57   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Selbstverständlich muss man MVAR auch komplett durchlaufen lassen und auf EXIT klicken.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2017, 12:13   #20
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Ich habe es durchlaufen lassen bis genau dieses Bild erschien welches ich postete
(Scan Finished: No malware found!)

Auch, habe ich anschliessend EXIT ausgewählt.
UND den Ordner (Desktop) nach einer LOGFILE abgesucht.
DANN erst, habe ich #16 gepostet.

NUN, ich werde MVAR einfach nochmals laufen lassen.


Alt 26.07.2017, 12:21   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Icon30

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Zitat:
NUN, ich werde MVAR einfach nochmals laufen lassen.


Einfach das alte Log zu posten wäre auch wohl zu einfach ... Das Tool wird im erstellten Ordner ...
__________________
--> Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!

Alt 26.07.2017, 13:03   #22
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


HIIIIIIIIIIIIIMEL ARSCH und Zwirn (so flucht man in der Pfalz :-)

Es gab keine LOG!!!

OK, warum? Keine Ahnung. jedensfall konntee ich feststellen, dass die mbar-1.09.3.1001.exe
beim ersten Versuch kein Verzeichnis erstellt hat und direkt gestartet ist.
Glaubs oder glaubs nich.

Nun beim zweiten Versuch hat die mbar-1.09.3.1001.exe zuerst ein Verzeichnis erstellt und ist dann gestartet.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.07.26.03
  rootkit: v2017.05.27.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18739
Codo der III :: PC-PC [administrator]

26.07.2017 14:25:21
mbar-log-2017-07-26 (14-25-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 414162
Time elapsed: 32 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Alt 26.07.2017, 14:02   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



1. Schritt: adwCleaner v7

Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass adwCleaner so konfiguriert ist, wie auf dem folgendem Screenshot abgebildet:




  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2017, 10:56   #24
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Code:
ATTFilter
# AdwCleaner 7.0.0.0 - Logfile created on Wed Jul 26 14:14:59 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 8.1 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Driver Booster Scheduler


***** [ Registry ] *****

Deleted: [Value] - HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run|Updater
Deleted: [Value] - HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Updater


***** [ Firefox (and derivatives) ] *****

Plugin deleted: Xmarks - Todd Agulnick
Plugin deleted: Xmarks - Todd Agulnick
Plugin deleted: Xmarks - Todd Agulnick
Plugin deleted: Xmarks - Todd Agulnick
Plugin deleted: Avira SafeSearch Plus - Avira


***** [ Chromium (and derivatives) ] *****

Plugin deleted: Avira SafeSearch Plus - 
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: AOL - aol.com
SearchProvider deleted: Ask - ask.com
SearchProvider deleted: Ask - ask.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1846 B] - [2017/7/26 14:9:28]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Pro x64 
Ran by Codo der III (Administrator) on 26.07.2017 at 17:23:29,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Codo der III\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Pc) (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Pc (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_Pc.job (Task) 



Registry: 8 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E702579D22BBCD5513EBCBD038CBA7E5 (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEA429F3-D2D4-4BD7-A03E-5357DA017733} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{84F23192-A475-4038-B5C0-8584777F2DF4} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.07.2017 at 17:28:21,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Alt 27.07.2017, 11:03   #25
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Mbam lief im HIntergrund und hat auch noch ne PUM gemeldet.
Habe nicht löschen lassen und die LOG gespeichert. Die zeigt jedoch keine Funde.

Also habe ich "halt wieder" auch noch ne jpg gemacht - vom Fund. Damit du die PUM überhaupt siehst

Was nutzt die mbam eigentlich, wenn sie meldet - dann aber im LOG nchts anzeigt???
Oder bin ich grad blind?

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 27.07.2017
Suchlaufzeit: 12:26
Protokolldatei: mbam170727.txt
Administrator: Ja

Version: 0.0.0.0000
Malware-Datenbank: v2017.07.27.02
Rootkit-Datenbank: v2017.05.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Aktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Codo der III

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 386427
Abgelaufene Zeit: 14 Min., 22 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Miniaturansicht angehängter Grafiken
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!-mbar-scan170727.jpg  

Alt 27.07.2017, 11:07   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2017, 19:46   #27
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-07-2017
Ran by Codo der III (administrator) on PC-PC (27-07-2017 21:39:45)
Running from C:\Users\Codo der III\Desktop
Loaded Profiles: Codo der III &  (Available Profiles: Pc & Codo der III & janka & test)
Platform: Windows 8.1 Pro (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 5\creator-ws.exe
(© pdfforge GmbH.) C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Seagate Scheduler2 Service] => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [585240 2016-09-13] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425352 2016-06-03] (Acronis International GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-07-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4654664 2016-09-13] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2017-05-30] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [66656 2017-06-28] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Viber] => C:\Users\Pc\AppData\Local\Viber\Viber.exe [776400 2015-02-25] ()
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Pc\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-07-20] (Google Inc.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [updater] => "C:\Users\Pc\AppData\Local\Temp\MUpdater.exe" startup <==== ATTENTION
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\Run: [GIMP Updater] => C:\Users\Codo der III\AppData\Roaming\GIMP Updater\Updater.exe [227488 2016-10-09] ()
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\Policies\Explorer: [NoDrives] 1
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27784672 2017-06-27] (Skype Technologies S.A.)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GIMP Updater] => C:\Users\Codo der III\AppData\Roaming\GIMP Updater\Updater.exe [227488 2016-10-09] ()
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDrives] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati 2.lnk [2017-07-21]
ShortcutTarget: Duplicati 2.lnk -> C:\Program Files\Duplicati 2\Duplicati.GUI.TrayIcon.exe (Duplicati Team)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST CLOUD.lnk [2016-10-02]
ShortcutTarget: E-POST CLOUD.lnk -> C:\Program Files (x86)\E-POST\EPostCloud.exe (Deutsche Post AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\E-POST MAILER.lnk [2016-10-02]
ShortcutTarget: E-POST MAILER.lnk -> C:\Program Files (x86)\E-POST\EpostMailer.exe (Deutsche Post AG))
Startup: C:\Users\Codo der III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-11-23]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-10-04]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.bin

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{CFEF567D-2932-4AFD-94FE-266AF7F6A876}: [NameServer] 192.168.10.1

Internet Explorer:
==================
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/el-gr/?ocid=iehp
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/el-gr/?ocid=iehp
HKU\S-1-5-21-223189139-1834683237-3245993289-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/el-gr/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-223189139-1834683237-3245993289-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2017-07-21] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2017-07-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-21] (Oracle Corporation)
Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-06-26] (Intel Security)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-06-26] (Intel Security)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-10-06] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2016-10-06] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370 [2017-07-27]
FF Extension: (QuickFox Notes) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\amin.eft_bmnotes@gmail.com [2016-10-21]
FF Extension: (OneTab) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\extension@one-tab.com.xpi [2016-10-30]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-07-21]
FF Extension: (Xmarks) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\foxmarks@kei.com [2017-07-21]
FF Extension: (Media Converter and Muxer) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\jid1-kps5PrGBNtzSLQ@jetpack.xpi [2017-07-21]
FF Extension: (YouTube ALL HTML5) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-07-21]
FF Extension: (Avira Password Manager) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\passwordmanager@avira.com [2017-07-21]
FF Extension: (Session Sync) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\session-sync@gabrielivanica.com.xpi [2017-07-21]
FF Extension: (Video DownloadHelper) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-07-21]
FF Extension: (Tab Mix Plus) - C:\Users\Codo der III\AppData\Roaming\Mozilla\Firefox\Profiles\nfouucwg.default-1475888009370\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-07-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-10-06] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: PDF Architect 5 -> C:\Program Files\PDF Architect 5\np-previewer.dll [2017-07-05] (pdfforge GmbH)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2016-10-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-09-21] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Pc\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Pc\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-20] (Google Inc.)

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> DuckDuckGo
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default [2017-07-26]
CHR Extension: (Google Präsentationen) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-15]
CHR Extension: (Google Drive) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-15]
CHR Extension: (Tom's Planner) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipbkjijodkkdkilghhekodmoagkcdnc [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-15]
CHR Extension: (Avira Password Manager) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-07-21]
CHR Extension: (Synology Note Station) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfefcnbolgjjabocpajaplcgpniphdd [2017-07-21]
CHR Extension: (Google Tabellen) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-15]
CHR Extension: (Avira Browserschutz) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-16]
CHR Extension: (No Name) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2017-07-21]
CHR Extension: (Skype) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-07-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-21]
CHR Extension: (Synology Download Station) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhbegdkgonhlokobjefolhpoidcnida [2016-11-15]
CHR Extension: (Synology Web Clipper) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfbfimijgibligmbglggnbiobgjgmbk [2017-07-21]
CHR Extension: (Google Mail) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Codo der III\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-20]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276216 2016-09-13] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2016-10-04] ()
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-07-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-07-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-07-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-07-20] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [322616 2017-07-13] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [100816 2017-04-21] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [19344 2017-06-28] (Cybereason)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [437224 2016-10-27] (Digital Wave Ltd.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-07] (DTS, Inc)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
R2 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
R2 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1510712 2016-09-13] ()
S3 PDF Architect 5; C:\Program Files\PDF Architect 5\ws.exe [2709176 2017-07-05] (pdfforge GmbH)
S3 PDF Architect 5 CrashHandler; C:\Program Files\PDF Architect 5\crash-handler-ws.exe [1051312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Creator; C:\Program Files\PDF Architect 5\creator-ws.exe [859312 2017-07-05] (pdfforge GmbH)
R2 PDF Architect 5 Manager; C:\Program Files (x86)\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe [985848 2017-05-16] (© pdfforge GmbH.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-22] (Sandboxie Holdings, LLC)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [74800 2017-06-28] (Avira Operations GmbH & Co. KG)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248840 2016-03-18] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
S2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2016-10-02] (Asmedia Technology)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [60920 2017-07-20] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [167504 2017-07-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [164824 2017-07-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [44488 2017-07-20] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [88488 2017-07-20] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [375136 2016-10-04] (Acronis International GmbH)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-10-02] (REALiX(tm))
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [140672 2016-03-10] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-22] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-07-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9101016 2013-12-10] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-09-22] (Sandboxie Holdings, LLC)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1267544 2016-10-04] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [212320 2016-10-04] (Acronis International GmbH)
S3 tnd; C:\Windows\system32\DRIVERS\tnd.sys [687968 2016-10-04] (Acronis International GmbH)
R2 virtual_file; C:\Windows\System32\DRIVERS\virtual_file.sys [331104 2016-10-04] (Acronis International GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 21:39 - 2017-07-27 21:40 - 00032505 _____ C:\Users\Codo der III\Desktop\FRST.txt
2017-07-27 21:39 - 2017-07-27 21:39 - 00000000 ____D C:\Users\Codo der III\Desktop\FRST-OlderVersion
2017-07-27 17:26 - 2017-07-27 17:26 - 00523851 _____ C:\Users\Akp08vr\foot.embody.south.veteran.xlsx
2017-07-27 17:26 - 2017-07-27 17:26 - 00501639 _____ C:\Users\utfvsc9\youth-segment-when.xlsx
2017-07-27 17:26 - 2017-07-27 17:26 - 00217969 _____ C:\Users\Akp08vr\advocate.cleared.appear.mdb
2017-07-27 17:26 - 2017-07-27 17:26 - 00209926 _____ C:\Users\utfvsc9\drawn attend hurried.mdb
2017-07-27 17:26 - 2017-07-27 17:26 - 00079173 _____ C:\Users\utfvsc9\Px78X.xls
2017-07-27 17:26 - 2017-07-27 17:26 - 00065756 _____ C:\Users\Akp08vr\CNQGtfGYKZF8.xls
2017-07-27 17:26 - 2017-07-27 17:26 - 00057186 _____ C:\Users\utfvsc9\envy chimney.pem
2017-07-27 17:26 - 2017-07-27 17:26 - 00052568 _____ C:\Users\Akp08vr\san.accuracy.funny.pem
2017-07-27 17:26 - 2017-07-27 17:26 - 00038950 _____ C:\Users\Akp08vr\code angels toast worship.txt
2017-07-27 17:26 - 2017-07-27 17:26 - 00027592 _____ C:\Users\utfvsc9\cholesterol-emotions-count.txt
2017-07-27 17:26 - 2017-07-27 17:26 - 00018065 _____ C:\Users\utfvsc9\different views.sql
2017-07-27 17:26 - 2017-07-27 17:26 - 00010527 _____ C:\Users\Akp08vr\N9tiPcAy.sql
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 __SHD C:\Users\Codo der III\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ___HD C:\Users\utfvsc9
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ___HD C:\Users\Codo der III\Documents\Tapplication114
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ___HD C:\Users\Codo der III\Documents\Alog134
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ___HD C:\Users\Akp08vr
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ____D C:\ypackage217
2017-07-27 17:26 - 2017-07-27 17:26 - 00000000 ____D C:\Acpackage225
2017-07-27 13:07 - 2017-07-27 13:10 - 00000000 ____D C:\Users\Codo der III\Desktop\Troja - 1707
2017-07-27 12:51 - 2017-07-27 12:51 - 00000000 ____D C:\Users\Codo der III\AppData\Local\ElevatedDiagnostics
2017-07-27 05:18 - 2017-07-27 05:18 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\ProductData
2017-07-27 05:18 - 2017-07-27 05:18 - 00000000 ____D C:\ProgramData\ProductData
2017-07-26 17:21 - 2017-07-26 17:21 - 01790024 _____ (Malwarebytes) C:\Users\Codo der III\Desktop\JRT.exe
2017-07-26 16:56 - 2017-07-26 16:57 - 08162248 _____ (Malwarebytes) C:\Users\Codo der III\Desktop\adwcleaner_7.0.0.0.exe
2017-07-26 14:24 - 2017-07-26 14:24 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Hewlett-Packard
2017-07-26 14:22 - 2017-07-26 14:57 - 00000000 ____D C:\Users\Codo der III\Desktop\mbar
2017-07-26 13:45 - 2017-07-26 13:45 - 05242792 _____ C:\Users\Codo der III\Downloads\Facebook-Privatsphaere_richtig_eingestellt.pdf
2017-07-26 13:41 - 2017-07-26 13:41 - 02914101 _____ C:\Users\Codo der III\Downloads\Mein_sicheres_Passwort.pdf
2017-07-25 19:16 - 2017-07-25 19:16 - 00214902 _____ C:\Users\Codo der III\Downloads\S_20170725_181631_Postfach_Uebersicht.ZIP
2017-07-25 15:43 - 2017-07-25 15:44 - 00000000 ____D C:\Users\test\AppData\Roaming\Duplicati
2017-07-25 15:43 - 2017-07-25 15:43 - 00000000 ____D C:\Users\test\AppData\Roaming\Raptr
2017-07-25 15:43 - 2017-07-25 15:43 - 00000000 ____D C:\Users\test\AppData\Roaming\PlaysTV
2017-07-25 15:43 - 2017-07-25 15:43 - 00000000 ____D C:\Users\test\AppData\Roaming\ATI
2017-07-25 15:43 - 2017-07-25 15:43 - 00000000 ____D C:\Users\test\AppData\Local\ATI
2017-07-25 15:42 - 2017-07-25 15:42 - 00000000 ____D C:\Users\test\AppData\Roaming\DVDVideoSoft
2017-07-25 15:41 - 2017-07-25 15:41 - 00000000 ____D C:\Users\test\AppData\Roaming\Cybereason
2017-07-25 15:41 - 2017-07-25 15:41 - 00000000 ____D C:\Users\test\AppData\Local\Cybereason
2017-07-25 14:55 - 2017-07-26 14:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-25 14:50 - 2017-07-25 15:28 - 00000000 ____D C:\Users\Pc\Desktop\mbar
2017-07-25 14:48 - 2017-07-25 14:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Codo der III\Desktop\mbar-1.09.3.1001.exe
2017-07-24 07:22 - 2017-07-24 07:22 - 00045459 _____ C:\Users\Codo der III\Downloads\10009-ib.pdf
2017-07-23 13:47 - 2017-07-23 13:56 - 00001199 _____ C:\Users\Codo der III\Desktop\Neues Textdokument (3).txt
2017-07-23 13:42 - 2017-07-23 13:42 - 00000091 _____ C:\Users\Codo der III\Desktop\Neues Textdokument.txt
2017-07-23 12:58 - 2017-07-23 12:58 - 04874935 _____ C:\Users\Codo der III\Downloads\CrystalDiskInfo7_0_5-en.zip
2017-07-23 12:54 - 2017-07-23 12:54 - 00001050 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-07-23 12:54 - 2017-07-23 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-07-23 12:54 - 2017-07-23 12:54 - 00000000 ____D C:\Program Files\VS Revo Group
2017-07-23 12:53 - 2017-07-23 12:53 - 07178424 _____ (VS Revo Group ) C:\Users\Codo der III\Downloads\revosetup_v2.0.3.exe
2017-07-22 22:17 - 2017-07-22 22:17 - 00001397 _____ C:\Users\Pc\Desktop\mbam-bericht.txt
2017-07-22 21:37 - 2017-07-22 21:37 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2017-07-22 21:37 - 2017-07-22 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2017-07-22 21:37 - 2017-07-22 21:37 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-07-22 21:26 - 2017-07-22 21:26 - 00000000 ____D C:\Users\Pc\AppData\Roaming\PlaysTV
2017-07-22 21:26 - 2017-07-22 21:26 - 00000000 ____D C:\Users\Pc\AppData\Local\Opera Software
2017-07-22 21:25 - 2017-07-26 14:15 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Duplicati
2017-07-22 21:25 - 2017-07-22 21:25 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Cybereason
2017-07-22 21:25 - 2017-07-22 21:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Cybereason
2017-07-22 21:25 - 2017-07-22 21:25 - 00000000 ____D C:\Users\Pc\AppData\Local\Avira
2017-07-22 16:23 - 2017-07-22 16:23 - 00000000 ____D C:\Users\Codo der III\Downloads\DS - Systemkonfig
2017-07-22 16:21 - 2017-07-22 18:45 - 00000000 ____D C:\Users\Codo der III\Downloads\PICS v Handy-Samsung
2017-07-22 15:37 - 2017-07-22 15:37 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-07-22 14:00 - 2017-07-26 17:14 - 00000000 ____D C:\AdwCleaner
2017-07-22 12:32 - 2017-07-27 21:39 - 00000000 ____D C:\FRST
2017-07-22 10:53 - 2017-07-26 17:02 - 00000000 ____D C:\Users\Codo der III\Downloads\Scan and Repair u aufräumen - Mail-Adware-Troja-etc
2017-07-22 10:45 - 2017-07-27 21:39 - 02382848 _____ (Farbar) C:\Users\Codo der III\Desktop\FRST64.exe
2017-07-21 22:14 - 2017-07-21 22:14 - 00002384 _____ C:\Users\Pc\Documents\PC-ausgelesen mit LicenseCrawler.txt
2017-07-21 22:10 - 2017-07-21 22:10 - 00000000 ____D C:\Users\Codo der III\AppData\Local\AviraSpeedup
2017-07-21 22:09 - 2017-07-21 22:09 - 00000000 ____D C:\Windows\System32\Tasks\Avira
2017-07-21 22:09 - 2017-07-21 22:09 - 00000000 ____D C:\Users\Codo der III\AppData\Local\Avira
2017-07-21 22:08 - 2017-07-27 17:17 - 00000000 ____D C:\Users\Public\Speedup Sessions
2017-07-21 21:57 - 2017-07-21 21:57 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Opera Software
2017-07-21 21:57 - 2017-07-21 21:57 - 00000000 ____D C:\Users\Codo der III\AppData\Local\Opera Software
2017-07-21 21:55 - 2017-07-21 21:55 - 00000887 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-07-21 21:55 - 2017-07-21 21:55 - 00000000 ____D C:\Program Files\VideoLAN
2017-07-21 21:51 - 2017-07-21 21:51 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-07-21 21:47 - 2017-07-21 21:47 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-21 21:47 - 2017-07-21 21:47 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-21 21:40 - 2017-07-21 21:40 - 00001902 _____ C:\Users\Pc\Desktop\IrfanView Thumbnails.lnk
2017-07-21 21:40 - 2017-07-21 21:40 - 00001010 _____ C:\Users\Pc\Desktop\IrfanView.lnk
2017-07-21 21:40 - 2017-07-21 21:40 - 00000000 ____D C:\Program Files (x86)\IrfanView
2017-07-21 20:30 - 2017-07-21 20:30 - 00002384 _____ C:\Users\Pc\Downloads\PC-ausgelesen mit LicenseCrawler.txt
2017-07-21 18:14 - 2017-07-21 23:02 - 00000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2017-07-21 18:14 - 2017-07-21 18:14 - 00003120 _____ C:\Windows\System32\Tasks\TrackerAutoUpdate
2017-07-21 18:14 - 2017-07-21 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2017-07-21 18:14 - 2017-07-21 18:14 - 00000000 ____D C:\Program Files\Tracker Software
2017-07-21 17:36 - 2017-07-26 17:18 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Raptr
2017-07-21 17:36 - 2017-07-21 17:36 - 00002035 _____ C:\Users\Public\Desktop\Raptr.lnk
2017-07-21 17:36 - 2017-07-21 17:36 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\PlaysTV
2017-07-21 17:36 - 2017-07-21 17:36 - 00000000 ____D C:\Users\Codo der III\.QtWebEngineProcess
2017-07-21 17:36 - 2017-07-21 17:36 - 00000000 ____D C:\Users\Codo der III\.Plays.tv
2017-07-21 17:36 - 2017-07-21 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
2017-07-21 17:35 - 2017-07-21 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2017-07-21 17:33 - 2017-07-21 17:33 - 00000000 ____D C:\Users\Pc\AppData\Roaming\library_dir
2017-07-21 17:32 - 2017-07-21 17:33 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2017-07-21 17:31 - 2017-07-26 14:14 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Raptr
2017-07-21 17:31 - 2017-07-21 17:33 - 00000000 ____D C:\Program Files (x86)\Raptr
2017-07-21 17:18 - 2017-07-21 17:18 - 00000000 ____D C:\Users\Pc\AppData\Local\PDFCreator
2017-07-21 17:18 - 2017-07-21 17:18 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\PDF Architect 5
2017-07-21 17:18 - 2017-07-21 17:18 - 00000000 ____D C:\Program Files (x86)\PDF Architect 5 Manager
2017-07-21 17:18 - 2017-07-21 17:18 - 00000000 ____D C:\Program Files (x86)\PDF Architect 5
2017-07-21 17:17 - 2017-07-21 17:18 - 00000000 ____D C:\Program Files\PDF Architect 5
2017-07-21 17:17 - 2017-07-21 17:17 - 00000000 ____D C:\Users\Pc\Documents\PDF Architect
2017-07-21 17:17 - 2017-07-21 17:17 - 00000000 ____D C:\ProgramData\PDF Architect 5
2017-07-21 17:17 - 2017-07-21 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2017-07-21 17:12 - 2017-07-21 17:12 - 00000000 ____D C:\ProgramData\TrueKey
2017-07-21 16:50 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-07-21 16:49 - 2017-07-27 20:47 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-21 16:49 - 2017-07-22 21:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-21 16:49 - 2017-07-22 10:20 - 00101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-21 16:49 - 2017-07-21 16:52 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-21 16:49 - 2017-07-21 16:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-21 16:49 - 2017-07-21 16:49 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-21 16:49 - 2017-06-27 12:06 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-21 16:49 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-07-21 16:49 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-21 16:33 - 2017-07-21 16:33 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-07-21 16:25 - 2017-07-21 16:25 - 00000652 _____ C:\Users\Public\Desktop\iDA.lnk
2017-07-21 16:25 - 2017-07-21 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDA
2017-07-21 16:25 - 2017-07-21 16:25 - 00000000 ____D C:\iDA
2017-07-21 16:09 - 2017-07-21 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-07-21 16:07 - 2017-07-21 16:12 - 00000000 ____D C:\Users\Codo der III\AppData\Local\WhatsApp
2017-07-21 16:02 - 2017-07-21 16:37 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-21 16:01 - 2017-07-26 17:18 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Duplicati
2017-07-21 16:00 - 2017-07-21 16:00 - 00000000 ____D C:\ProgramData\Duplicati
2017-07-21 15:56 - 2017-07-21 15:56 - 00001988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicati 2.lnk
2017-07-21 15:56 - 2017-07-21 15:56 - 00001976 _____ C:\Users\Public\Desktop\Duplicati 2.lnk
2017-07-21 15:56 - 2017-07-21 15:56 - 00000000 ____D C:\Program Files\Duplicati 2
2017-07-21 15:55 - 2017-07-21 15:55 - 00003992 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Keepalive
2017-07-21 15:55 - 2017-07-21 15:55 - 00003098 _____ C:\Windows\System32\Tasks\Cybereason RansomFree Autostart
2017-07-21 15:55 - 2017-07-21 15:55 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Cybereason
2017-07-21 15:55 - 2017-07-21 15:55 - 00000000 ____D C:\Users\Codo der III\AppData\Local\Cybereason
2017-07-21 15:55 - 2017-07-21 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cybereason RansomFree
2017-07-21 15:55 - 2017-07-21 15:55 - 00000000 ____D C:\ProgramData\Cybereason
2017-07-21 15:55 - 2017-07-21 15:55 - 00000000 ____D C:\Program Files (x86)\Cybereason
2017-07-21 15:54 - 2017-07-21 15:54 - 00001167 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2017-07-21 15:54 - 2017-07-21 15:54 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2017-07-21 15:54 - 2017-07-21 15:54 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Canneverbe Limited
2017-07-21 15:54 - 2017-07-21 15:54 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2017-07-21 15:52 - 2017-07-21 15:52 - 00000000 ____D C:\ProgramData\ClassicShell
2017-07-21 15:51 - 2017-07-21 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2017-07-21 15:51 - 2017-07-21 15:51 - 00000000 ____D C:\Program Files\Classic Shell
2017-07-21 15:35 - 2017-07-21 15:35 - 00000000 ____D C:\Users\Pc\Desktop\OpenOffice 4.1.3 Language Pack (German) Installation Files
2017-07-21 15:10 - 2017-07-21 15:10 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\ATI
2017-07-21 15:10 - 2017-07-21 15:10 - 00000000 ____D C:\Users\Codo der III\AppData\Local\ATI
2017-07-21 13:54 - 2017-07-21 13:54 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-07-21 13:45 - 2017-07-21 13:45 - 00000000 ____D C:\Users\Pc\Desktop\OpenOffice 4.1.3 (de) Installation Files
2017-07-21 13:44 - 2017-07-21 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-07-21 13:43 - 2017-07-21 13:43 - 00000000 ____D C:\ProgramData\AMD
2017-07-21 13:38 - 2017-07-21 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-21 13:38 - 2017-07-21 13:38 - 00000000 ____D C:\Program Files\7-Zip
2017-07-21 13:05 - 2017-07-21 13:05 - 00000000 ____D C:\Windows\system32\appmgmt
2017-07-21 12:46 - 2017-07-26 17:14 - 00001056 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2017-07-21 12:44 - 2017-07-21 12:44 - 00002094 _____ C:\Users\Public\Desktop\Avira Software Updater.lnk
2017-07-20 20:47 - 2017-07-20 20:47 - 00001171 _____ C:\Users\Public\Desktop\True Key.lnk
2017-07-20 20:46 - 2017-06-30 03:27 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-20 20:46 - 2017-06-30 03:27 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-20 20:16 - 2017-04-22 00:53 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-07-20 20:16 - 2017-04-22 00:50 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-07-20 20:16 - 2017-04-22 00:50 - 00018592 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-07-20 20:16 - 2017-04-11 21:27 - 00485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-07-20 20:16 - 2017-03-15 21:15 - 00690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-07-20 20:15 - 2017-04-22 00:53 - 00018600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-07-20 20:15 - 2017-04-11 21:27 - 00987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-07-20 20:15 - 2017-03-15 21:15 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-07-20 17:39 - 2017-07-20 17:39 - 00000000 ____D C:\Windows\CSC
2017-07-20 16:14 - 2017-06-29 09:27 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-20 16:14 - 2017-06-29 09:02 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-20 16:14 - 2017-06-29 08:50 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-20 16:14 - 2017-06-29 08:44 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-20 16:14 - 2017-06-29 08:23 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-20 16:14 - 2017-06-29 08:23 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-20 16:14 - 2017-06-29 08:17 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-07-20 16:14 - 2017-06-29 08:13 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-20 16:14 - 2017-06-29 08:09 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-20 16:14 - 2017-06-29 07:58 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-20 16:14 - 2017-06-29 07:53 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-20 16:14 - 2017-06-29 07:52 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-20 16:14 - 2017-06-29 07:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-07-20 16:14 - 2017-06-29 07:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-20 16:14 - 2017-06-29 07:43 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-20 16:14 - 2017-06-29 07:41 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-20 16:14 - 2017-06-29 07:28 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-20 16:14 - 2017-06-29 07:24 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-20 16:14 - 2017-06-27 17:29 - 07796736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-07-20 16:14 - 2017-06-27 17:29 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-07-20 16:14 - 2017-06-27 17:26 - 05274112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-07-20 16:14 - 2017-06-27 17:26 - 05268992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-07-20 16:14 - 2017-06-22 17:22 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-20 16:14 - 2017-06-17 19:45 - 03631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-07-20 16:14 - 2017-06-17 19:34 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-07-20 16:14 - 2017-06-17 19:05 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-07-20 16:14 - 2017-06-16 01:02 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-20 16:14 - 2017-06-15 16:45 - 07440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-07-20 16:14 - 2017-06-03 19:27 - 02346496 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-07-20 16:14 - 2017-06-03 19:03 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-07-20 16:14 - 2017-05-14 23:19 - 01364040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-07-20 16:14 - 2017-05-14 22:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-07-20 16:14 - 2017-05-14 22:03 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-07-20 16:14 - 2017-05-14 21:06 - 01737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-07-20 16:14 - 2017-05-14 21:06 - 01502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-07-20 16:14 - 2017-05-12 19:16 - 01084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-07-20 16:14 - 2017-05-12 19:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-07-20 16:14 - 2017-05-12 05:58 - 01985536 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-07-20 16:14 - 2017-05-12 05:48 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-07-20 16:14 - 2017-05-12 05:18 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-07-20 16:14 - 2017-04-16 11:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-20 16:14 - 2017-04-16 11:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-20 16:14 - 2017-04-16 11:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-20 16:14 - 2017-04-16 11:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-20 16:14 - 2017-04-16 10:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-20 16:14 - 2017-04-16 10:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-20 16:14 - 2017-04-16 10:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-20 16:14 - 2017-04-16 10:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-20 16:14 - 2017-04-16 10:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-20 16:14 - 2017-04-16 10:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-20 16:14 - 2017-04-16 10:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-20 16:14 - 2017-04-16 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-20 16:14 - 2017-04-16 10:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-20 16:14 - 2017-04-16 10:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-20 16:14 - 2017-04-16 10:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-07-20 16:14 - 2017-04-10 01:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-07-20 16:14 - 2017-03-03 18:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-07-20 16:14 - 2017-03-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-07-20 16:14 - 2017-02-11 19:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-07-20 16:14 - 2017-02-11 19:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-07-20 16:14 - 2017-02-04 22:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-07-20 16:14 - 2017-02-04 22:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-07-20 16:14 - 2017-01-11 20:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-07-20 16:14 - 2016-10-05 16:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2017-07-20 16:14 - 2016-10-05 16:52 - 00513456 _____ C:\Windows\system32\locale.nls
2017-07-20 16:13 - 2017-06-29 07:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-20 16:13 - 2017-06-29 07:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-20 16:13 - 2017-06-17 19:11 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-07-20 16:13 - 2017-06-15 16:45 - 01674520 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-07-20 16:13 - 2017-06-15 16:45 - 01534064 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-07-20 16:13 - 2017-06-15 16:45 - 01499920 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-07-20 16:13 - 2017-06-15 16:45 - 01370320 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-07-20 16:13 - 2017-06-12 03:06 - 00376672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-07-20 16:13 - 2017-06-12 01:21 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-20 16:13 - 2017-06-12 00:43 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-20 16:13 - 2017-06-12 00:08 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-20 16:13 - 2017-06-12 00:00 - 00962560 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-20 16:13 - 2017-06-11 23:35 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-20 16:13 - 2017-06-11 23:31 - 00781312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-20 16:13 - 2017-06-11 18:15 - 02013528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-20 16:13 - 2017-06-06 23:52 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-20 16:13 - 2017-06-06 23:42 - 00925696 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2017-07-20 16:13 - 2017-06-06 23:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\uudf.dll
2017-07-20 16:13 - 2017-06-06 23:35 - 00517120 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2017-07-20 16:13 - 2017-06-06 22:11 - 00557568 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2017-07-20 16:13 - 2017-06-06 22:11 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
2017-07-20 16:13 - 2017-06-06 22:08 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-20 16:13 - 2017-06-06 22:03 - 00837632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2017-07-20 16:13 - 2017-06-06 21:57 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uudf.dll
2017-07-20 16:13 - 2017-06-06 21:56 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2017-07-20 16:13 - 2017-06-06 21:02 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2017-07-20 16:13 - 2017-06-06 21:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
2017-07-20 16:13 - 2017-06-02 15:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-07-20 16:13 - 2017-06-02 15:12 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-07-20 16:13 - 2017-06-02 15:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-07-20 16:13 - 2017-06-02 15:06 - 01001984 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-07-20 16:13 - 2017-06-02 15:01 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-07-20 16:13 - 2017-06-02 14:03 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-07-20 16:13 - 2017-06-02 13:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-07-20 16:13 - 2017-06-02 13:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-07-20 16:13 - 2017-06-02 13:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-07-20 16:13 - 2017-06-02 12:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-07-20 16:13 - 2017-05-15 23:03 - 00379744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-07-20 16:13 - 2017-05-14 23:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-07-20 16:13 - 2017-05-14 21:13 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-07-20 16:13 - 2017-05-12 20:05 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-07-20 16:13 - 2017-05-12 18:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-07-20 16:13 - 2017-05-12 18:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-07-20 16:13 - 2017-05-12 18:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-07-20 16:13 - 2017-05-12 18:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-07-20 16:13 - 2017-05-12 07:10 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-07-20 16:13 - 2017-05-12 05:11 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-07-20 16:13 - 2017-05-12 05:10 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-07-20 16:13 - 2017-05-12 05:07 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-07-20 16:13 - 2017-05-12 05:06 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-07-20 16:13 - 2017-05-12 05:04 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-07-20 16:13 - 2017-05-12 05:00 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-07-20 16:13 - 2017-05-12 02:36 - 22361848 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-07-20 16:13 - 2017-05-12 02:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-07-20 16:13 - 2017-05-10 21:19 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-07-20 16:13 - 2017-05-09 17:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-07-20 16:13 - 2017-05-09 17:35 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-07-20 16:13 - 2017-05-09 17:28 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\DAFWSD.dll
2017-07-20 16:13 - 2017-05-09 17:12 - 00448576 _____ C:\Windows\system32\ApnDatabase.xml
2017-07-20 16:13 - 2017-05-06 19:45 - 01114624 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-07-20 16:13 - 2017-05-06 19:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-07-20 16:13 - 2017-05-06 19:04 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-07-20 16:13 - 2017-05-02 23:09 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-07-20 16:13 - 2017-05-02 23:08 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-07-20 16:13 - 2017-05-02 23:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-07-20 16:13 - 2017-05-02 21:31 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-07-20 16:13 - 2017-05-02 21:31 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\smbwmiv2.dll
2017-07-20 16:13 - 2017-04-30 19:48 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-07-20 16:13 - 2017-04-28 04:13 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-07-20 16:13 - 2017-04-28 04:11 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-07-20 16:13 - 2017-04-16 13:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-07-20 16:13 - 2017-04-16 13:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-07-20 16:13 - 2017-04-16 13:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-07-20 16:13 - 2017-04-16 13:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-07-20 16:13 - 2017-04-16 13:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-07-20 16:13 - 2017-04-16 12:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-07-20 16:13 - 2017-04-16 12:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-07-20 16:13 - 2017-04-16 12:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-07-20 16:13 - 2017-04-16 12:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-07-20 16:13 - 2017-04-16 11:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-20 16:13 - 2017-04-16 11:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-07-20 16:13 - 2017-04-16 11:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-20 16:13 - 2017-04-16 11:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-20 16:13 - 2017-04-16 11:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-07-20 16:13 - 2017-04-16 10:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-20 16:13 - 2017-04-16 10:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-07-20 16:13 - 2017-04-16 10:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-07-20 16:13 - 2017-04-10 01:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-07-20 16:13 - 2017-04-06 20:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-20 16:13 - 2017-04-06 20:16 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-07-20 16:13 - 2017-04-06 19:50 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-20 16:13 - 2017-04-06 19:46 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-20 16:13 - 2017-04-06 19:46 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-20 16:13 - 2017-04-06 19:35 - 01362432 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-07-20 16:13 - 2017-04-06 19:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-20 16:13 - 2017-04-02 17:49 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-07-20 16:13 - 2017-04-01 02:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-07-20 16:13 - 2017-04-01 00:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-07-20 16:13 - 2017-03-13 19:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-07-20 16:13 - 2017-03-13 19:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-07-20 16:13 - 2017-03-13 19:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-07-20 16:13 - 2017-03-13 19:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-07-20 16:13 - 2017-03-11 06:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-07-20 16:13 - 2017-03-11 06:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-07-20 16:13 - 2017-03-11 02:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-07-20 16:13 - 2017-03-09 23:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-07-20 16:13 - 2017-03-09 22:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-07-20 16:13 - 2017-03-04 19:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-07-20 16:13 - 2017-02-11 21:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-07-20 16:13 - 2017-02-10 22:06 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-20 16:13 - 2017-02-10 17:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-07-20 16:13 - 2017-02-09 17:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-07-20 16:13 - 2017-02-09 17:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-07-20 16:13 - 2017-02-04 20:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-07-20 16:13 - 2017-02-04 20:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-07-20 16:13 - 2017-02-04 20:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-07-20 16:13 - 2017-02-04 20:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-07-20 16:13 - 2017-02-04 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-07-20 16:13 - 2017-02-01 22:44 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-20 16:13 - 2017-02-01 22:42 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-20 16:13 - 2017-01-22 00:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-07-20 16:13 - 2017-01-21 22:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-20 16:13 - 2017-01-21 22:22 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2017-07-20 16:13 - 2017-01-21 21:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-20 16:13 - 2017-01-19 05:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-07-20 16:13 - 2017-01-18 17:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-20 16:13 - 2017-01-14 23:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-07-20 16:13 - 2017-01-14 22:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-07-20 16:13 - 2017-01-14 20:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-07-20 16:13 - 2017-01-12 19:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-07-20 16:13 - 2017-01-12 19:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-07-20 16:13 - 2017-01-11 22:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-07-20 16:13 - 2017-01-11 18:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-07-20 16:13 - 2017-01-11 01:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-07-20 16:13 - 2017-01-11 00:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-07-20 16:13 - 2017-01-10 23:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-07-20 16:13 - 2017-01-10 22:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-07-20 16:13 - 2017-01-10 22:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-07-20 16:13 - 2017-01-06 20:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-07-20 16:13 - 2017-01-06 20:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-07-20 16:13 - 2016-12-25 04:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-07-20 16:13 - 2016-12-25 03:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-07-20 16:13 - 2016-12-25 03:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-07-20 16:13 - 2016-12-25 02:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-07-20 16:13 - 2016-11-20 00:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-20 16:13 - 2016-11-19 20:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-20 16:13 - 2016-11-13 00:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-07-20 16:13 - 2016-11-11 05:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-07-20 16:13 - 2016-11-09 20:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-07-20 16:13 - 2016-11-05 20:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-07-20 16:13 - 2016-11-05 20:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-07-20 16:13 - 2016-11-05 18:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-07-20 16:13 - 2016-11-05 18:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-07-20 16:13 - 2016-10-13 00:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2017-07-20 16:13 - 2016-10-11 19:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-07-20 16:13 - 2016-10-10 21:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2017-07-20 16:13 - 2016-10-05 17:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2017-07-20 16:13 - 2016-10-05 17:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-07-20 16:13 - 2016-10-05 17:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2017-07-20 16:13 - 2016-10-05 07:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-07-20 16:13 - 2016-10-05 07:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-07-20 16:13 - 2016-09-21 01:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-20 16:13 - 2015-10-22 18:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2017-07-20 16:12 - 2017-06-15 16:45 - 00086360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-07-20 16:12 - 2017-06-12 00:25 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-20 16:12 - 2017-06-12 00:15 - 01436672 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-20 16:12 - 2017-06-12 00:07 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-20 16:12 - 2017-06-11 23:58 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-20 16:12 - 2017-06-11 23:40 - 01323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-20 16:12 - 2017-06-06 23:38 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\cnvfat.dll
2017-07-20 16:12 - 2017-06-06 23:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\convert.exe
2017-07-20 16:12 - 2017-06-06 22:13 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\ulib.dll
2017-07-20 16:12 - 2017-06-06 22:11 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\ufat.dll
2017-07-20 16:12 - 2017-06-06 22:11 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\uexfat.dll
2017-07-20 16:12 - 2017-06-06 21:59 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cnvfat.dll
2017-07-20 16:12 - 2017-06-06 21:03 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ulib.dll
2017-07-20 16:12 - 2017-06-06 21:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ufat.dll
2017-07-20 16:12 - 2017-06-06 21:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uexfat.dll
2017-07-20 16:12 - 2017-06-01 00:20 - 00470360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-20 16:12 - 2017-05-16 01:09 - 00057688 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-07-20 16:12 - 2017-05-15 22:58 - 00121184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-07-20 16:12 - 2017-05-09 17:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsdchngr.dll
2017-07-20 16:12 - 2017-05-09 17:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe
2017-07-20 16:12 - 2017-05-09 17:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wsdchngr.dll
2017-07-20 16:12 - 2017-05-06 19:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2017-07-20 16:12 - 2017-05-02 21:41 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2017-07-20 16:12 - 2017-05-02 20:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2017-07-20 16:12 - 2017-04-09 23:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2017-07-20 16:12 - 2017-04-09 23:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2017-07-20 16:12 - 2017-04-09 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2017-07-20 16:12 - 2017-04-09 22:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\vmbuspiper.dll
2017-07-20 16:12 - 2017-04-06 18:44 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-07-20 16:12 - 2017-03-13 19:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-07-20 16:12 - 2017-03-13 19:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-07-20 16:12 - 2017-03-12 18:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-07-20 16:12 - 2017-03-04 22:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-07-20 16:12 - 2017-03-04 22:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-07-20 16:12 - 2017-03-04 21:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-07-20 16:12 - 2017-03-03 18:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-07-20 16:12 - 2017-03-03 18:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-07-20 16:12 - 2017-02-09 17:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-07-20 16:12 - 2017-02-04 20:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-07-20 16:12 - 2017-02-04 20:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-07-20 16:12 - 2017-02-04 20:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-07-20 16:12 - 2017-02-04 20:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-07-20 16:12 - 2017-01-21 22:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2017-07-20 16:12 - 2017-01-21 22:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-20 16:12 - 2017-01-21 21:40 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2017-07-20 16:12 - 2017-01-21 21:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-20 16:12 - 2017-01-18 17:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-20 16:12 - 2017-01-12 18:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-07-20 16:12 - 2017-01-12 18:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-07-20 16:12 - 2016-12-25 04:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-07-20 16:12 - 2016-11-12 22:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-07-20 16:12 - 2016-10-10 21:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-07-20 16:12 - 2016-10-09 17:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2017-07-20 16:12 - 2016-10-09 17:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2017-07-20 16:12 - 2016-10-09 17:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2017-07-20 16:12 - 2015-02-03 02:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2017-07-20 16:12 - 2015-02-03 02:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2017-07-20 16:02 - 2017-05-04 02:11 - 00103600 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-20 16:02 - 2017-05-03 16:43 - 01555968 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 01206272 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00535552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00311296 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-07-20 16:02 - 2017-05-03 16:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-20 16:02 - 2016-06-03 20:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-07-20 15:55 - 2017-07-20 15:50 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-07-20 15:49 - 2017-07-20 15:49 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-27 16:06 - 2016-10-12 17:56 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4872BCC3-B662-404F-AE9B-DEF038586401}
2017-07-27 12:46 - 2016-12-15 09:58 - 00086528 ___SH C:\Users\Codo der III\Desktop\Thumbs.db
2017-07-27 12:45 - 2016-10-02 15:49 - 00000000 ____D C:\Users\Codo der III\AppData\Local\ClassicShell
2017-07-27 12:31 - 2016-11-20 16:22 - 00000000 ____D C:\Users\Codo der III\AppData\LocalLow\Mozilla
2017-07-26 17:23 - 2016-10-03 00:09 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Skype
2017-07-26 17:16 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-26 17:14 - 2016-10-02 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-26 16:57 - 2016-10-12 18:25 - 01701376 ___SH C:\Users\Codo der III\Downloads\Thumbs.db
2017-07-26 15:14 - 2016-10-02 15:46 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223189139-1834683237-3245993289-1002
2017-07-26 14:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
2017-07-26 14:15 - 2016-09-30 05:07 - 00000000 ____D C:\Users\Pc\AppData\Local\ClassicShell
2017-07-26 14:14 - 2016-09-30 04:14 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223189139-1834683237-3245993289-1001
2017-07-26 13:39 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2017-07-25 19:23 - 2016-10-02 23:57 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\KeePass
2017-07-25 16:00 - 2016-10-06 18:52 - 00000000 ____D C:\Users\test\AppData\Local\ClassicShell
2017-07-25 15:59 - 2016-10-06 19:01 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D62AF0B8-8AA8-42A1-9AEA-E736CFF0DBB6}
2017-07-25 15:57 - 2016-10-06 18:01 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-223189139-1834683237-3245993289-1006
2017-07-25 15:49 - 2016-10-08 04:20 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-25 15:44 - 2016-11-25 15:44 - 00000000 ____D C:\Users\test\AppData\LocalLow\Mozilla
2017-07-25 15:43 - 2016-10-06 17:57 - 00000000 ____D C:\Users\test\AppData\Local\AMD
2017-07-24 08:01 - 2016-10-08 15:17 - 00000000 ____D C:\Users\Codo der III\AppData\LocalLow\Temp
2017-07-24 07:19 - 2016-10-02 15:40 - 00000000 ____D C:\Users\Codo der III\AppData\Local\Packages
2017-07-22 21:26 - 2016-09-30 05:02 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Skype
2017-07-22 16:25 - 2016-10-07 19:17 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\vlc
2017-07-22 15:45 - 2016-09-30 04:07 - 01733754 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-22 15:45 - 2016-09-29 20:09 - 00727586 _____ C:\Windows\system32\perfh007.dat
2017-07-22 15:45 - 2016-09-29 20:09 - 00151718 _____ C:\Windows\system32\perfc007.dat
2017-07-22 14:03 - 2016-10-26 14:30 - 00000000 ____D C:\Users\Pc\AppData\Local\CrashDumps
2017-07-21 23:02 - 2016-10-02 17:01 - 00000000 ____D C:\Program Files\PDFCreator
2017-07-21 23:02 - 2016-09-30 04:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-21 23:02 - 2013-08-22 17:44 - 00408176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-21 22:07 - 2016-10-02 12:14 - 00000000 ____D C:\ProgramData\Avira
2017-07-21 22:07 - 2016-10-02 12:14 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-21 21:59 - 2016-10-02 15:40 - 00000000 ____D C:\Users\Codo der III
2017-07-21 21:56 - 2016-09-30 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-21 21:51 - 2016-10-03 00:34 - 00000000 ____D C:\Users\Pc\AppData\Roaming\TeamViewer
2017-07-21 21:51 - 2016-09-30 05:01 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-07-21 21:46 - 2016-09-29 19:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-21 21:42 - 2016-10-02 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-07-21 21:42 - 2016-10-02 18:15 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-07-21 21:40 - 2016-10-02 17:06 - 00000000 ____D C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-07-21 21:40 - 2016-10-02 17:06 - 00000000 ____D C:\Users\Pc\AppData\Roaming\IrfanView
2017-07-21 21:33 - 2016-09-29 19:36 - 00000000 ____D C:\AMD
2017-07-21 17:36 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-21 17:23 - 2016-10-02 23:27 - 00001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2017-07-21 17:22 - 2016-11-05 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-07-21 17:11 - 2016-10-26 14:30 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2017-07-21 16:46 - 2016-10-05 15:33 - 00000000 ____D C:\Users\Codo der III\AppData\Local\CrashDumps
2017-07-21 16:33 - 2016-10-02 18:39 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-07-21 16:33 - 2016-10-02 18:39 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2017-07-21 16:21 - 2016-10-02 22:37 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-21 16:21 - 2016-09-30 05:01 - 00003902 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{296EC02D-DF2C-4598-A64A-2809DDDFD683}
2017-07-21 16:12 - 2016-12-10 13:47 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\WhatsApp
2017-07-21 16:12 - 2016-12-10 13:47 - 00000000 ____D C:\Users\Codo der III\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-07-21 16:09 - 2016-09-30 05:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-21 16:09 - 2016-09-30 05:02 - 00000000 ____D C:\ProgramData\Skype
2017-07-21 16:08 - 2016-12-10 13:41 - 00000000 ____D C:\Users\Codo der III\AppData\Local\SquirrelTemp
2017-07-21 15:35 - 2016-10-02 18:12 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-07-21 15:10 - 2016-10-02 15:41 - 00000000 ____D C:\Users\Codo der III\AppData\Local\AMD
2017-07-21 13:44 - 2016-09-29 19:42 - 00000000 ____D C:\Users\Pc\AppData\Local\AMD
2017-07-21 13:43 - 2016-09-30 05:18 - 00000000 ____D C:\Program Files\AMD
2017-07-21 13:43 - 2016-09-29 19:41 - 00000000 ____D C:\Program Files (x86)\AMD
2017-07-21 13:34 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2017-07-21 13:29 - 2016-09-29 19:29 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-21 11:40 - 2013-08-22 18:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-21 11:38 - 2016-10-04 09:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-07-21 11:17 - 2016-09-29 19:46 - 00000000 ____D C:\ProgramData\McAfee
2017-07-21 11:16 - 2016-09-29 19:29 - 00000000 ____D C:\Program Files\TrueKey
2017-07-20 21:03 - 2016-09-29 19:29 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-20 20:47 - 2016-09-29 19:47 - 00001185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-07-20 20:45 - 2016-09-29 19:46 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-07-20 20:40 - 2013-08-22 16:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-07-20 20:38 - 2016-10-04 14:20 - 00000000 ____D C:\Windows\system32\appraiser
2017-07-20 20:38 - 2013-08-22 18:36 - 00000000 ___RD C:\Windows\ToastData
2017-07-20 20:38 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-07-20 20:38 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-07-20 20:38 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-20 20:38 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\oobe
2017-07-20 20:37 - 2016-10-02 13:49 - 00000000 ____D C:\Windows\system32\MRT
2017-07-20 20:25 - 2016-10-02 13:49 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-20 20:22 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2017-07-20 18:40 - 2016-10-02 13:08 - 00000000 ____D C:\ProgramData\Acronis
2017-07-20 16:21 - 2016-09-30 05:04 - 00002430 _____ C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-20 16:21 - 2016-09-30 05:04 - 00002422 _____ C:\Users\Pc\Desktop\Google Chrome.lnk
2017-07-20 16:16 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-20 16:14 - 2016-09-30 05:03 - 00003712 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-223189139-1834683237-3245993289-1001UA
2017-07-20 16:14 - 2016-09-30 05:03 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-223189139-1834683237-3245993289-1001Core
2017-07-20 15:50 - 2016-10-05 19:30 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-07-20 15:50 - 2016-10-02 12:18 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-07-20 15:50 - 2016-10-02 12:18 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-07-20 15:50 - 2016-10-02 12:18 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-07-20 15:50 - 2016-10-02 12:18 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-07-20 15:49 - 2016-10-08 04:20 - 00003862 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1475889635
2017-07-20 15:42 - 2016-10-02 17:22 - 00000000 ____D C:\ProgramData\IObit
2017-07-20 15:41 - 2016-10-26 14:27 - 00000000 ____D C:\Users\Pc\AppData\Roaming\DVDVideoSoft
2017-07-20 15:40 - 2016-09-30 04:09 - 00000000 ____D C:\Users\Pc

==================== Files in the root of some directories =======

2016-10-29 15:56 - 1998-04-04 02:15 - 0207872 _____ (Magenta ltd) C:\Program Files (x86)\Polylex.exe
2016-11-27 12:14 - 2016-11-27 12:14 - 0026764 _____ () C:\Users\Codo der III\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2016-10-25 14:59 - 2016-12-10 17:12 - 0032768 _____ () C:\Users\Codo der III\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-13 15:38 - 2016-12-13 15:38 - 0005929 _____ () C:\Users\Codo der III\AppData\Local\recently-used.xbel
2016-10-02 18:36 - 2016-10-02 18:36 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-02 16:59 - 2016-10-02 16:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-21 12:07

==================== End of FRST.txt ============================
--- --- ---
Alt 27.07.2017, 19:47   #28
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017
Ran by Codo der III (27-07-2017 21:40:42)
Running from C:\Users\Codo der III\Desktop
Windows 8.1 Pro (Update) (X64) (2016-09-30 01:08:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223189139-1834683237-3245993289-500 - Administrator - Disabled)
Codo der III (S-1-5-21-223189139-1834683237-3245993289-1002 - Administrator - Enabled) => C:\Users\Codo der III
Guest (S-1-5-21-223189139-1834683237-3245993289-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-223189139-1834683237-3245993289-1005 - Limited - Enabled)
janka (S-1-5-21-223189139-1834683237-3245993289-1003 - Limited - Enabled) => C:\Users\janka
Pc (S-1-5-21-223189139-1834683237-3245993289-1001 - Administrator - Enabled) => C:\Users\Pc
test (S-1-5-21-223189139-1834683237-3245993289-1006 - Limited - Enabled) => C:\Users\test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}) (Version: 20.0.5554 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{2D18E04C-2EFC-48C6-A17F-F53FC9D8564C}Visible) (Version: 20.0.5554 - Acronis)
Acronis*Disk*Director*12 (HKLM-x32\...\{AE372858-B1BD-49EF-8308-648322846008}) (Version: 12.0.3270 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amarok (remove only) (HKLM-x32\...\Amarok) (Version: 2.8.0 - KDE)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.9.1.24376 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{A4DF9D2A-AB95-4F30-9CA4-2F49662BA39D}) (Version: 2.0.2.27024 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 3.7.1.5481 - Avira Operations GmbH & Co. KG)
Catalyst Control Center Next Localization BR (HKLM\...\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CBABB5FD-BD69-8969-729A-5659E11D9518}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{98527BF3-A8E0-B8CF-7297-436B714FC576}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{487C3865-3005-F04A-FBA4-F4239E02A847}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{746E086C-023A-A79C-DBE1-062E773FF6C8}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}) (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Clementine (HKLM-x32\...\Clementine) (Version: 1.3.1 - Clementine)
Cybereason RansomFree 2.3.0.0 (HKLM-x32\...\{FF34E65D-8F07-4917-8B9D-FB7F17E2BC4E}) (Version: 2.3.0.0 - Cybereason Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Duplicati 2 (HKLM\...\{78C1C3B9-DD53-4591-8989-B8230B832E7F}) (Version: 2.0.0.7 - Duplicati Team)
E-POST (HKLM-x32\...\{bd26b861-41e4-4cd2-bfb7-771364f9c854}) (Version: 4.2.14.4214 - Deutsche Post AG)
E-POST Desktop App (HKLM-x32\...\{3942DC9A-56D4-439D-97CD-6D6C61E90E90}) (Version: 4.2.14.4214 - Deutsche Post AG) Hidden
E-POST MAILER Drucker (HKLM\...\{14DF717F-47D6-46E6-9120-30F4ED5AFDFC}) (Version: 4.2.9.4209 - Deutsche Post AG) Hidden
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
Fotogalerie (HKLM-x32\...\{41BF4A3B-D60A-4E92-883F-C88C8C157261}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
FXCM Trading Station (HKLM-x32\...\FXTS2) (Version:  - Forex Capital Markets, LLC ("FXCM LLC"))
FXFlat Meta Trader 4 (HKLM-x32\...\FXFlat Meta Trader 4) (Version: 6.00 - MetaQuotes Software Corp.)
Google Chrome (HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D549B5E2-DBE8-4190-ABA5-71106264398C}) (Version: 12.5.32.37 - HP Inc.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iDA Version v2.32 (HKLM-x32\...\{5C08DD15-104A-449D-8461-BEDF717F27C1}_is1) (Version: v2.32 - Schmid IT-Management)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.19.108.1 - Intel Security)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.2.156 - IObit)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
MetaTrader 4 (HKLM-x32\...\MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
MetaTrader 5 (HKLM\...\MetaTrader 5) (Version: 5.00 - MetaQuotes Software Corp.)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4945.1001 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e52a6842-b0ac-476e-b48f-378a97a67346}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{70C91B91-61E8-4D06-86D6-A9DCC291983A}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x64 de) (HKLM\...\Mozilla Firefox 54.0.1 (x64 de)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.2.1 - Mozilla)
Mozilla Thunderbird 52.2.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 52.2.1 (x86 de)) (Version: 52.2.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0407-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenOffice 4.1.3 Language Pack (German) (HKLM-x32\...\{F656568B-DF59-4EA8-997F-4E293ABC0ABF}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 46.0.2597.57 (HKLM-x32\...\Opera 46.0.2597.57) (Version: 46.0.2597.57 - Opera Software)
PDF Architect 5 Create Module (HKLM\...\{0E25DE98-E56E-4259-B554-F1360BB2DC22}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 Edit Module (HKLM\...\{EE01D8D7-2DD0-4C43-BF42-D9C8FC8DAE99}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF Architect 5 View Module (HKLM\...\{4DC94B75-B036-474D-8AC8-E2D055C95FBD}) (Version: 5.0.28.34044 - pdfforge GmbH) Hidden
PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.3 - pdfforge GmbH)
PDFsam Basic (HKLM-x32\...\{AE22AC64-691E-4D7E-99CC-C517AE7F5F7D}) (Version: 3.20.2.0 - Andrea Vacondio)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.318.1 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: 5.2.10-r123135-release - Raptr, Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10253 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Sandboxie 5.14 (64-bit) (HKLM\...\Sandboxie) (Version: 5.14 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.38 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.38.101 - Skype Technologies S.A.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Viber (HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 5.0.1.42 - Viber Media Inc)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)
XMedia Recode Version 3.3.5.8 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.3.5.8 - XMedia Recode)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-223189139-1834683237-3245993289-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Codo der III\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-223189139-1834683237-3245993289-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Codo der III\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-223189139-1834683237-3245993289-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Codo der III\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [1_EPMInConflictHandler] -> {188FBECF-3754-4767-94ED-E06FF03C57DE} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1_EPMInProgressHandler] -> {EF1FAD52-44AF-4B92-8462-048F036E16A9} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [1_EPMInSyncHandler] -> {85837018-AB69-4BD9-95D3-0DDCDE2EA467} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers01: [PDFArchitect5_ManagerExt] -> {00B7B69F-6774-4906-9C7F-7D117A3644A9} => C:\Program Files\PDF Architect 5\creator-context-menu.dll [2017-07-05] (pdfforge GmbH)
ContextMenuHandlers01: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers01: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers01: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} =>  -> No File
ContextMenuHandlers01: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers02: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers04: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers04: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers04: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers05: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2016-05-23] (IObit)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers06: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-20] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers06: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft)
ContextMenuHandlers06: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} =>  -> No File
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {069830EF-82C9-4054-B935-50A0ADB92D57} - System32\Tasks\{DF690902-76F7-4CBD-977F-2E5BC7829662} => C:\Windows\system32\pcalua.exe -a "\\192.168.10.20\010 - Aktuelle Daten\software\AISuite\S1.03.15\AsusSetup.exe" -d "\\192.168.10.20\010 - Aktuelle Daten\software\AISuite\S1.03.15"
Task: {1B763361-3652-49F0-89A5-0469AF82860D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {1E82D59B-AA87-48C2-B0F0-9B74430CC567} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {1F68D8A0-68C4-4358-8935-CE8D388573B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-223189139-1834683237-3245993289-1001UA => C:\Users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
Task: {4FA26459-CA8A-4B0D-9F1E-41F6B5209A59} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {5EDC6304-6E5B-4D8D-9BAA-4DC21CDF0B71} - System32\Tasks\Opera scheduled Autoupdate 1475889635 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-18] (Opera Software)
Task: {6243F29E-1071-417E-817D-57A7FD1B55A1} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-06-28] (Cybereason)
Task: {6868D7ED-7ACB-495F-93C2-9957ACFC0AAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-223189139-1834683237-3245993289-1001Core => C:\Users\Pc\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-30] (Google Inc.)
Task: {72E5932B-D3E2-41CF-A437-A7BA9DB505B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {952159BC-6C57-418D-9027-C9E87B4BEC22} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe [2016-09-09] ()
Task: {953A1CC3-56FA-41B0-9917-D0CF2B615476} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation)
Task: {97633A75-A6DB-42EB-9F7E-C687893B254C} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-09-21] (Tracker Software Products (Canada) Ltd.)
Task: {976F33D3-AB6B-4F53-A7E1-95EC863A2F4B} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {AD6A0A15-86F2-4594-8006-F18879D9C6FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B352DB4C-C7F5-4ED7-B1B5-7B6AAAD5B4F8} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-06-28] (Cybereason)
Task: {C21A06CA-D5EB-470A-BA16-2F1C607D493E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {CB50C349-DDB2-4FE8-BDA3-741CB25566B4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {CC6299CF-5AFA-42B5-9BD6-0469C46C41F9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {D07FD053-C362-4C89-B0FC-5FF6D05E8638} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {D4F974A9-C2C9-4024-951D-67A35F9481DA} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2017-06-28] (Avira Operations GmbH & Co. KG)
Task: {F02EC719-6D81-4D53-8347-D59F79A6D83C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-08-23] (HP Inc.)
Task: {F3E0C105-71F0-41DC-AF7F-88EDE11492B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Codo der III\Desktop\System\DSM in Browser.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\Synology-in-Browser.bat ()
Shortcut: C:\Users\Codo der III\Desktop\System\DSM-Laufwerke einbinden.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\Serverlaufwerke-einbinden.bat ()
Shortcut: C:\Users\Codo der III\Desktop\System\DSM-Note Station starten.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\DSM-Note Station-in-Browser.bat ()
Shortcut: C:\Users\Codo der III\Desktop\Media\DSM Audiostation-in-Browser.bat.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\DSM Audiostation-in-Browser.bat ()
Shortcut: C:\Users\Codo der III\Desktop\Media\DSM Videostation-in-Browser.bat.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\DSM Videostation-in-Browser.bat ()
Shortcut: C:\Users\Codo der III\Desktop\Media\DSM-Photo Station starten.lnk -> C:\Program Files\001-Erweiterte-Batchdateien\DSM-Photo Station-in-Browser starten.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-10-03 00:35 - 2017-05-31 17:02 - 00020208 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2016-10-02 18:53 - 2016-09-09 19:01 - 00849408 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\winwfpmonitor.exe
2016-10-02 18:54 - 2016-09-09 19:00 - 00029696 _____ () C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\WinDivert.dll
2016-09-13 17:36 - 2016-09-13 17:36 - 01276216 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2016-10-04 21:56 - 2016-10-04 21:56 - 06086232 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-10-04 15:14 - 2017-01-17 04:25 - 00117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-07-19 19:18 - 2017-07-19 19:18 - 00076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-03-18 08:41 - 2016-03-18 08:41 - 00248840 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-09-13 17:33 - 2016-09-13 17:33 - 01510712 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
2016-08-11 14:29 - 2016-08-11 14:29 - 09729272 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-07-19 19:18 - 2017-07-19 19:18 - 00073384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-10-26 14:30 - 2016-08-31 19:56 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2016-10-26 14:30 - 2016-10-27 13:31 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2016-10-26 14:30 - 2016-10-27 13:31 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2016-10-26 14:30 - 2016-10-27 13:31 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2016-10-02 17:32 - 2016-06-14 16:35 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-06-22 11:27 - 2016-06-22 11:27 - 00217008 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\pcs_io.dll
2016-07-02 21:30 - 2016-07-02 21:30 - 00376240 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\archive3.dll
2016-03-09 10:28 - 2016-03-09 10:28 - 00042416 _____ () C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\winpthreads4.dll
2016-09-13 17:18 - 2016-09-13 17:18 - 00390576 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-06-14 17:24 - 2016-06-14 17:24 - 00444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-06-22 09:16 - 2016-06-22 09:16 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2016-10-02 17:32 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-10-02 17:32 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-10-02 17:32 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-02 17:32 - 2016-05-23 21:49 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-10-02 17:32 - 2016-06-14 16:35 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-223189139-1834683237-3245993289-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-223189139-1834683237-3245993289-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "E-POST CLOUD.lnk"
HKLM\...\StartupApproved\StartupFolder: => "E-POST MAILER.lnk"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Viber"
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-223189139-1834683237-3245993289-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "updater"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\StartupApproved\Run: => "GIMP Updater"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GIMP Updater"
HKU\S-1-5-21-223189139-1834683237-3245993289-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SandboxieControl"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{916920ED-4BAD-4319-BA34-75A642497048}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{641363CD-48A1-4086-A194-4D1BFC434051}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F13C49C9-B927-4652-A067-F2A71B92C300}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51A161A2-8ADE-4BA1-95A1-626843273E32}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{559D20C9-B379-4123-B378-7B8434500F76}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E7D2FEC7-E169-4BCB-9AB2-1934F2265D59}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{80B837C3-05D8-4461-A067-8B624E8C054E}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{F36CF667-2855-4043-B3B7-89567B1267A7}] => (Block) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{C558AD57-96EE-4381-8139-18D626A641F0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{97E6CC6B-42EE-4DF2-A2C3-C56D0B8431A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B66C9F11-02C0-4654-AF48-0A30F9A65FCD}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [{B2059CEA-82EB-46BC-82B9-6048413F6300}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{01DC5DA7-3F73-44EE-9F78-565D1FF4A6E2}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
FirewallRules: [{D1F591F9-C05C-4ABB-B4BE-36BE422945FE}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{DDB444CF-3DA5-4DD4-972F-78C39F325507}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DBDownloader.exe
FirewallRules: [{BF573C01-DAE9-471A-86D6-BC53824FE0FF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{576EB0D0-84A9-4282-99D5-DA35D9C368FF}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.0.3\AutoUpdate.exe
FirewallRules: [{CC4290F2-CA10-4257-93AC-A70F15D2E23B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{63BB95EC-651A-40A1-8D71-FE4E8079CF76}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{6959027B-E56D-463C-B4A4-85A3382FBCEC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{B5A12CB2-B6A4-442B-9278-C09BA9E6F1B7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{14133C9E-649F-409B-97AD-A88BD5D447FE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CF6428AB-AE12-4BC2-B8CF-BDF801638748}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{66E8777E-329B-4EFA-926C-634F654862C7}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [{27AB9154-4656-4166-AD17-F1B8A9CE6103}] => (Allow) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{AC1529C9-D1E3-40E9-97F2-E920DFFA2B69}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3AD795F1-D9E7-40D6-A2C6-5FD1E01C36A8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{476C6B89-AB1B-4AB8-A25D-4B96DB24620E}C:\users\pc\appdata\local\temp\7zs2241\enterprisedu.exe] => (Allow) C:\users\pc\appdata\local\temp\7zs2241\enterprisedu.exe
FirewallRules: [UDP Query User{5C368C4A-DEF8-4B40-A180-CA31CF7030C0}C:\users\pc\appdata\local\temp\7zs2241\enterprisedu.exe] => (Allow) C:\users\pc\appdata\local\temp\7zs2241\enterprisedu.exe
FirewallRules: [{A65269C2-EB0E-4235-AE77-19DE4F099B2E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CFDB8E32-773B-4E09-85FC-F8CB542CBEE4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{DBA0D921-40D1-480A-B52D-9CE6B8807C63}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{C55C871A-9A74-4B2F-945E-15DA98A7C5F0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{DC40FB4D-816D-4D64-B6D8-8B4C3DDC2760}] => (Allow) LPort=1688
FirewallRules: [{6F2B2AF2-B981-4F72-A86C-3715B3BEFBEA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{E2E4D0FD-53A4-416E-89D5-46A95CE8FD1E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C8D4EBA8-C10D-4B00-B63A-D59B5AD96C32}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{58B1A33B-B8A4-40ED-9A55-4C69823EC87C}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{37409734-6E64-41B9-A329-D15B116F9819}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{EEF79074-ECAA-4FB2-AF5E-35C28E7D2347}] => (Allow) LPort=1688
FirewallRules: [{189E7579-E4D2-4D12-BBC6-21BCFC3D3034}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DD4E26E5-3A66-44DF-9402-B464F4FEB5DE}] => (Allow) LPort=2869
FirewallRules: [{EF8A7079-E24A-4335-AB31-8F752EA23F1F}] => (Allow) LPort=1900
FirewallRules: [{FC497AF5-9AFE-4FFB-AABF-B57BD9881257}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.57\opera.exe
FirewallRules: [TCP Query User{918905B2-10F9-4F62-9FE3-FE48A5987865}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{F09408DF-89D6-4CFE-A5AC-1164C79F6DCE}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DB42AC57-EF6A-401E-86AE-5AB008492991}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{16101CF1-C822-4AB0-A05E-14B3A5AB21FD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{6B6C94CD-F96F-4DBE-A1F8-7FAA1EFB0368}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{D1DF1A36-E93B-4D50-80B2-2E61EF3DF7A8}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{89D15F90-6E40-4CE4-A8F3-AA9774256B5D}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BC9E082D-123C-49D3-8995-82DD96E198A8}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{3C56AAE3-4636-4C40-9A10-BA26CE5FA4D1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{B8478DB8-6042-48DA-AE43-0AA98EC4CFDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6257AE2E-EB5E-42D6-9E43-651EEA231E06}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FE7C408D-ED2D-494F-948D-CC26654025DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D7023797-98A7-4DAE-87AA-86C65F07BA67}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2017 03:54:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (07/26/2017 05:23:30 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Users\CODODE~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Beschreibung = JRT Pre-Junkware Removal; Fehler = 0x80070422).

Error: (07/26/2017 05:18:41 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (07/26/2017 05:18:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/26/2017 05:01:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Codo der III\Downloads\Scan and Repair u aufräumen - Mail-Adware-Troja-etc\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (07/25/2017 02:41:27 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (07/25/2017 02:41:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/24/2017 08:52:41 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (07/23/2017 04:20:50 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Service_KMS.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.IO.IOException
   bei System.IO.__Error.WinIOError(Int32, System.String)
   bei System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   bei System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean, Boolean, Boolean)
   bei System.IO.StreamWriter.CreateFile(System.String, Boolean, Boolean)
   bei System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding, Int32, Boolean)
   bei System.IO.StreamWriter..ctor(System.String, Boolean, System.Text.Encoding)
   bei System.IO.File.InternalAppendAllText(System.String, System.String, System.Text.Encoding)
   bei Service_KMS.Logging.FileLogger.LogMessage(System.String)
   bei Service_KMS.Service.ScheduledTask()
   bei Service_KMS.Service.TaskLoop()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (07/27/2017 03:51:08 AM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{BF6C1E47-86EC-4194-9CE5-13C15DCB2001}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/27/2017 03:50:38 AM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{1B1F472E-3221-4826-97DB-2C2324D389AE}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:58:49 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:56:48 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:54:47 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:52:46 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:50:45 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:48:44 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:46:43 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/26/2017 05:44:42 PM) (Source: DCOM) (EventID: 10010) (User: Pc-Pc)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 23%
Total physical RAM: 12204.32 MB
Available physical RAM: 9321.86 MB
Total Virtual: 14060.32 MB
Available Virtual: 9290.66 MB

==================== Drives ================================

Drive a: () (Network) (Total:465.42 GB) (Free:400.31 GB) NTFS
Drive c: () (Fixed) (Total:465.42 GB) (Free:400.31 GB) NTFS
Drive m: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive n: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive o: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive p: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive q: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive r: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive s: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive t: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive u: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive v: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive w: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive x: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive y: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 
Drive z: () (Network) (Total:1829.25 GB) (Free:798.91 GB) 

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: DB3D10F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---
Alt 27.07.2017, 20:09   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


Bitte Avira deinstallieren. Wir deinstallieren dann am besten auch gleich weiteren unnötigen oder veralteten Krempel. Benötigte Programmalternativen werden genannt wenn wir hier komplett durch sind.

Avira empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:


    Adobe Acrobat Reader DC - Deutsch

    Adobe Flash Player 23 NPAPI

    Avira Antivirus

    Avira Connect

    Avira Phantom

    Avira Software Updater

    Avira System Speedup

    IObit Uninstaller

    VLC media player (x86)


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.07.2017, 11:20   #30
Codo der III
 
Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Standard

Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


OK.
Isch mach die ganze zeit schon nix mehr am PC. schon gar nix installieren oder deinstallieren. der steht nur da uns wartet auf deine anweisungen.

2 Fragen zwischendurch:

ist linux echt so viel besser? ich vermute hier erfolgt einfach nur ein Ja?

ist der Umstieg tatsächlich so einfach? Nach meinem Schneider 128k kam ein Windows-PC. So wurde ich vom DOS-Schreiberlin zum Windows-User und sitze seitdem darauf fest.

Antwort
Seite 2 von 3 1 2 3

Themen zu Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!
.dll, administrator, antivirus, avdevprot, avdevprot.sys, avira, browser, converter, dateien, defender, downloader, duplicati, explorer, files, firefox, ftp, helper, komische, malware, mozilla, opera, ordner, pdf, problem, realtek, registry, router, scan, security, seltsame, software, suche, windows


« Windows über Nacht völlig zerschossen / Hardware defekt oder Softwarefehler? | Windows 7, 10 - Alle Browser leiten ca. 1/4 der aufgerufenen Seiten auf Werbeseiten um »


Ähnliche Themen: Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!


  1. Dateien werden automatisch in Ordner System32 kopiert
    Plagegeister aller Art und deren Bekämpfung - 11.04.2016 (28)
  2. Dateien auf USB Stick werden automatisch zu Verknüpfungen mit seltsamer Zielangabe + unbekanter Ordner
    Log-Analyse und Auswertung - 23.09.2015 (10)
  3. Komische Ordner werden erstellt Siehe Anhang - Ist das normal?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2015 (1)
  4. Der temporäre Ordner kann nicht erstellt werden; Fehler 5 - Zugriff werweigert
    Plagegeister aller Art und deren Bekämpfung - 12.04.2014 (1)
  5. Sonderbarer Ordner im Win Temp Ordner
    Alles rund um Windows - 14.02.2014 (1)
  6. Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner
    Log-Analyse und Auswertung - 14.01.2014 (23)
  7. Der temporäre Ordner kann nicht erstellt werden; Fehler 5 - Zugriff werweigert
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (15)
  8. Ordner im USB vom Typ Anwendung(Ordner werden als Anwendungen angezeigt)
    Log-Analyse und Auswertung - 30.08.2012 (1)
  9. Komische Daten in Temp Ordner und Avira macht faxen
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  10. Ordner auf USB-Stick werden zu Verknüpfungen - zusätzliche Ordner werden erstellt - iuewiu.scr
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (5)
  11. keine taskleiste mehr, ordner können nicht geöffnet werden, papierkorb bleibt nach dem löschen leer
    Alles rund um Windows - 01.03.2011 (13)
  12. rootkit.win32.tdss, Automatisch erstellte Ordner in /temp, Virenmeldungen, etc.
    Log-Analyse und Auswertung - 22.06.2010 (1)
  13. Automatisch neue Ordner in Windows/Temp nach Trojan/Virusbefall
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (2)
  14. Trojaner-wenn Outlook offen ist werde sehr viele *.tmp Files im Temp Ordner erstellt
    Mülltonne - 21.05.2010 (15)
  15. svchost.exe erstellt sich immer wieder neu im TEMP Ordner
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  16. Komische Datei im Temp ordner
    Plagegeister aller Art und deren Bekämpfung - 25.09.2008 (1)
  17. mx_**.temp dateien in windows/temp ordner?
    Plagegeister aller Art und deren Bekämpfung - 27.06.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! - Scan Finished: No malware found! hxxp://www.trojaner-board.de/attachment.php?attachmentid=80715&stc=1&d=1500985589 - Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner!...
Archiv
Du betrachtest: Ordner (seltsame,komische - z.B. Tcaches170, Afiles189) werden automatisch erstellt - Keine Win-temp-Ordner! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131