|
Log-Analyse und Auswertung: Win7/Chrome: PUP.Optional.WinYahooWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.09.2017, 12:09 | #1 |
| Win7/Chrome: PUP.Optional.WinYahoo Hallo! Vor ein paar Tagen hatte mein Google Chrome angefangen mich manchmal auf unerwünschte Seiten weiterzuleiten. Tatsächlich habe ich mithilfe eures Forums PUP.Optional.WinYahoo entdeckt. Wahrscheinlich habe ich mir PUP.Optional.WinYahoo eingefangen, als ich den kostenlosen SoftEther VPN Client runtergeladen und installiert habe... Hier die Logs erstmal: (FRST) Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017 durchgeführt von Sofia (Administrator) auf DESKTOP-ECLIHC3 (22-09-2017 22:45:46) Gestartet von C:\Users\Sofia\Downloads Geladene Profile: Sofia (Verfügbare Profile: Sofia) Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxEM.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHeciSvc.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_7\mcapexe.exe (McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\PlacesServer.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1468424 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-09-21] (SoftEther VPN Project at University of Tsukuba, Japan.) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3213272 2017-05-10] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify] => C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-13] (Spotify Ltd) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify Web Helper] => C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-13] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-17] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-09-21] ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.) Startup: C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-09-21] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{058131cf-9d2e-406c-aca7-1b23c96202fc}: [NameServer] 131.173.245.9,131.173.245.10 Tcpip\..\Interfaces\{64f24cd4-aeab-43ac-baa2-1c03dcff0e25}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{d1fdb650-1855-4aec-92b6-c4c6c1953476}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-15] (Microsoft Corporation) BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-15] (Microsoft Corporation) BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.) DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-15] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-09-06] (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-09-06] (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-08-08] (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-08-08] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-09-06] [ist nicht signiert] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-08-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-08-08] () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-15] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) Chrome: ======= CHR Session Restore: Default -> ist aktiviert. CHR Profile: C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default [2017-09-22] CHR Extension: (Google Präsentationen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-26] CHR Extension: (Google Docs) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-26] CHR Extension: (Google Drive) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-26] CHR Extension: (YouTube) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-26] CHR Extension: (Rebecca Taylor) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj [2017-07-26] CHR Extension: (Google Tabellen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-26] CHR Extension: (Google Docs Offline) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-26] CHR Extension: (AdBlock) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Tumblr Savior) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2017-07-28] CHR Extension: (Google Mail) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-26] CHR Extension: (Chrome Media Router) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2016-09-17] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-09-08] (Microsoft Corporation) S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [116248 2016-05-25] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119336 2017-06-16] (Dell) R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] () R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.) S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-07-14] () R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-03] (HP) [Datei ist nicht signiert] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-09-06] (McAfee, Inc.) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe [993256 2017-08-07] (McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [354664 2016-03-03] (McAfee, Inc.) R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-31] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [242640 2017-06-21] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [394704 2017-06-21] (McAfee, Inc.) R3 mfevtp; C:\Windows\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-04] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1043864 2017-07-31] (Intel Security, Inc.) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2017-05-10] (Pulse Secure, LLC) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-26] (Realtek Semiconductor) R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-09-21] (SoftEther VPN Project at University of Tsukuba, Japan.) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.) S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-05] (Intel Corporation) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-27] (Microsoft Corporation) S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X] S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2016-09-17] (Broadcom Corporation.) S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] () R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-08-07] (McAfee, Inc.) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2017-03-09] (Juniper Networks) S4 jnprTdi_824_597; C:\WINDOWS\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2017-03-09] (Juniper Networks, Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-22] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-22] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-22] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-22] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-22] (Malwarebytes) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.) U3 mfeavfk02; kein ImagePath S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.) R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-09-21] (SoftEther Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_1a197825c61edb6c\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-04] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realsil Semiconductor Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-09-21] (SoftEther Corporation) S3 ser2at; C:\WINDOWS\system32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 mfeavfk01; \Device\mfeavfk01.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-22 22:45 - 2017-09-22 22:46 - 000032962 _____ C:\Users\Sofia\Downloads\FRST.txt 2017-09-22 22:44 - 2017-09-22 22:45 - 000000000 ____D C:\FRST 2017-09-22 22:44 - 2017-09-22 22:44 - 002399744 _____ (Farbar) C:\Users\Sofia\Downloads\FRST64.exe 2017-09-22 22:43 - 2017-09-22 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-09-22 22:41 - 2017-09-22 22:41 - 000001489 _____ C:\Users\Sofia\Desktop\Mwb.txt 2017-09-22 22:40 - 2017-09-22 22:40 - 000000000 ___HD C:\OneDriveTemp 2017-09-22 22:27 - 2017-09-22 22:40 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-22 22:27 - 2017-09-22 22:40 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-09-22 22:27 - 2017-09-22 22:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-22 22:27 - 2017-09-22 22:40 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-22 22:27 - 2017-09-22 22:27 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-09-22 22:27 - 2017-09-22 22:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-22 22:27 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-09-22 22:25 - 2017-09-22 22:26 - 068408664 _____ (Malwarebytes ) C:\Users\Sofia\Downloads\mb3-setup-consumer-3.2.2.2029.exe 2017-09-22 22:24 - 2017-09-22 22:25 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1 (2).exe 2017-09-22 22:22 - 2017-09-22 22:22 - 000000981 _____ C:\Users\Sofia\Desktop\AdwCleaner[S0].txt 2017-09-22 22:20 - 2017-09-22 22:20 - 003817432 _____ C:\Users\Sofia\Downloads\Nicht bestätigt 811796.crdownload 2017-09-22 22:19 - 2017-09-22 22:19 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1 (1).exe 2017-09-22 22:18 - 2017-09-22 22:22 - 000000000 ____D C:\AdwCleaner 2017-09-22 22:17 - 2017-09-22 22:18 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1.exe 2017-09-21 13:17 - 2017-09-21 13:17 - 000038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys 2017-09-21 13:16 - 2017-09-22 22:40 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-09-21 13:16 - 2017-09-21 13:16 - 000143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe 2017-09-21 13:16 - 2017-09-21 13:16 - 000051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys 2017-09-21 13:16 - 2017-09-21 13:16 - 000001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk 2017-09-21 13:16 - 2017-09-21 13:16 - 000001976 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk 2017-09-21 13:16 - 2017-09-21 13:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client 2017-09-21 13:15 - 2017-09-21 13:15 - 000000000 ____D C:\Users\Sofia\Downloads\VPN 2017-09-21 13:13 - 2017-09-21 13:14 - 054285271 _____ C:\Users\Sofia\Downloads\vpngate-client-2017.09.21-build-9634.139443.zip 2017-09-20 19:37 - 2017-09-20 19:37 - 000002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\Program Files\Dell Support Center 2017-09-20 16:38 - 2017-09-20 16:38 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iPod 2017-09-20 16:37 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iTunes 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-09-19 01:17 - 2017-09-19 01:17 - 001285233 _____ C:\Users\Sofia\Desktop\FB7_ab2016.pdf 2017-09-14 20:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-09-14 20:34 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-09-14 20:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-09-14 20:34 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2017-09-14 20:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe 2017-09-14 20:34 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-09-14 20:34 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2017-09-14 20:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-09-14 20:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-09-14 20:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-09-14 20:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-09-14 20:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-09-14 20:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe 2017-09-14 20:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2017-09-14 20:34 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-09-14 20:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2017-09-14 20:30 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-09-14 20:30 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:30 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-09-14 20:30 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2017-09-14 20:30 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-09-14 20:30 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2017-09-14 20:30 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2017-09-14 20:30 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-09-14 20:30 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-09-14 20:30 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2017-09-14 20:29 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-09-14 20:29 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-09-14 20:29 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-09-14 20:29 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-09-14 20:29 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-09-14 20:29 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-09-14 20:29 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2017-09-14 20:29 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-09-14 20:29 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2017-09-14 20:29 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe 2017-09-14 20:29 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys 2017-09-14 20:29 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-09-14 20:29 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-09-14 20:29 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2017-09-14 20:29 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2017-09-14 20:29 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-09-14 20:29 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-09-14 20:29 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-09-14 20:29 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-09-14 20:29 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-09-14 20:29 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-09-14 20:29 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2017-09-14 20:29 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2017-09-14 20:28 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-09-14 20:28 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-09-14 20:28 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-09-14 20:28 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-09-14 20:28 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-09-14 20:28 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-09-14 20:28 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-09-14 20:28 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-09-14 20:28 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2017-09-14 20:28 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-09-14 20:28 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-09-14 20:28 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-09-14 20:28 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-09-14 20:28 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-09-14 20:28 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-09-14 20:28 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2017-09-14 20:28 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-09-14 20:28 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-09-14 20:28 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-09-14 20:28 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-09-14 20:28 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2017-09-14 20:28 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-09-14 20:28 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-09-14 20:28 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-09-14 20:28 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-09-14 20:28 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-09-14 20:27 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-09-14 20:27 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-09-14 20:27 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-09-14 20:27 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-09-14 20:27 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-09-14 20:27 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2017-09-14 20:27 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-09-14 20:27 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-09-14 20:27 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2017-09-14 20:26 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll 2017-09-14 17:37 - 2017-09-14 17:37 - 000255720 _____ C:\Users\Sofia\Desktop\Kreditkartenantrag.pdf 2017-09-13 23:37 - 2017-09-22 20:30 - 000004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-09-12 04:32 - 2017-09-12 04:32 - 001063187 _____ C:\Users\Sofia\Desktop\boarding pass.pdf 2017-08-30 22:49 - 2017-09-22 22:10 - 000004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-08-24 20:03 - 2017-08-24 20:03 - 000000000 ____D C:\Users\Sofia\.BrainYoo2 2017-08-24 20:03 - 2017-08-24 20:03 - 000000000 ____D C:\ProgramData\BrainYoo2 2017-08-24 20:02 - 2017-08-24 20:02 - 000001094 _____ C:\Users\Public\Desktop\BrainYoo2.lnk 2017-08-24 20:02 - 2017-08-24 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrainYoo2 2017-08-24 20:02 - 2017-08-24 20:02 - 000000000 ____D C:\Program Files (x86)\BrainYoo2 2017-08-24 07:49 - 2017-08-24 07:49 - 000000000 _____ C:\Users\Sofia\Desktop\Neues Textdokument.txt 2017-08-24 04:18 - 2017-08-24 04:18 - 000000037 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2017-08-24 02:53 - 2017-08-24 07:52 - 000161361 _____ C:\Users\Sofia\Desktop\ss-5[271].pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-22 22:40 - 2017-08-12 23:30 - 000000000 ____D C:\Users\Sofia\AppData\Local\Spotify 2017-09-22 22:40 - 2017-08-12 23:29 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Spotify 2017-09-22 22:40 - 2017-07-28 19:36 - 000000000 ____D C:\Users\Sofia\AppData\Local\CrashDumps 2017-09-22 22:40 - 2017-07-27 22:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-22 22:40 - 2017-07-27 22:48 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-22 22:40 - 2017-07-26 18:29 - 000000000 ___RD C:\Users\Sofia\OneDrive 2017-09-22 22:40 - 2017-07-26 18:25 - 000000000 __SHD C:\Users\Sofia\IntelGraphicsProfiles 2017-09-22 22:39 - 2017-03-18 13:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-09-22 22:29 - 2017-03-20 06:35 - 001228782 _____ C:\WINDOWS\system32\perfh007.dat 2017-09-22 22:29 - 2017-03-20 06:35 - 000282440 _____ C:\WINDOWS\system32\perfc007.dat 2017-09-22 22:29 - 2016-09-17 04:51 - 002661516 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-22 22:23 - 2017-07-27 22:42 - 000380520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-22 22:09 - 2017-07-27 22:50 - 000000000 ____D C:\Users\Sofia 2017-09-22 22:05 - 2017-07-27 22:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-22 12:22 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-22 12:22 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-21 14:11 - 2016-09-17 05:02 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-09-21 13:17 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-09-20 19:37 - 2016-09-17 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-09-20 16:34 - 2017-08-21 22:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-09-18 15:28 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-09-17 23:17 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache 2017-09-17 22:12 - 2017-07-26 18:25 - 000000000 ____D C:\Users\Sofia\AppData\Local\Packages 2017-09-17 15:12 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-09-16 11:49 - 2016-09-17 05:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-09-16 01:18 - 2017-03-20 06:35 - 000000000 ____D C:\WINDOWS\system32\de 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-09-15 21:21 - 2016-09-17 04:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-09-15 13:24 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-14 22:36 - 2017-07-27 22:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576295408-1888778439-4122767721-1002 2017-09-14 22:36 - 2017-07-26 18:29 - 000002389 _____ C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-14 18:26 - 2017-07-26 23:09 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-09-14 14:55 - 2017-07-28 01:01 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-09-14 14:54 - 2017-07-28 01:01 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-09-06 19:14 - 2016-09-17 05:02 - 000000000 ____D C:\ProgramData\McAfee 2017-09-06 19:13 - 2016-09-17 05:02 - 000000000 ____D C:\Program Files\Common Files\McAfee 2017-09-06 19:12 - 2017-07-27 22:54 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon 2017-09-06 19:10 - 2017-07-27 22:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-09-02 17:15 - 2017-08-10 00:30 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-09-02 17:15 - 2017-08-10 00:30 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-30 22:49 - 2017-07-27 16:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 23:09 - 2016-09-17 04:50 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-29 23:08 - 2017-07-26 20:19 - 000000000 ____D C:\Program Files (x86)\Origin 2017-08-29 02:02 - 2017-07-26 19:30 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 02:02 - 2017-07-26 19:30 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2017-07-27 22:48 - 2017-07-27 22:48 - 000000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-09-17 23:17 ==================== Ende von FRST.txt ============================ Viele Größe Soffin |
23.09.2017, 12:11 | #2 |
| Win7/Chrome: PUP.Optional.WinYahoo Addition:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-09-2017 durchgeführt von Sofia (22-09-2017 22:46:17) Gestartet von C:\Users\Sofia\Downloads Windows 10 Home Version 1703 (X64) (2017-07-27 20:58:17) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3576295408-1888778439-4122767721-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3576295408-1888778439-4122767721-503 - Limited - Disabled) Gast (S-1-5-21-3576295408-1888778439-4122767721-501 - Limited - Disabled) Sofia (S-1-5-21-3576295408-1888778439-4122767721-1002 - Administrator - Enabled) => C:\Users\Sofia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BRAINYOO (HKLM-x32\...\BRAINYOO) (Version: - BRAINYOO Mobile Learning GmbH) Dell Customer Connect (HKLM-x32\...\{2BFA1207-9A98-4D55-9182-5C433ED6A55A}) (Version: 1.4.3.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP) Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell SupportAssist Remediation (HKLM\...\{8F663BAC-2B6F-4B86-86F4-8067F4B71ACC}) (Version: 3.0.1.2905 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{8aa806c2-2787-490f-ac75-cd8f4d50585f}) (Version: 3.0.1.2905 - Dell Inc.) Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell) Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.) Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.) Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.) ElsterFormular (HKLM-x32\...\{A88822F7-33F8-485D-9C3D-68CF2F87E54C}) (Version: 18.5.0 - Thüringer Landesfinanzdirektion) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: - Hewlett-Packard) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard) HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 020.021.004 - HP) Hidden HPLJUTCore (HKLM-x32\...\{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}) (Version: 3.00.0003 - HP) Hidden HPLJUTM351-M451 (HKLM-x32\...\{E25710A1-F024-4BAF-898C-32703F047737}) (Version: 1.02.0013 - HP) Hidden hppLaserJetService (HKLM-x32\...\{5BF278AE-B851-41A7-9874-C6EC5AF2BD91}) (Version: 009.022.00813 - Hewlett-Packard) Hidden hppM351_M451LaserJetService (HKLM-x32\...\{8D692AC8-E471-4AEE-AE64-102264A33D72}) (Version: 005.020.00101 - Hewlett-Packard) Hidden hppToolboxProxyM351 (HKLM-x32\...\{6930AC06-C380-421E-91FE-9CA29D21D83E}) (Version: 035.024.006 - HP) Hidden hpStatusAlerts (HKLM-x32\...\{44EB02F5-16E5-42BD-9183-C23EF7620CF3}) (Version: 035.039.0004 - Hewlett Packard) Hidden hpStatusAlertsM351_M451 (HKLM-x32\...\{FDEA674C-478D-455F-9894-D6D4CD4BB304}) (Version: 035.026.0004 - Hewlett-Packard) Hidden InstanceFinder (HKLM-x32\...\{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}) (Version: 020.021.004 - HP) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation) Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4664 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.) KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation) LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 020.021.004 - HP) Hidden Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.) McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.161 - McAfee, Inc.) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8326.2107 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8326.2107 - Microsoft Corporation) Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.8326.2107 - Microsoft Corporation) Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.8326.2107 - Microsoft Corporation) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8326.2107 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version: - CyberConnect2 Co. Ltd.) NVIDIA 3D Vision Treiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation) NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation) NVIDIA Grafiktreiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.) Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden Pulse Secure (HKLM\...\{A6B9620E-77CB-4FF5-9C73-ED7C3B5514EA}) (Version: 5.3.755 - Pulse Secure, LLC) Hidden Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.755 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Pulse_Setup_Client) (Version: 8.3.1.755 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.) ScanIT-Client 3.4 (HKLM-x32\...\ScanIT-Client_is1) (Version: - GfK SE) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project) Spotify (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation) ToolboxProxy (HKLM-x32\...\{B64E0B43-A452-4B25-93DD-E5C6645A534A}) (Version: 035.024.006 - HP) Hidden UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation) Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) ZENcast Organizer (HKLM-x32\...\ZENcast Organizer) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxDTCM.dll [2017-05-31] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0A2CC09A-6175-4827-B995-3B63B618B05A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-05-31] (McAfee, Inc.) Task: {10D559A6-EB66-4815-A45F-075327E2CD5C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {13429EF0-700D-4B1E-8C66-A8DD016C306A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {18BC2433-C8E7-4F1B-9CF3-3329CF9C5DAB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {1E9C7D55-73FB-4419-B8AB-DAB9BB6BA4E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {22A776B6-434F-47C6-A029-9403D6662E6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {36CF7EDC-997D-45F1-B946-6AFED1359084} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.) Task: {38A1ADDA-DE74-4A6A-AC5A-6AFF876E6C81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation) Task: {39DD1103-EE02-408E-91CF-D17CC01B4835} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-07-29] (McAfee, Inc.) Task: {40D2D636-DC9B-4531-94EA-573044C46294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {44F2BD55-103D-4F18-A322-7B052063EB7A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation) Task: {515A1E3A-E36A-4857-89C3-E0E26FAB9D42} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {52C09DBB-E150-447B-8358-FC03E7770758} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-07-29] (McAfee, Inc.) Task: {6455D614-ECD5-461A-9C1F-44F81CA9A3F3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {69AEE261-43FE-4CDF-9B13-BB8F86690614} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {6C63F021-4820-4B6C-9E28-52B0B314BCA5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-09-16] (Hewlett Packard) Task: {7E5755FA-128C-4EB9-B786-0FD46A71ED51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {7E7970B8-8188-4851-B37A-7E167D35FD51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation) Task: {820986DB-6716-4907-BCCC-B57AE53703EC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation) Task: {8F75441F-B7FB-4EE9-BF6E-F39F6660A19C} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {8FE97289-B257-47AC-B60D-710EF14F5115} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {9540A7C4-449A-44E5-92D3-8E144F3B8BAB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-15] () Task: {98858350-F993-4823-9D14-849AE2CE7C03} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {99A53CCE-553C-43EA-93DA-0AC839EF4835} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.) Task: {99B72D61-3789-4376-B3C2-417E82BD5FE0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {B1245576-C341-4300-9753-0CA0CDCF3CE8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {B2398327-7BAE-4831-8A7D-DC2B600A2406} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-26] (Realtek Semiconductor) Task: {BF375858-61B8-4928-909E-1E200B6664FC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation) Task: {C04FD03F-9121-4FC7-9B1A-45A6450F09B9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {CEA147A3-40B0-4F04-A9F5-58B8C17773AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {E3E81C04-DA43-4D13-8865-A29C2BBB742B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {EEBF5730-5562-4D74-BCDE-F2CE4D0E1171} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {F102A795-A49C-4417-B4B8-F28E9A1D9E36} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM) Task: {F16AC609-BFC2-4B17-B1C9-8ADDE14EE960} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-15] (Microsoft Corporation) Task: {F2C2BE3D-5325-4FCE-9CE9-8895C97ABEDF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {F5F5CD6B-B110-4228-B44E-B5A88FA2D286} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {FBE12F8B-BDCA-4B13-8299-C2754C72DE48} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-15] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2017-08-16 17:25 - 2017-08-08 13:30 - 001436912 _____ () C:\Program Files\McAfee\MSC\WscInteractionHandler.dll 2015-05-19 18:11 - 2015-05-19 18:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2017-01-10 14:59 - 2017-01-10 14:59 - 000125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe 2017-08-02 21:28 - 2017-05-04 06:19 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-08-21 02:47 - 2015-08-21 02:47 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-09-22 22:27 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-23 17:49 - 2017-08-23 17:49 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-23 17:49 - 2017-08-23 17:49 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-07-29 14:24 - 2017-08-11 14:08 - 000595608 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll 2017-07-29 14:24 - 2017-08-11 14:08 - 000586728 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2017-05-10 09:47 - 2017-05-10 09:47 - 003213272 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe 2017-05-10 10:26 - 2017-05-10 10:26 - 000391128 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsIpc.dll 2017-05-10 10:00 - 2017-05-10 10:00 - 000374744 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Connection Manager\ConnectionManagerService.dll 2017-05-10 08:59 - 2017-05-10 08:59 - 000055256 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsOpenSSL.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000243672 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreService.dll 2017-05-10 10:13 - 2017-05-10 10:13 - 000235480 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Integration\IntegrationAccessMethod.dll 2017-05-10 09:48 - 2017-05-10 09:48 - 000251864 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelService.dll 2017-05-10 10:01 - 2017-05-10 10:01 - 000489432 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\eapService\eapService.dll 2017-05-10 10:03 - 2017-05-10 10:03 - 000219096 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\8021xAccessMethod\8021xAccessMethod.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000020440 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelServicePS.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000063448 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPlugin.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000026584 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPromptPluginPS.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000017880 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreServicePS.dll 2017-08-02 21:28 - 2017-05-04 06:19 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-08-18 15:31 - 2017-09-15 21:11 - 000164544 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll 2017-08-02 21:28 - 2017-05-04 06:18 - 065708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 071818864 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libcef.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 002969200 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libglesv2.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 000086640 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libegl.dll 2012-02-02 16:40 - 2012-02-02 16:40 - 000111488 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll 2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2015-09-05 05:34 - 2015-09-05 05:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2015-10-30 09:24 - 2017-07-27 16:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{C7E582B5-1462-4740-9821-5EB2343A6767}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{1C25E631-5877-4F30-88C1-97B74FEEE8BD}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{752D97FB-B102-4D71-8FEF-79A38E93D78E}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A1B0EEC7-91FF-4742-A59B-D73731ACDE2A}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B0CAF037-02B4-4435-B90F-B390B0A5249A}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{C0B60D74-E5DA-4326-8161-F2FFA655303F}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{07D53E42-F17E-456E-9EB3-43EA31EBB58B}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{13CEEAD6-353B-4000-9AD5-B0371CC87321}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{0B784D57-AF31-4F1C-8813-B196C1CA161F}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{4B033F5D-46EE-4D1B-A817-17F2D534D546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{44EE3460-BDC4-491C-97B7-29E7088C1D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{011D1D54-53DF-455F-93CB-60BF9490BF02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{A866907F-FFAE-4C85-A5A4-4601E9AB10AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{D7E8260D-E776-40F0-B5F9-B97E062E0EC9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{72307D62-3197-4135-9D49-74EA1BD7B891}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{CEA13452-D6E9-4A4C-B9D8-49C5C60360BE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{0CC87780-C217-427A-8943-97C856C581B0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{7E359DAC-8B6A-45CA-B73F-6E5864118F68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{47763D4D-07C1-4D12-8B59-0F42EB63D7DD}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{E10ACCD6-717E-4595-81E3-817C48ED04CB}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{269F307B-5384-4D51-8A54-F3EBB3B0B0D7}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{2A5948B2-1A45-40B6-AA9B-B36A2196CFC4}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{E67184BF-0C51-424B-BAB8-5F79C1FAABFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{89284AAC-CA9A-4B9F-8C7E-FF315FCDDB24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CC2CD25C-F141-4AEF-B2EF-AE1227BE0C88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D1C52399-2F38-4ED5-9BDF-29E95264257C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CF8E387C-132C-43FB-8AB4-43F571DDA36A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BBC15D4D-28E4-453B-A95F-98A741DFD687}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0D55D5BB-92BA-472E-8F03-E0E6FA01AED6}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{50F30EB7-2480-4DF2-A25C-2E943808ED4D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{24FBB8FA-7B2F-4D55-AF08-3BFD9918CE52}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{1DD59E99-DC6E-4C3B-B0EE-AEB42BF04182}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{D909AA5D-54B3-428B-8670-AA4908C664CA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{A26B33B1-C8B6-4CE9-A77E-D600B4C714B4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{3A32CEC5-A3D1-4E8B-91B3-313A38411EA5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [TCP Query User{DEBCA610-7119-46D3-AB49-36E5D3ED4970}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{0388CC73-EED4-485C-B8C1-F0F36CC9D485}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{A10E20C9-751E-4AAB-84FD-2A60D3DFF9DD}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{9E25A895-5195-4693-B78C-0EC5C37B9F85}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe ==================== Wiederherstellungspunkte ========================= 10-09-2017 09:36:07 Geplanter Prüfpunkt 14-09-2017 14:51:50 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/22/2017 10:40:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x293c Startzeit der fehlerhaften Anwendung: 0x01d333e309dfff21 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: dff7c0c1-4485-4798-b98f-b1e5cc8e4e23 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 10:23:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3364 Startzeit der fehlerhaften Anwendung: 0x01d333e0aed3ea97 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 8faa12e0-14af-409e-a1c5-d02244350313 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 10:10:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x23d4 Startzeit der fehlerhaften Anwendung: 0x01d333ded6b3e4b2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: fea8879e-66f5-4ee6-ac4d-0123247997b3 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 06:26:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mcshield.exe, Version: 1.5.0.4974, Zeitstempel: 0x594d08a4 Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.608, Zeitstempel: 0x8274fd8b Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001445d ID des fehlerhaften Prozesses: 0x3524 Startzeit der fehlerhaften Anwendung: 0x01d333bf99855f89 Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 08cafddb-0ada-4261-98bb-5cdf1f4db629 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 06:26:54 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT-AUTORITÄT) Description: McShield crashed. Error Code:c0000005 Error: (09/22/2017 06:26:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3164 Startzeit der fehlerhaften Anwendung: 0x01d333bf980e50ed Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 0951d0a5-c905-4cd8-b761-bf1f7e1311d1 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 06:07:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x4ee4 Startzeit der fehlerhaften Anwendung: 0x01d333bce73b728c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: ca48c046-0715-470d-a24a-c02dcfbf2751 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 02:04:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x25a8 Startzeit der fehlerhaften Anwendung: 0x01d3339affec5bb7 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 1468df58-b092-4c6f-9612-b404108904b4 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/22/2017 12:16:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3f74 Startzeit der fehlerhaften Anwendung: 0x01d3338bd0c06bb4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 8dece0b4-5bf3-4f73-8b36-6ba481700150 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/21/2017 04:50:31 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3880 Startzeit der fehlerhaften Anwendung: 0x01d332e8f783f9f1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 0683e76f-8363-4a81-9f33-b7b990cfbf4b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (09/22/2017 10:40:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/22/2017 10:40:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/22/2017 10:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: Die Anforderung wird nicht unterstützt. Error: (09/22/2017 10:39:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ECLIHC3) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2017 10:39:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ECLIHC3) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2017 10:39:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ECLIHC3) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2017 10:39:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-ECLIHC3) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (09/22/2017 10:23:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ECLIHC3) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "DESKTOP-ECLIHC3\Sofia" (SID: S-1-5-21-3576295408-1888778439-4122767721-1002) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/22/2017 10:23:33 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ECLIHC3) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "DESKTOP-ECLIHC3\Sofia" (SID: S-1-5-21-3576295408-1888778439-4122767721-1002) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/22/2017 10:23:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Prozentuale Nutzung des RAM: 69% Installierter physikalischer RAM: 8053.51 MB Verfügbarer physikalischer RAM: 2429.41 MB Summe virtueller Speicher: 9589.51 MB Verfügbarer virtueller Speicher: 2978.17 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:222.87 GB) (Free:81.28 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 13F52347) Partition: GPT. ==================== Ende von Addition.txt ============================ Code:
ATTFilter # AdwCleaner 7.0.2.1 - Logfile created on Fri Sep 22 22:18:15 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 09-20-2017.1 # Running on Windows 10 Home (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1255 B] - [2017/9/22 20:22:32] C:/AdwCleaner/AdwCleaner[S0].txt - [981 B] - [2017/9/22 20:21:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ########## Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 23.09.17 Scan-Zeit: 00:34 Protokolldatei: 41199c08-9fe6-11e7-836b-40490ffec888.json Administrator: Ja -Softwaredaten- Version: 3.2.2.2029 Komponentenversion: 1.0.188 Version des Aktualisierungspakets: 1.0.2865 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 15063.608) CPU: x64 Dateisystem: NTFS Benutzer: DESKTOP-ECLIHC3\Sofia -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Ergebnis: Abgeschlossen Gescannte Objekte: 368416 Erkannte Bedrohungen: 1 In die Quarantäne verschobene Bedrohungen: 1 Abgelaufene Zeit: 0 Min., 50 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 1 PUP.Optional.WinYahoo, HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, [71], [293459],1.0.2865 Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) (end) |
23.09.2017, 19:51 | #3 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahooZitat:
__________________ |
23.09.2017, 20:44 | #4 |
| Win7/Chrome: PUP.Optional.WinYahoo Ok, hab es erledigt |
23.09.2017, 20:48 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahoo Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.09.2017, 20:54 | #6 |
| Win7/Chrome: PUP.Optional.WinYahoo Hier sind die Logs! FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-09-2017 02 durchgeführt von Sofia (Administrator) auf DESKTOP-ECLIHC3 (23-09-2017 21:50:08) Gestartet von C:\Users\Sofia\Downloads Geladene Profile: Sofia (Verfügbare Profile: Sofia) Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxEM.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40885.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40885.0_x64__8wekyb3d8bbwe\HxOutlook.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1468424 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3213272 2017-05-10] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify] => C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-13] (Spotify Ltd) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify Web Helper] => C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-13] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-09-23] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Keine Datei) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-17] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-09-21] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{058131cf-9d2e-406c-aca7-1b23c96202fc}: [NameServer] 131.173.245.9,131.173.245.10 Tcpip\..\Interfaces\{64f24cd4-aeab-43ac-baa2-1c03dcff0e25}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{7295c174-9588-469d-953d-5a0adf316aa9}: [DhcpNameServer] 10.211.254.254 8.8.8.8 Tcpip\..\Interfaces\{d1fdb650-1855-4aec-92b6-c4c6c1953476}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-23] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-23] (Microsoft Corporation) DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) Chrome: ======= CHR Session Restore: Default -> ist aktiviert. CHR Profile: C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default [2017-09-23] CHR Extension: (Google Präsentationen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-26] CHR Extension: (Google Docs) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-26] CHR Extension: (Google Drive) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-26] CHR Extension: (YouTube) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-26] CHR Extension: (Rebecca Taylor) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj [2017-07-26] CHR Extension: (Google Tabellen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-26] CHR Extension: (Google Docs Offline) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-26] CHR Extension: (AdBlock) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Tumblr Savior) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2017-07-28] CHR Extension: (Google Mail) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-26] CHR Extension: (Chrome Media Router) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 0256751506195503mcinstcleanup; C:\Users\Sofia\AppData\Local\Temp\025675~1.EXE [1277584 2017-08-09] (McAfee, Inc.) <==== ACHTUNG R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2016-09-17] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [116248 2016-05-25] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119336 2017-06-16] (Dell) R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] () R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.) S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-07-14] () R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-03] (HP) [Datei ist nicht signiert] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-04] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2017-05-10] (Pulse Secure, LLC) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-26] (Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.) S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-05] (Intel Corporation) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-27] (Microsoft Corporation) S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe" [X] S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe" [X] S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe" [X] S3 mfevtp; "C:\Windows\system32\mfevtps.exe" [X] S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X] S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2016-09-17] (Broadcom Corporation.) S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] () R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2017-03-09] (Juniper Networks) S4 jnprTdi_824_597; C:\WINDOWS\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2017-03-09] (Juniper Networks, Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-22] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-23] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-23] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-23] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-23] (Malwarebytes) U3 mfeavfk02; kein ImagePath R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-09-21] (SoftEther Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_1a197825c61edb6c\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-04] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realsil Semiconductor Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-09-23] (SoftEther Corporation) S3 ser2at; C:\WINDOWS\system32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S0 cfwids; system32\drivers\cfwids.sys [X] R0 mfeaack; system32\drivers\mfeaack.sys [X] R0 mfeavfk; system32\drivers\mfeavfk.sys [X] S3 mfeavfk01; \Device\mfeavfk01.sys [X] S0 mfeelamk; system32\drivers\mfeelamk.sys [X] S0 mfefirek; system32\drivers\mfefirek.sys [X] R0 mfehidk; system32\drivers\mfehidk.sys [X] R0 mfeplk; system32\drivers\mfeplk.sys [X] R0 mfewfpk; system32\drivers\mfewfpk.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-23 23:33 - 2017-09-23 16:35 - 000058230 _____ C:\Users\Sofia\Downloads\License.txt 2017-09-23 21:49 - 2017-09-23 21:49 - 000000000 ____D C:\Users\Sofia\Downloads\FRST-OlderVersion 2017-09-23 21:44 - 2017-09-23 21:44 - 000000000 ___HD C:\OneDriveTemp 2017-09-23 13:08 - 2017-09-23 13:08 - 000051873 _____ C:\Users\Sofia\Desktop\Neues Textdokument (3).txt 2017-09-23 13:05 - 2017-09-23 13:08 - 000002606 _____ C:\Users\Sofia\Desktop\Neues Textdokument (2).txt 2017-09-23 00:40 - 2017-09-23 00:40 - 000001489 _____ C:\Users\Sofia\Desktop\mbam.txt 2017-09-23 00:18 - 2017-09-23 00:18 - 000001080 _____ C:\Users\Sofia\Desktop\AdwCleaner[S0].txt 2017-09-22 22:50 - 2017-09-22 22:50 - 002870984 _____ (ESET) C:\Users\Sofia\Downloads\esetsmartinstaller_deu.exe 2017-09-22 22:46 - 2017-09-22 22:46 - 000080797 _____ C:\Users\Sofia\Desktop\FRST.txt 2017-09-22 22:46 - 2017-09-22 22:46 - 000051923 _____ C:\Users\Sofia\Desktop\Addition.txt 2017-09-22 22:46 - 2017-09-22 22:46 - 000051920 _____ C:\Users\Sofia\Downloads\Addition.txt 2017-09-22 22:45 - 2017-09-23 21:50 - 000027740 _____ C:\Users\Sofia\Downloads\FRST.txt 2017-09-22 22:44 - 2017-09-23 21:50 - 000000000 ____D C:\FRST 2017-09-22 22:44 - 2017-09-23 21:49 - 002399744 _____ (Farbar) C:\Users\Sofia\Downloads\FRST64.exe 2017-09-22 22:27 - 2017-09-23 21:33 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-22 22:27 - 2017-09-23 20:08 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-22 22:27 - 2017-09-23 20:08 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-09-22 22:27 - 2017-09-23 20:08 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-22 22:27 - 2017-09-22 22:27 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-09-22 22:27 - 2017-09-22 22:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-22 22:27 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-09-22 22:25 - 2017-09-22 22:26 - 068408664 _____ (Malwarebytes ) C:\Users\Sofia\Downloads\mb3-setup-consumer-3.2.2.2029.exe 2017-09-22 22:24 - 2017-09-22 22:25 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1 (2).exe 2017-09-22 22:19 - 2017-09-22 22:19 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1 (1).exe 2017-09-22 22:18 - 2017-09-23 00:18 - 000000000 ____D C:\AdwCleaner 2017-09-22 22:17 - 2017-09-22 22:18 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1.exe 2017-09-21 13:17 - 2017-09-21 13:17 - 000038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys 2017-09-21 13:16 - 2017-09-23 21:41 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-09-21 13:16 - 2017-09-23 16:35 - 000051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys 2017-09-21 13:16 - 2017-09-21 13:16 - 000143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe 2017-09-21 13:16 - 2017-09-21 13:16 - 000051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys.old1 2017-09-20 19:37 - 2017-09-20 19:37 - 000002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\Program Files\Dell Support Center 2017-09-20 16:38 - 2017-09-20 16:38 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iPod 2017-09-20 16:37 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iTunes 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-09-19 01:17 - 2017-09-19 01:17 - 001285233 _____ C:\Users\Sofia\Desktop\FB7_ab2016.pdf 2017-09-14 20:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-09-14 20:34 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-09-14 20:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-09-14 20:34 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2017-09-14 20:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe 2017-09-14 20:34 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-09-14 20:34 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2017-09-14 20:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-09-14 20:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-09-14 20:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-09-14 20:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-09-14 20:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-09-14 20:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe 2017-09-14 20:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2017-09-14 20:34 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-09-14 20:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2017-09-14 20:30 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-09-14 20:30 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:30 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-09-14 20:30 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2017-09-14 20:30 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-09-14 20:30 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2017-09-14 20:30 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2017-09-14 20:30 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-09-14 20:30 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-09-14 20:30 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2017-09-14 20:29 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-09-14 20:29 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-09-14 20:29 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-09-14 20:29 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-09-14 20:29 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-09-14 20:29 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-09-14 20:29 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2017-09-14 20:29 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-09-14 20:29 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2017-09-14 20:29 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe 2017-09-14 20:29 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys 2017-09-14 20:29 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-09-14 20:29 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-09-14 20:29 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2017-09-14 20:29 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2017-09-14 20:29 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-09-14 20:29 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-09-14 20:29 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-09-14 20:29 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-09-14 20:29 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-09-14 20:29 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-09-14 20:29 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2017-09-14 20:29 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2017-09-14 20:28 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-09-14 20:28 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-09-14 20:28 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-09-14 20:28 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-09-14 20:28 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-09-14 20:28 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-09-14 20:28 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-09-14 20:28 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-09-14 20:28 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2017-09-14 20:28 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-09-14 20:28 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-09-14 20:28 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-09-14 20:28 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-09-14 20:28 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-09-14 20:28 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-09-14 20:28 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2017-09-14 20:28 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-09-14 20:28 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-09-14 20:28 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-09-14 20:28 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-09-14 20:28 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2017-09-14 20:28 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-09-14 20:28 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-09-14 20:28 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-09-14 20:28 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-09-14 20:28 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-09-14 20:27 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-09-14 20:27 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-09-14 20:27 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-09-14 20:27 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-09-14 20:27 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-09-14 20:27 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2017-09-14 20:27 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-09-14 20:27 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-09-14 20:27 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2017-09-14 20:26 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll 2017-09-14 17:37 - 2017-09-14 17:37 - 000255720 _____ C:\Users\Sofia\Desktop\Kreditkartenantrag.pdf 2017-09-12 04:32 - 2017-09-12 04:32 - 001063187 _____ C:\Users\Sofia\Desktop\boarding pass.pdf 2017-08-24 20:03 - 2017-08-24 20:03 - 000000000 ____D C:\Users\Sofia\.BrainYoo2 2017-08-24 20:03 - 2017-08-24 20:03 - 000000000 ____D C:\ProgramData\BrainYoo2 2017-08-24 20:02 - 2017-08-24 20:02 - 000001094 _____ C:\Users\Public\Desktop\BrainYoo2.lnk 2017-08-24 20:02 - 2017-08-24 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrainYoo2 2017-08-24 20:02 - 2017-08-24 20:02 - 000000000 ____D C:\Program Files (x86)\BrainYoo2 2017-08-24 07:49 - 2017-08-24 07:49 - 000000000 _____ C:\Users\Sofia\Desktop\Neues Textdokument.txt 2017-08-24 04:18 - 2017-08-24 04:18 - 000000037 _____ C:\WINDOWS\SysWOW64\SmartFlow.txt 2017-08-24 02:53 - 2017-08-24 07:52 - 000161361 _____ C:\Users\Sofia\Desktop\ss-5[271].pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-23 21:48 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-23 21:44 - 2017-08-12 23:30 - 000000000 ____D C:\Users\Sofia\AppData\Local\Spotify 2017-09-23 21:44 - 2017-08-12 23:29 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Spotify 2017-09-23 21:44 - 2017-07-28 19:36 - 000000000 ____D C:\Users\Sofia\AppData\Local\CrashDumps 2017-09-23 21:44 - 2017-07-27 22:48 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-23 21:44 - 2017-07-26 18:29 - 000000000 ___RD C:\Users\Sofia\OneDrive 2017-09-23 21:43 - 2017-07-26 18:25 - 000000000 __SHD C:\Users\Sofia\IntelGraphicsProfiles 2017-09-23 21:40 - 2017-07-27 22:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-09-23 21:40 - 2017-03-18 23:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2017-09-23 21:40 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-09-23 21:38 - 2016-09-17 05:03 - 000000000 ____D C:\ProgramData\Intel Security 2017-09-23 21:38 - 2016-09-17 05:02 - 000000000 ____D C:\ProgramData\McAfee 2017-09-23 21:38 - 2016-09-17 05:02 - 000000000 ____D C:\Program Files\Common Files\McAfee 2017-09-23 21:31 - 2017-07-27 22:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-23 20:14 - 2017-03-20 06:35 - 001302438 _____ C:\WINDOWS\system32\perfh007.dat 2017-09-23 20:14 - 2017-03-20 06:35 - 000303208 _____ C:\WINDOWS\system32\perfc007.dat 2017-09-23 20:14 - 2016-09-17 04:51 - 002802036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-23 20:08 - 2017-07-27 22:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-23 20:08 - 2017-07-27 22:50 - 000000000 ____D C:\Users\Sofia 2017-09-23 20:08 - 2017-07-27 22:42 - 000380520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-23 16:37 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-09-23 13:13 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-23 13:12 - 2016-09-17 04:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-09-23 00:39 - 2017-03-18 13:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-09-22 12:22 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-21 14:11 - 2016-09-17 05:02 - 000000000 ____D C:\Program Files (x86)\McAfee 2017-09-20 19:37 - 2016-09-17 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-09-20 16:34 - 2017-08-21 22:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-09-18 15:28 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-09-17 23:17 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache 2017-09-17 22:12 - 2017-07-26 18:25 - 000000000 ____D C:\Users\Sofia\AppData\Local\Packages 2017-09-17 15:12 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-09-16 11:49 - 2016-09-17 05:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-09-16 01:18 - 2017-03-20 06:35 - 000000000 ____D C:\WINDOWS\system32\de 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-09-14 22:36 - 2017-07-27 22:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576295408-1888778439-4122767721-1002 2017-09-14 22:36 - 2017-07-26 18:29 - 000002389 _____ C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-14 18:26 - 2017-07-26 23:09 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-09-14 14:55 - 2017-07-28 01:01 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-09-14 14:54 - 2017-07-28 01:01 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-09-02 17:15 - 2017-08-10 00:30 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-09-02 17:15 - 2017-08-10 00:30 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-30 22:49 - 2017-07-27 16:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 23:09 - 2016-09-17 04:50 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-29 23:08 - 2017-07-26 20:19 - 000000000 ____D C:\Program Files (x86)\Origin 2017-08-29 02:02 - 2017-07-26 19:30 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 02:02 - 2017-07-26 19:30 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2017-07-27 22:48 - 2017-07-27 22:48 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== 2017-09-23 21:38 - 2017-08-09 14:12 - 001277584 _____ (McAfee, Inc.) C:\Users\Sofia\AppData\Local\Temp\0256751506195503mcinst.exe 2017-05-31 03:21 - 2017-05-31 03:21 - 000243240 _____ (McAfee, Inc.) C:\Users\Sofia\AppData\Local\Temp\McCSPInstall.dll 2017-09-23 21:40 - 2017-05-31 03:21 - 000208816 _____ (McAfee Inc.) C:\Users\Sofia\AppData\Local\Temp\mccspuninstall.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-09-17 23:17 ==================== Ende von FRST.txt ============================ |
23.09.2017, 20:55 | #7 |
| Win7/Chrome: PUP.Optional.WinYahoo Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-09-2017 02 durchgeführt von Sofia (23-09-2017 21:50:37) Gestartet von C:\Users\Sofia\Downloads Windows 10 Home Version 1703 (X64) (2017-07-27 20:58:17) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3576295408-1888778439-4122767721-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3576295408-1888778439-4122767721-503 - Limited - Disabled) Gast (S-1-5-21-3576295408-1888778439-4122767721-501 - Limited - Disabled) Sofia (S-1-5-21-3576295408-1888778439-4122767721-1002 - Administrator - Enabled) => C:\Users\Sofia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BRAINYOO (HKLM-x32\...\BRAINYOO) (Version: - BRAINYOO Mobile Learning GmbH) Dell Customer Connect (HKLM-x32\...\{2BFA1207-9A98-4D55-9182-5C433ED6A55A}) (Version: 1.4.3.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP) Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell SupportAssist Remediation (HKLM\...\{8F663BAC-2B6F-4B86-86F4-8067F4B71ACC}) (Version: 3.0.1.2905 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{8aa806c2-2787-490f-ac75-cd8f4d50585f}) (Version: 3.0.1.2905 - Dell Inc.) Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell) Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.) Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.) Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.) ElsterFormular (HKLM-x32\...\{A88822F7-33F8-485D-9C3D-68CF2F87E54C}) (Version: 18.5.0 - Thüringer Landesfinanzdirektion) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: - Hewlett-Packard) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard) HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 020.021.004 - HP) Hidden HPLJUTCore (HKLM-x32\...\{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}) (Version: 3.00.0003 - HP) Hidden HPLJUTM351-M451 (HKLM-x32\...\{E25710A1-F024-4BAF-898C-32703F047737}) (Version: 1.02.0013 - HP) Hidden hppLaserJetService (HKLM-x32\...\{5BF278AE-B851-41A7-9874-C6EC5AF2BD91}) (Version: 009.022.00813 - Hewlett-Packard) Hidden hppM351_M451LaserJetService (HKLM-x32\...\{8D692AC8-E471-4AEE-AE64-102264A33D72}) (Version: 005.020.00101 - Hewlett-Packard) Hidden hppToolboxProxyM351 (HKLM-x32\...\{6930AC06-C380-421E-91FE-9CA29D21D83E}) (Version: 035.024.006 - HP) Hidden hpStatusAlerts (HKLM-x32\...\{44EB02F5-16E5-42BD-9183-C23EF7620CF3}) (Version: 035.039.0004 - Hewlett Packard) Hidden hpStatusAlertsM351_M451 (HKLM-x32\...\{FDEA674C-478D-455F-9894-D6D4CD4BB304}) (Version: 035.026.0004 - Hewlett-Packard) Hidden InstanceFinder (HKLM-x32\...\{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}) (Version: 020.021.004 - HP) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation) Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4664 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.) KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation) LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 020.021.004 - HP) Hidden Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version: - CyberConnect2 Co. Ltd.) NVIDIA 3D Vision Treiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation) NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation) NVIDIA Grafiktreiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.) Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden Pulse Secure (HKLM\...\{A6B9620E-77CB-4FF5-9C73-ED7C3B5514EA}) (Version: 5.3.755 - Pulse Secure, LLC) Hidden Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.755 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Pulse_Setup_Client) (Version: 8.3.1.755 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.) ScanIT-Client 3.4 (HKLM-x32\...\ScanIT-Client_is1) (Version: - GfK SE) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Spotify (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation) ToolboxProxy (HKLM-x32\...\{B64E0B43-A452-4B25-93DD-E5C6645A534A}) (Version: 035.024.006 - HP) Hidden UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation) Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) ZENcast Organizer (HKLM-x32\...\ZENcast Organizer) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxDTCM.dll [2017-05-31] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {10D559A6-EB66-4815-A45F-075327E2CD5C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {13429EF0-700D-4B1E-8C66-A8DD016C306A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-09-14] (PC-Doctor, Inc.) Task: {18BC2433-C8E7-4F1B-9CF3-3329CF9C5DAB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {1E9C7D55-73FB-4419-B8AB-DAB9BB6BA4E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {22A776B6-434F-47C6-A029-9403D6662E6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {36CF7EDC-997D-45F1-B946-6AFED1359084} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.) Task: {38A1ADDA-DE74-4A6A-AC5A-6AFF876E6C81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation) Task: {40D2D636-DC9B-4531-94EA-573044C46294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {44F2BD55-103D-4F18-A322-7B052063EB7A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation) Task: {452228BC-F116-4172-9711-3D2A9446ECC6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {515A1E3A-E36A-4857-89C3-E0E26FAB9D42} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {6455D614-ECD5-461A-9C1F-44F81CA9A3F3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {69AEE261-43FE-4CDF-9B13-BB8F86690614} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {6C63F021-4820-4B6C-9E28-52B0B314BCA5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-09-16] (Hewlett Packard) Task: {7E5755FA-128C-4EB9-B786-0FD46A71ED51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {7E7970B8-8188-4851-B37A-7E167D35FD51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation) Task: {820986DB-6716-4907-BCCC-B57AE53703EC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation) Task: {84520BA4-9214-4A84-9A55-B4AFFBF42212} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () Task: {8FE97289-B257-47AC-B60D-710EF14F5115} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {98858350-F993-4823-9D14-849AE2CE7C03} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {99A53CCE-553C-43EA-93DA-0AC839EF4835} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-09-14] (PC-Doctor, Inc.) Task: {B1245576-C341-4300-9753-0CA0CDCF3CE8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {B2398327-7BAE-4831-8A7D-DC2B600A2406} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-26] (Realtek Semiconductor) Task: {BF375858-61B8-4928-909E-1E200B6664FC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation) Task: {C04FD03F-9121-4FC7-9B1A-45A6450F09B9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {CEA147A3-40B0-4F04-A9F5-58B8C17773AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {E4957028-78F3-492A-80AF-05C4F14D8F29} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {F102A795-A49C-4417-B4B8-F28E9A1D9E36} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM) Task: {F16AC609-BFC2-4B17-B1C9-8ADDE14EE960} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-23] (Microsoft Corporation) Task: {F2C2BE3D-5325-4FCE-9CE9-8895C97ABEDF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {F5F5CD6B-B110-4228-B44E-B5A88FA2D286} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {F60AEFDC-E91A-4471-BAE2-860F693FDF84} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-01-10 14:59 - 2017-01-10 14:59 - 000125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe 2015-08-21 02:47 - 2015-08-21 02:47 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2017-08-02 21:28 - 2017-05-04 06:19 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-09-22 22:27 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-09-11 14:45 - 2017-09-11 14:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-09-11 14:45 - 2017-09-11 14:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-09-11 14:44 - 2017-09-11 14:44 - 000235832 _____ () C:\Program Files\iTunes\libxslt.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2017-05-10 09:47 - 2017-05-10 09:47 - 003213272 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe 2017-09-14 20:38 - 2017-09-14 20:43 - 001226440 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8500.40885.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll 2017-05-10 10:26 - 2017-05-10 10:26 - 000391128 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsIpc.dll 2017-05-10 10:00 - 2017-05-10 10:00 - 000374744 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Connection Manager\ConnectionManagerService.dll 2017-05-10 08:59 - 2017-05-10 08:59 - 000055256 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsOpenSSL.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000243672 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreService.dll 2017-05-10 10:13 - 2017-05-10 10:13 - 000235480 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Integration\IntegrationAccessMethod.dll 2017-05-10 10:01 - 2017-05-10 10:01 - 000489432 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\eapService\eapService.dll 2017-05-10 10:03 - 2017-05-10 10:03 - 000219096 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\8021xAccessMethod\8021xAccessMethod.dll 2017-05-10 09:48 - 2017-05-10 09:48 - 000251864 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelService.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000020440 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelServicePS.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000026584 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPromptPluginPS.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000017880 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreServicePS.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000063448 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPlugin.dll 2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2015-09-05 05:34 - 2015-09-05 05:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-08-02 21:28 - 2017-05-04 06:19 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 071818864 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libcef.dll 2017-08-02 21:28 - 2017-05-04 06:18 - 065708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 002969200 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libglesv2.dll 2017-08-12 23:30 - 2017-09-13 22:34 - 000086640 _____ () C:\Users\Sofia\AppData\Roaming\Spotify\libegl.dll 2012-02-02 16:40 - 2012-02-02 16:40 - 000111488 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll 2017-09-01 02:49 - 2017-09-01 02:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2017-07-13 20:51 - 2017-07-13 20:51 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2015-10-30 09:24 - 2017-07-27 16:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{C7E582B5-1462-4740-9821-5EB2343A6767}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{1C25E631-5877-4F30-88C1-97B74FEEE8BD}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{752D97FB-B102-4D71-8FEF-79A38E93D78E}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A1B0EEC7-91FF-4742-A59B-D73731ACDE2A}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B0CAF037-02B4-4435-B90F-B390B0A5249A}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{C0B60D74-E5DA-4326-8161-F2FFA655303F}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{07D53E42-F17E-456E-9EB3-43EA31EBB58B}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{13CEEAD6-353B-4000-9AD5-B0371CC87321}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{4B033F5D-46EE-4D1B-A817-17F2D534D546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{44EE3460-BDC4-491C-97B7-29E7088C1D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{011D1D54-53DF-455F-93CB-60BF9490BF02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{A866907F-FFAE-4C85-A5A4-4601E9AB10AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{D7E8260D-E776-40F0-B5F9-B97E062E0EC9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{72307D62-3197-4135-9D49-74EA1BD7B891}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{CEA13452-D6E9-4A4C-B9D8-49C5C60360BE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{0CC87780-C217-427A-8943-97C856C581B0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{7E359DAC-8B6A-45CA-B73F-6E5864118F68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{47763D4D-07C1-4D12-8B59-0F42EB63D7DD}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{E10ACCD6-717E-4595-81E3-817C48ED04CB}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{269F307B-5384-4D51-8A54-F3EBB3B0B0D7}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{2A5948B2-1A45-40B6-AA9B-B36A2196CFC4}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{E67184BF-0C51-424B-BAB8-5F79C1FAABFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{89284AAC-CA9A-4B9F-8C7E-FF315FCDDB24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CC2CD25C-F141-4AEF-B2EF-AE1227BE0C88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D1C52399-2F38-4ED5-9BDF-29E95264257C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CF8E387C-132C-43FB-8AB4-43F571DDA36A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BBC15D4D-28E4-453B-A95F-98A741DFD687}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0D55D5BB-92BA-472E-8F03-E0E6FA01AED6}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{50F30EB7-2480-4DF2-A25C-2E943808ED4D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{24FBB8FA-7B2F-4D55-AF08-3BFD9918CE52}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{1DD59E99-DC6E-4C3B-B0EE-AEB42BF04182}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{D909AA5D-54B3-428B-8670-AA4908C664CA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{A26B33B1-C8B6-4CE9-A77E-D600B4C714B4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{3A32CEC5-A3D1-4E8B-91B3-313A38411EA5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [TCP Query User{DEBCA610-7119-46D3-AB49-36E5D3ED4970}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{0388CC73-EED4-485C-B8C1-F0F36CC9D485}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{A10E20C9-751E-4AAB-84FD-2A60D3DFF9DD}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{9E25A895-5195-4693-B78C-0EC5C37B9F85}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe ==================== Wiederherstellungspunkte ========================= 10-09-2017 09:36:07 Geplanter Prüfpunkt 14-09-2017 14:51:50 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/23/2017 09:44:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3680 Startzeit der fehlerhaften Anwendung: 0x01d334a44e6412d1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 32120ddc-7bae-4302-8da6-e9b7f3b86f6e Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/23/2017 09:43:43 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 5754889 ms Error: Unable to create resource file. Error: (09/23/2017 09:43:04 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 5714111 ms Error: Unable to create resource file. Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3157969 Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3157969 Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/23/2017 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Error: (09/23/2017 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1078 Error: (09/23/2017 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/23/2017 08:08:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x29e0 Startzeit der fehlerhaften Anwendung: 0x01d33496fe816e31 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 06a2c06f-a3fc-4322-8b94-345b93d900d6 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (09/23/2017 09:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 09:43:44 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 09:31:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} und der APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 08:08:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 08:08:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 08:08:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: Die Anforderung wird nicht unterstützt. Error: (09/23/2017 08:08:00 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 23.09.2017 um 19:48:02 unerwartet heruntergefahren. Error: (09/23/2017 04:44:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet: Unzulässige Funktion. Error: (09/23/2017 04:20:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/23/2017 04:20:57 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Prozentuale Nutzung des RAM: 69% Installierter physikalischer RAM: 8053.51 MB Verfügbarer physikalischer RAM: 2484.21 MB Summe virtueller Speicher: 9525.51 MB Verfügbarer virtueller Speicher: 2651.75 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:222.87 GB) (Free:81.05 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 13F52347) Partition: GPT. ==================== Ende von Addition.txt ============================ |
23.09.2017, 20:58 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahoo Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
23.09.2017, 21:23 | #9 |
| Win7/Chrome: PUP.Optional.WinYahooCode:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.09.23.06 rootkit: v2017.09.13.01 Windows 10 x64 NTFS Internet Explorer 11.608.15063.0 Sofia :: DESKTOP-ECLIHC3 [administrator] 23.09.2017 22:12:05 mbar-log-2017-09-23 (22-12-05).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 281525 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
24.09.2017, 09:25 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahoo Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner v7.0.1.0 Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.09.2017, 11:27 | #11 |
| Win7/Chrome: PUP.Optional.WinYahoo Hier der AdwCleaner: Code:
ATTFilter # AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 24 10:19:23 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Prefetch files deleted ::Proxy settings cleared ::IE policies deleted ::Chrome policies deleted ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1255 B] - [2017/9/22 20:22:32] C:/AdwCleaner/AdwCleaner[S0].txt - [981 B] - [2017/9/22 20:21:40] C:/AdwCleaner/AdwCleaner[S1].txt - [1080 B] - [2017/9/22 22:18:15] C:/AdwCleaner/AdwCleaner[S2].txt - [1148 B] - [2017/9/24 10:17:36] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Home x64 Ran by Sofia (Administrator) on 24.09.2017 at 12:24:39,72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.09.2017 at 12:26:06,88 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
24.09.2017, 11:30 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahoo Ich brauche neue FRST-Logs . Haken setzen bei addition.txt dann auf Untersuchen klicken.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.09.2017, 11:34 | #13 |
| Win7/Chrome: PUP.Optional.WinYahoo FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017 durchgeführt von Sofia (Administrator) auf DESKTOP-ECLIHC3 (24-09-2017 12:31:20) Gestartet von C:\Users\Sofia\Downloads Geladene Profile: Sofia (Verfügbare Profile: Sofia) Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\IntelCpHeciSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1468424 2016-08-26] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3213272 2017-05-10] () HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [CTSyncU.exe] => C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify] => C:\Users\Sofia\AppData\Roaming\Spotify\Spotify.exe [20644976 2017-09-13] (Spotify Ltd) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Run: [Spotify Web Helper] => C:\Users\Sofia\AppData\Roaming\Spotify\SpotifyWebHelper.exe [777840 2017-09-13] (Spotify Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-09-17] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2017-09-21] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{058131cf-9d2e-406c-aca7-1b23c96202fc}: [NameServer] 131.173.245.9,131.173.245.10 Tcpip\..\Interfaces\{64f24cd4-aeab-43ac-baa2-1c03dcff0e25}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{7295c174-9588-469d-953d-5a0adf316aa9}: [DhcpNameServer] 10.211.254.254 8.8.8.8 Tcpip\..\Interfaces\{d1fdb650-1855-4aec-92b6-c4c6c1953476}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-09-23] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-23] (Microsoft Corporation) DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-23] (Microsoft Corporation) FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-19] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-26] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.) Chrome: ======= CHR Session Restore: Default -> ist aktiviert. CHR Profile: C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default [2017-09-24] CHR Extension: (Google Präsentationen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-26] CHR Extension: (Google Docs) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-26] CHR Extension: (Google Drive) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-26] CHR Extension: (YouTube) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-26] CHR Extension: (Rebecca Taylor) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahpkkfpjpdcfdkbpeoibdhfadicnhdj [2017-07-26] CHR Extension: (Google Tabellen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-26] CHR Extension: (Google Docs Offline) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-26] CHR Extension: (AdBlock) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-05] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24] CHR Extension: (Tumblr Savior) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2017-07-28] CHR Extension: (Google Mail) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-26] CHR Extension: (Chrome Media Router) - C:\Users\Sofia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.) R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2016-09-17] (Broadcom Corporation.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-07-20] (Dropbox, Inc.) R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.) R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.) R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [116248 2016-05-25] (Dell Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119336 2017-06-16] (Dell) R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] () R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-01] (Dell Inc.) S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\elfoService.exe [1283336 2017-07-14] () R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [Datei ist nicht signiert] R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-03] (HP) [Datei ist nicht signiert] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-04] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-19] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-04] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2098528 2017-08-23] (Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2977640 2017-08-23] (Electronic Arts) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2017-05-10] (Pulse Secure, LLC) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-26] (Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.) S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-05] (Intel Corporation) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-27] (Microsoft Corporation) S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe" [X] S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X] S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2016-09-17] (Broadcom Corporation.) S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert] R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp) R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-06-20] (Dell Inc.) R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-06-20] (Dell Computer Corporation) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] () R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2017-03-09] (Juniper Networks) S4 jnprTdi_824_597; C:\WINDOWS\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2017-03-09] (Juniper Networks, Inc.) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-22] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-24] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-24] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-24] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-24] (Malwarebytes) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-09-21] (SoftEther Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_1a197825c61edb6c\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-04] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-19] (NVIDIA Corporation) S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-03-21] (Realsil Semiconductor Corporation) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-09-23] (SoftEther Corporation) S3 ser2at; C:\WINDOWS\system32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 mfeavfk01; \Device\mfeavfk01.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-24 12:29 - 2017-09-24 12:29 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-09-24 12:26 - 2017-09-24 12:26 - 000000710 _____ C:\Users\Sofia\Desktop\JRT.txt 2017-09-24 12:24 - 2017-09-24 12:24 - 001790024 _____ (Malwarebytes) C:\Users\Sofia\Downloads\JRT.exe 2017-09-24 12:14 - 2017-09-24 12:14 - 008182736 _____ (Malwarebytes) C:\Users\Sofia\Downloads\adwcleaner_7.0.2.1.exe 2017-09-24 12:12 - 2017-09-24 12:12 - 000000000 ___HD C:\OneDriveTemp 2017-09-23 23:33 - 2017-09-23 16:35 - 000058230 _____ C:\Users\Sofia\Downloads\License.txt 2017-09-23 22:14 - 2017-09-23 22:14 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-09-23 22:02 - 2017-09-23 22:22 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-09-23 22:00 - 2017-09-23 22:22 - 000000000 ____D C:\Users\Sofia\Desktop\mbar 2017-09-23 22:00 - 2017-09-23 22:00 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Sofia\Downloads\mbar-1.09.3.1001.exe 2017-09-23 21:49 - 2017-09-24 12:31 - 000000000 ____D C:\Users\Sofia\Downloads\FRST-OlderVersion 2017-09-23 13:08 - 2017-09-24 12:22 - 000001437 _____ C:\Users\Sofia\Desktop\Neues Textdokument (3).txt 2017-09-23 00:40 - 2017-09-23 00:40 - 000001489 _____ C:\Users\Sofia\Desktop\mbam.txt 2017-09-23 00:18 - 2017-09-23 00:18 - 000001080 _____ C:\Users\Sofia\Desktop\AdwCleaner[S0].txt 2017-09-22 22:50 - 2017-09-22 22:50 - 002870984 _____ (ESET) C:\Users\Sofia\Downloads\esetsmartinstaller_deu.exe 2017-09-22 22:46 - 2017-09-23 21:50 - 000044403 _____ C:\Users\Sofia\Downloads\Addition.txt 2017-09-22 22:46 - 2017-09-22 22:46 - 000080797 _____ C:\Users\Sofia\Desktop\FRST.txt 2017-09-22 22:46 - 2017-09-22 22:46 - 000051923 _____ C:\Users\Sofia\Desktop\Addition.txt 2017-09-22 22:45 - 2017-09-24 12:31 - 000024501 _____ C:\Users\Sofia\Downloads\FRST.txt 2017-09-22 22:44 - 2017-09-24 12:31 - 002399744 _____ (Farbar) C:\Users\Sofia\Downloads\FRST64.exe 2017-09-22 22:44 - 2017-09-24 12:31 - 000000000 ____D C:\FRST 2017-09-22 22:27 - 2017-09-24 12:29 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-09-22 22:27 - 2017-09-24 12:20 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-22 22:27 - 2017-09-24 12:20 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-09-22 22:27 - 2017-09-23 22:02 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-09-22 22:27 - 2017-09-22 22:27 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-09-22 22:27 - 2017-09-22 22:27 - 000000000 ____D C:\Program Files\Malwarebytes 2017-09-22 22:27 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-09-22 22:25 - 2017-09-22 22:26 - 068408664 _____ (Malwarebytes ) C:\Users\Sofia\Downloads\mb3-setup-consumer-3.2.2.2029.exe 2017-09-22 22:18 - 2017-09-24 12:19 - 000000000 ____D C:\AdwCleaner 2017-09-21 13:17 - 2017-09-21 13:17 - 000038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys 2017-09-21 13:16 - 2017-09-23 21:41 - 000000000 ____D C:\Program Files\SoftEther VPN Client 2017-09-21 13:16 - 2017-09-23 16:35 - 000051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys 2017-09-21 13:16 - 2017-09-21 13:16 - 000143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe 2017-09-21 13:16 - 2017-09-21 13:16 - 000051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys.old1 2017-09-20 19:37 - 2017-09-20 19:37 - 000002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows 2017-09-20 19:37 - 2017-09-20 19:37 - 000000000 ____D C:\Program Files\Dell Support Center 2017-09-20 16:38 - 2017-09-20 16:38 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2017-09-20 16:38 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iPod 2017-09-20 16:37 - 2017-09-20 16:38 - 000000000 ____D C:\Program Files\iTunes 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple 2017-09-20 16:34 - 2017-09-20 16:34 - 000000000 ____D C:\Program Files (x86)\Apple Software Update 2017-09-19 01:17 - 2017-09-19 01:17 - 001285233 _____ C:\Users\Sofia\Desktop\FB7_ab2016.pdf 2017-09-14 20:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-09-14 20:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-09-14 20:34 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-09-14 20:34 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-09-14 20:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-09-14 20:34 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2017-09-14 20:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-09-14 20:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-09-14 20:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe 2017-09-14 20:34 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-09-14 20:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-09-14 20:34 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2017-09-14 20:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2017-09-14 20:34 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-09-14 20:34 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2017-09-14 20:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-09-14 20:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-09-14 20:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-09-14 20:34 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-09-14 20:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-09-14 20:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-09-14 20:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-09-14 20:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-09-14 20:34 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe 2017-09-14 20:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-09-14 20:34 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2017-09-14 20:34 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2017-09-14 20:34 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-09-14 20:34 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2017-09-14 20:34 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-09-14 20:34 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-09-14 20:34 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-09-14 20:34 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-09-14 20:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-09-14 20:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-09-14 20:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-09-14 20:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-09-14 20:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll 2017-09-14 20:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2017-09-14 20:30 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-09-14 20:30 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-09-14 20:30 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-09-14 20:30 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2017-09-14 20:30 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-09-14 20:30 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2017-09-14 20:30 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2017-09-14 20:30 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-09-14 20:30 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-09-14 20:30 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-09-14 20:29 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2017-09-14 20:29 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-09-14 20:29 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-09-14 20:29 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2017-09-14 20:29 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-09-14 20:29 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2017-09-14 20:29 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-09-14 20:29 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-09-14 20:29 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-09-14 20:29 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-09-14 20:29 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-09-14 20:29 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2017-09-14 20:29 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-09-14 20:29 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll 2017-09-14 20:29 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-09-14 20:29 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2017-09-14 20:29 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-09-14 20:29 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-09-14 20:29 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe 2017-09-14 20:29 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe 2017-09-14 20:29 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-09-14 20:29 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys 2017-09-14 20:29 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2017-09-14 20:29 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2017-09-14 20:29 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2017-09-14 20:29 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-09-14 20:29 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-09-14 20:29 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-09-14 20:29 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-09-14 20:29 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2017-09-14 20:29 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-09-14 20:29 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-09-14 20:29 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2017-09-14 20:29 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-09-14 20:29 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-09-14 20:29 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-09-14 20:29 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-09-14 20:29 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-09-14 20:29 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-09-14 20:29 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-09-14 20:29 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll 2017-09-14 20:29 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-09-14 20:29 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2017-09-14 20:29 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2017-09-14 20:28 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-09-14 20:28 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-09-14 20:28 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-09-14 20:28 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-09-14 20:28 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-09-14 20:28 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-09-14 20:28 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-09-14 20:28 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-09-14 20:28 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2017-09-14 20:28 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-09-14 20:28 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-09-14 20:28 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-09-14 20:28 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-09-14 20:28 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-09-14 20:28 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-09-14 20:28 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-09-14 20:28 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2017-09-14 20:28 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2017-09-14 20:28 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-09-14 20:28 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2017-09-14 20:28 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-09-14 20:28 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-09-14 20:28 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-09-14 20:28 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-09-14 20:28 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-09-14 20:28 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll 2017-09-14 20:28 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2017-09-14 20:28 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-09-14 20:28 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-09-14 20:28 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2017-09-14 20:28 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-09-14 20:28 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-09-14 20:28 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-09-14 20:28 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2017-09-14 20:28 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-09-14 20:28 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-09-14 20:28 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-09-14 20:28 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-09-14 20:28 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-09-14 20:28 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-09-14 20:28 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2017-09-14 20:28 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-09-14 20:28 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-09-14 20:28 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-09-14 20:27 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-09-14 20:27 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-09-14 20:27 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-09-14 20:27 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-09-14 20:27 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-09-14 20:27 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-09-14 20:27 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-09-14 20:27 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2017-09-14 20:27 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-09-14 20:27 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-09-14 20:27 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2017-09-14 20:26 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll 2017-09-14 17:37 - 2017-09-14 17:37 - 000255720 _____ C:\Users\Sofia\Desktop\Kreditkartenantrag.pdf 2017-09-12 04:32 - 2017-09-12 04:32 - 001063187 _____ C:\Users\Sofia\Desktop\boarding pass.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2017-09-24 12:26 - 2017-03-20 06:35 - 001339266 _____ C:\WINDOWS\system32\perfh007.dat 2017-09-24 12:26 - 2017-03-20 06:35 - 000313592 _____ C:\WINDOWS\system32\perfc007.dat 2017-09-24 12:26 - 2016-09-17 04:51 - 002872296 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-24 12:25 - 2017-07-27 22:48 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-24 12:24 - 2017-07-26 18:29 - 000000000 ___RD C:\Users\Sofia\OneDrive 2017-09-24 12:21 - 2017-08-12 23:29 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Spotify 2017-09-24 12:21 - 2017-07-28 19:36 - 000000000 ____D C:\Users\Sofia\AppData\Local\CrashDumps 2017-09-24 12:20 - 2017-08-12 23:30 - 000000000 ____D C:\Users\Sofia\AppData\Local\Spotify 2017-09-24 12:20 - 2017-07-27 22:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-24 12:20 - 2017-07-27 22:42 - 000380520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-24 12:20 - 2017-07-26 18:25 - 000000000 __SHD C:\Users\Sofia\IntelGraphicsProfiles 2017-09-24 12:19 - 2017-03-18 13:40 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2017-09-24 12:16 - 2017-03-18 23:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-24 12:16 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-09-23 23:58 - 2017-07-27 22:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-23 22:10 - 2016-09-17 05:02 - 000000000 ____D C:\ProgramData\McAfee 2017-09-23 21:40 - 2017-07-27 22:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee 2017-09-23 21:40 - 2017-03-18 23:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2017-09-23 21:40 - 2017-03-18 13:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-09-23 20:08 - 2017-07-27 22:50 - 000000000 ____D C:\Users\Sofia 2017-09-23 16:37 - 2017-03-18 23:01 - 000000000 ____D C:\WINDOWS\INF 2017-09-23 13:13 - 2017-03-18 23:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-09-23 13:12 - 2016-09-17 04:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-09-20 19:37 - 2016-09-17 04:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-09-20 16:34 - 2017-08-21 22:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2017-09-18 15:28 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-09-17 23:17 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\rescache 2017-09-17 22:12 - 2017-07-26 18:25 - 000000000 ____D C:\Users\Sofia\AppData\Local\Packages 2017-09-17 15:12 - 2017-03-18 22:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-09-16 11:49 - 2016-09-17 05:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-09-16 01:18 - 2017-03-20 06:35 - 000000000 ____D C:\WINDOWS\system32\de 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ___SD C:\WINDOWS\system32\F12 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\system32\setup 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-09-16 01:18 - 2017-03-18 23:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-09-14 22:36 - 2017-07-27 22:54 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3576295408-1888778439-4122767721-1002 2017-09-14 22:36 - 2017-07-26 18:29 - 000002389 _____ C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-14 18:26 - 2017-07-26 23:09 - 000000000 ____D C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-09-14 14:55 - 2017-07-28 01:01 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-09-14 14:54 - 2017-07-28 01:01 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-09-02 17:15 - 2017-08-10 00:30 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-09-02 17:15 - 2017-08-10 00:30 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-08-30 22:49 - 2017-07-27 16:29 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-08-29 23:09 - 2016-09-17 04:50 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-29 23:08 - 2017-07-26 20:19 - 000000000 ____D C:\Program Files (x86)\Origin 2017-08-29 02:02 - 2017-07-26 19:30 - 000002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 02:02 - 2017-07-26 19:30 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2017-07-27 22:48 - 2017-07-27 22:48 - 000000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2017-09-17 23:17 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-09-2017 durchgeführt von Sofia (24-09-2017 12:31:47) Gestartet von C:\Users\Sofia\Downloads Windows 10 Home Version 1703 (X64) (2017-07-27 20:58:17) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3576295408-1888778439-4122767721-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3576295408-1888778439-4122767721-503 - Limited - Disabled) Gast (S-1-5-21-3576295408-1888778439-4122767721-501 - Limited - Disabled) Sofia (S-1-5-21-3576295408-1888778439-4122767721-1002 - Administrator - Enabled) => C:\Users\Sofia ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.33.1 - Asmedia Technology) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) BRAINYOO (HKLM-x32\...\BRAINYOO) (Version: - BRAINYOO Mobile Learning GmbH) Dell Customer Connect (HKLM-x32\...\{2BFA1207-9A98-4D55-9182-5C433ED6A55A}) (Version: 1.4.3.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP) Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.668 - Dell) Dell SupportAssist Remediation (HKLM\...\{8F663BAC-2B6F-4B86-86F4-8067F4B71ACC}) (Version: 3.0.1.2905 - Dell Inc.) Hidden Dell SupportAssist Remediation (HKLM-x32\...\{8aa806c2-2787-490f-ac75-cd8f4d50585f}) (Version: 3.0.1.2905 - Dell Inc.) Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell) Dell Update - SupportAssist Update Plugin (HKLM\...\{2228BC43-73DA-4F9A-BEE6-8E9C15328513}) (Version: 3.1.1.3832 - Dell Inc.) Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.) Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.32.1.1020 - Electronic Arts Inc.) Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.) ElsterFormular (HKLM-x32\...\{A88822F7-33F8-485D-9C3D-68CF2F87E54C}) (Version: 18.5.0 - Thüringer Landesfinanzdirektion) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: - Hewlett-Packard) HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard) hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard) HPLJDXPHelper (HKLM-x32\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 020.021.004 - HP) Hidden HPLJUTCore (HKLM-x32\...\{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}) (Version: 3.00.0003 - HP) Hidden HPLJUTM351-M451 (HKLM-x32\...\{E25710A1-F024-4BAF-898C-32703F047737}) (Version: 1.02.0013 - HP) Hidden hppLaserJetService (HKLM-x32\...\{5BF278AE-B851-41A7-9874-C6EC5AF2BD91}) (Version: 009.022.00813 - Hewlett-Packard) Hidden hppM351_M451LaserJetService (HKLM-x32\...\{8D692AC8-E471-4AEE-AE64-102264A33D72}) (Version: 005.020.00101 - Hewlett-Packard) Hidden hppToolboxProxyM351 (HKLM-x32\...\{6930AC06-C380-421E-91FE-9CA29D21D83E}) (Version: 035.024.006 - HP) Hidden hpStatusAlerts (HKLM-x32\...\{44EB02F5-16E5-42BD-9183-C23EF7620CF3}) (Version: 035.039.0004 - Hewlett Packard) Hidden hpStatusAlertsM351_M451 (HKLM-x32\...\{FDEA674C-478D-455F-9894-D6D4CD4BB304}) (Version: 035.026.0004 - Hewlett-Packard) Hidden InstanceFinder (HKLM-x32\...\{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}) (Version: 020.021.004 - HP) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation) Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4664 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.) KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation) LJDXPHelperUI (HKLM-x32\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 020.021.004 - HP) Hidden Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - fr-fr (HKLM\...\O365HomePremRetail - fr-fr) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.8431.2079 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) NARUTO SHIPPUDEN: Ultimate Ninja STORM 4 (HKLM\...\Steam App 349040) (Version: - CyberConnect2 Co. Ltd.) NVIDIA 3D Vision Treiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 384.94 - NVIDIA Corporation) NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation) NVIDIA Grafiktreiber 384.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 384.94 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2079 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-040C-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0410-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 10.5.2.49155 - Electronic Arts, Inc.) Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden Pulse Secure (HKLM\...\{A6B9620E-77CB-4FF5-9C73-ED7C3B5514EA}) (Version: 5.3.755 - Pulse Secure, LLC) Hidden Pulse Secure 5.3 (HKLM-x32\...\Pulse Secure 5.3) (Version: 5.3.755 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Pulse_Setup_Client) (Version: 8.3.1.755 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Pulse_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21289 - Realtek Semiconduct Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.) ScanIT-Client 3.4 (HKLM-x32\...\ScanIT-Client_is1) (Version: - GfK SE) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version: - 2K Games, Inc.) Spotify (HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation) ToolboxProxy (HKLM-x32\...\{B64E0B43-A452-4B25-93DD-E5C6645A534A}) (Version: 035.024.006 - HP) Hidden UpdateAssistant (HKLM-x32\...\{4E67FF7F-C24E-4279-9AB2-C26D57B53742}) (Version: 1.3.0.0 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation) Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation) ZENcast Organizer (HKLM-x32\...\ZENcast Organizer) (Version: - ) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki122461.inf_amd64_ac02a4363c345cef\igfxDTCM.dll [2017-05-31] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-07-19] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {10D559A6-EB66-4815-A45F-075327E2CD5C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {18BC2433-C8E7-4F1B-9CF3-3329CF9C5DAB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {1E9C7D55-73FB-4419-B8AB-DAB9BB6BA4E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {22A776B6-434F-47C6-A029-9403D6662E6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-26] (Google Inc.) Task: {36CF7EDC-997D-45F1-B946-6AFED1359084} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.) Task: {38A1ADDA-DE74-4A6A-AC5A-6AFF876E6C81} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [2016-09-12] (Microsoft Corporation) Task: {40D2D636-DC9B-4531-94EA-573044C46294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.) Task: {44F2BD55-103D-4F18-A322-7B052063EB7A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-04] (NVIDIA Corporation) Task: {452228BC-F116-4172-9711-3D2A9446ECC6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {515A1E3A-E36A-4857-89C3-E0E26FAB9D42} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe Task: {6455D614-ECD5-461A-9C1F-44F81CA9A3F3} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {69AEE261-43FE-4CDF-9B13-BB8F86690614} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {6C63F021-4820-4B6C-9E28-52B0B314BCA5} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-09-16] (Hewlett Packard) Task: {7E5755FA-128C-4EB9-B786-0FD46A71ED51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {7E7970B8-8188-4851-B37A-7E167D35FD51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-04] (NVIDIA Corporation) Task: {820986DB-6716-4907-BCCC-B57AE53703EC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-04] (NVIDIA Corporation) Task: {84520BA4-9214-4A84-9A55-B4AFFBF42212} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () Task: {8FE97289-B257-47AC-B60D-710EF14F5115} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe Task: {98858350-F993-4823-9D14-849AE2CE7C03} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-07-20] (Dropbox, Inc.) Task: {B1245576-C341-4300-9753-0CA0CDCF3CE8} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-04] (NVIDIA Corporation) Task: {B2398327-7BAE-4831-8A7D-DC2B600A2406} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-08-26] (Realtek Semiconductor) Task: {BF375858-61B8-4928-909E-1E200B6664FC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-04] (NVIDIA Corporation) Task: {C04FD03F-9121-4FC7-9B1A-45A6450F09B9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-04] (NVIDIA Corporation) Task: {CEA147A3-40B0-4F04-A9F5-58B8C17773AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {E4957028-78F3-492A-80AF-05C4F14D8F29} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-09-08] (Microsoft Corporation) Task: {F102A795-A49C-4417-B4B8-F28E9A1D9E36} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-11-30] (DropboxOEM) Task: {F16AC609-BFC2-4B17-B1C9-8ADDE14EE960} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-09-23] (Microsoft Corporation) Task: {F2C2BE3D-5325-4FCE-9CE9-8895C97ABEDF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {F5F5CD6B-B110-4228-B44E-B5A88FA2D286} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {F60AEFDC-E91A-4471-BAE2-860F693FDF84} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-23] () (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2017-07-13 20:50 - 2017-07-13 20:50 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-09-01 02:49 - 2017-09-01 02:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-19 18:11 - 2015-05-19 18:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2015-08-21 02:47 - 2015-08-21 02:47 - 000049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll 2017-01-10 14:59 - 2017-01-10 14:59 - 000125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe 2017-09-22 22:27 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-08-23 17:49 - 2017-08-23 17:49 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-08-23 17:49 - 2017-08-23 17:49 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-08-02 21:28 - 2017-05-04 06:19 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll 2017-08-29 02:02 - 2017-08-23 10:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll 2017-05-10 10:26 - 2017-05-10 10:26 - 000391128 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsIpc.dll 2017-05-10 10:00 - 2017-05-10 10:00 - 000374744 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Connection Manager\ConnectionManagerService.dll 2017-05-10 08:59 - 2017-05-10 08:59 - 000055256 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\dsOpenSSL.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000243672 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreService.dll 2017-05-10 10:13 - 2017-05-10 10:13 - 000235480 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\Integration\IntegrationAccessMethod.dll 2017-05-10 10:01 - 2017-05-10 10:01 - 000489432 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\eapService\eapService.dll 2017-05-10 10:03 - 2017-05-10 10:03 - 000219096 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\8021xAccessMethod\8021xAccessMethod.dll 2017-05-10 09:48 - 2017-05-10 09:48 - 000251864 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelService.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000020440 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiModelServicePS.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000063448 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPlugin.dll 2017-05-10 09:49 - 2017-05-10 09:49 - 000026584 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\uiPromptPluginPS.dll 2017-05-10 09:58 - 2017-05-10 09:58 - 000017880 _____ () C:\Program Files (x86)\Common Files\Pulse Secure\ConnectionStore\ConnectionStoreServicePS.dll 2017-05-01 15:27 - 2017-05-01 15:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll 2015-09-05 05:34 - 2015-09-05 05:34 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2017-08-02 21:28 - 2017-05-04 06:19 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2015-10-30 09:24 - 2017-07-27 16:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3576295408-1888778439-4122767721-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sofia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{C7E582B5-1462-4740-9821-5EB2343A6767}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{1C25E631-5877-4F30-88C1-97B74FEEE8BD}] => (Allow) C:\Spiele\Steam\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 4\NSUNS4.exe FirewallRules: [{752D97FB-B102-4D71-8FEF-79A38E93D78E}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A1B0EEC7-91FF-4742-A59B-D73731ACDE2A}] => (Allow) C:\Spiele\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{B0CAF037-02B4-4435-B90F-B390B0A5249A}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{C0B60D74-E5DA-4326-8161-F2FFA655303F}] => (Allow) C:\Spiele\Steam\Steam.exe FirewallRules: [{07D53E42-F17E-456E-9EB3-43EA31EBB58B}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{13CEEAD6-353B-4000-9AD5-B0371CC87321}] => (Allow) C:\Spiele\Steam.exe FirewallRules: [{4B033F5D-46EE-4D1B-A817-17F2D534D546}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{44EE3460-BDC4-491C-97B7-29E7088C1D56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{011D1D54-53DF-455F-93CB-60BF9490BF02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{A866907F-FFAE-4C85-A5A4-4601E9AB10AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{D7E8260D-E776-40F0-B5F9-B97E062E0EC9}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{72307D62-3197-4135-9D49-74EA1BD7B891}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{CEA13452-D6E9-4A4C-B9D8-49C5C60360BE}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{0CC87780-C217-427A-8943-97C856C581B0}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4_x64.exe FirewallRules: [{7E359DAC-8B6A-45CA-B73F-6E5864118F68}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{47763D4D-07C1-4D12-8B59-0F42EB63D7DD}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{E10ACCD6-717E-4595-81E3-817C48ED04CB}] => (Allow) C:\Spiele\Steam\steamapps\common\Alan Wake\AlanWake.exe FirewallRules: [{269F307B-5384-4D51-8A54-F3EBB3B0B0D7}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{2A5948B2-1A45-40B6-AA9B-B36A2196CFC4}] => (Allow) C:\Spiele\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{E67184BF-0C51-424B-BAB8-5F79C1FAABFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{89284AAC-CA9A-4B9F-8C7E-FF315FCDDB24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CC2CD25C-F141-4AEF-B2EF-AE1227BE0C88}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D1C52399-2F38-4ED5-9BDF-29E95264257C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CF8E387C-132C-43FB-8AB4-43F571DDA36A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BBC15D4D-28E4-453B-A95F-98A741DFD687}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{0D55D5BB-92BA-472E-8F03-E0E6FA01AED6}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{50F30EB7-2480-4DF2-A25C-2E943808ED4D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{24FBB8FA-7B2F-4D55-AF08-3BFD9918CE52}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{1DD59E99-DC6E-4C3B-B0EE-AEB42BF04182}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{D909AA5D-54B3-428B-8670-AA4908C664CA}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{A26B33B1-C8B6-4CE9-A77E-D600B4C714B4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{3A32CEC5-A3D1-4E8B-91B3-313A38411EA5}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [TCP Query User{DEBCA610-7119-46D3-AB49-36E5D3ED4970}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{0388CC73-EED4-485C-B8C1-F0F36CC9D485}C:\users\sofia\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{A10E20C9-751E-4AAB-84FD-2A60D3DFF9DD}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe FirewallRules: [{9E25A895-5195-4693-B78C-0EC5C37B9F85}] => (Block) C:\users\sofia\appdata\roaming\spotify\spotify.exe ==================== Wiederherstellungspunkte ========================= 10-09-2017 09:36:07 Geplanter Prüfpunkt 14-09-2017 14:51:50 Windows Update 24-09-2017 12:24:40 JRT Pre-Junkware Removal ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Apple iPhone Description: Apple iPhone Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Apple Inc. Service: WUDFWpdMtp Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/24/2017 12:20:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x270 Startzeit der fehlerhaften Anwendung: 0x01d3351ec068e966 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: efd993ab-5af3-497b-8488-d8e3af4d2035 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/24/2017 12:12:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0xe14 Startzeit der fehlerhaften Anwendung: 0x01d3351d995e9b70 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 6659b1d1-fc42-415c-a629-ecdf9081f964 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/23/2017 10:11:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3510 Startzeit der fehlerhaften Anwendung: 0x01d334a816bdee34 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: bc36d87a-5789-42f7-ac03-ea36c6c1da7b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/23/2017 09:44:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Name des fehlerhaften Moduls: CTSyncU.exe, Version: 6.4.8.0, Zeitstempel: 0x469c3187 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f908 ID des fehlerhaften Prozesses: 0x3680 Startzeit der fehlerhaften Anwendung: 0x01d334a44e6412d1 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe Berichtskennung: 32120ddc-7bae-4302-8da6-e9b7f3b86f6e Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/23/2017 09:43:43 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 5754889 ms Error: Unable to create resource file. Error: (09/23/2017 09:43:04 PM) (Source: DPTF) (EventID: 256) (User: ) Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10605.221) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 5714111 ms Error: Unable to create resource file. Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3157969 Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3157969 Error: (09/23/2017 09:31:32 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/23/2017 08:38:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1078 Systemfehler: ============= Error: (09/24/2017 12:24:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/24/2017 12:24:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/24/2017 12:20:20 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-ECLIHC3) Description: Durch die Berechtigungseinstellungen für "Computerstandard" wird dem Benutzer "DESKTOP-ECLIHC3\Sofia" (SID: S-1-5-21-3576295408-1888778439-4122767721-1002) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} und der APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} im Anwendungscontainer "Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/24/2017 12:20:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/24/2017 12:20:10 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} und der APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (09/24/2017 12:20:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: Die Anforderung wird nicht unterstützt. Error: (09/24/2017 12:19:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll Error: (09/24/2017 12:19:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll Error: (09/24/2017 12:19:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll Error: (09/24/2017 12:19:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =================================== Date: 2017-09-24 12:30:57.813 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:30:57.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:27:16.509 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:27:16.506 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:27:15.157 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:27:15.154 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:25:05.836 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:25:05.834 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:25:05.815 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-09-24 12:25:05.813 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz Prozentuale Nutzung des RAM: 60% Installierter physikalischer RAM: 8053.51 MB Verfügbarer physikalischer RAM: 3158.49 MB Summe virtueller Speicher: 9525.51 MB Verfügbarer virtueller Speicher: 3968.8 MB ==================== Laufwerke ================================ Drive c: (OS) (Fixed) (Total:222.87 GB) (Free:82.23 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 13F52347) Partition: GPT. ==================== Ende von Addition.txt ============================ |
24.09.2017, 11:36 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7/Chrome: PUP.Optional.WinYahoo Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte: 1. Schritt: Malwarebytes Version 3 Downloade Dir bitte Malwarebytes Anti-Malware 3
2. Schritt: ESET Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
3. Schritt: SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Logfiles bitte immer in CODE-Tags posten |
24.09.2017, 13:10 | #15 |
| Win7/Chrome: PUP.Optional.WinYahoo So, hat ein wenig länger gedauert, aber hier sind die Logs mbam: Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 24.09.17 Scan-Zeit: 12:42 Protokolldatei: 1109bae0-a115-11e7-b5f9-40490ffec888.json Administrator: Ja -Softwaredaten- Version: 3.2.2.2029 Komponentenversion: 1.0.188 Version des Aktualisierungspakets: 1.0.2874 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 15063.608) CPU: x64 Dateisystem: NTFS Benutzer: DESKTOP-ECLIHC3\Sofia -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Ergebnis: Abgeschlossen Gescannte Objekte: 366896 Erkannte Bedrohungen: 0 (keine bösartigen Elemente erkannt) In die Quarantäne verschobene Bedrohungen: 0 (keine bösartigen Elemente erkannt) Abgelaufene Zeit: 1 Min., 19 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter 12:45:59 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.17.0 # EOSSerial=995ba658a34e0d4d9b60b07ca6298ab1 # end=init # utc_time=2017-09-24 10:45:59 # local_time=2017-09-24 12:45:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=10.0.15063 NT 12:46:03 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.17.0 # EOSSerial=995ba658a34e0d4d9b60b07ca6298ab1 # end=init # utc_time=2017-09-24 10:46:03 # local_time=2017-09-24 12:46:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=10.0.15063 NT 12:46:21 Updating 12:46:21 Update Init 12:46:23 Update Download 12:51:11 esets_scanner_reload returned 0 12:51:11 g_uiModuleBuild: 34843 12:51:11 Update Finalize 12:51:11 Call m_esets_charon_send 12:51:11 Call m_esets_charon_destroy 12:51:11 Updated modules version: 34843 12:51:20 Call m_esets_charon_setup_create 12:51:20 Call m_esets_charon_create 12:51:21 m_esets_charon_create OK 12:51:21 Call m_esets_charon_start_send_thread 12:51:21 Call m_esets_charon_setup_set 12:51:21 m_esets_charon_setup_set OK 12:51:21 Scanner engine: 34843 14:05:46 # product=EOS # version=8 # flags=0 # esetonlinescanner_deu.exe=2.0.17.0 # EOSSerial=995ba658a34e0d4d9b60b07ca6298ab1 # engine=34843 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # sfx_checked=true # utc_time=2017-09-24 12:05:46 # local_time=2017-09-24 14:05:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=10.0.15063 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 5448 16387742 0 0 # scanned=2 # found=0 # cleaned=0 # scan_time=4473 14:06:12 Call m_esets_charon_send 14:06:12 Call m_esets_charon_destroy 14:06:13 RecursiveRemoveDirectoryAndAllFiles: C:\Users\Sofia\AppData\Local\ESET\ESETOnlineScanner\Quarantine\ Code:
ATTFilter Results of screen317's Security Check version 1.009 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Google Chrome (60.0.3112.113) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
Themen zu Win7/Chrome: PUP.Optional.WinYahoo |
.dll, administrator, adobe, bonjour, computer, cpu, defender, explorer, google, home, karte, node.js, prozesse, realtek, registry, rundll, scan, security, seiten, services.exe, siteadvisor, software, svchost.exe, system, temp, webadvisor, windows, windowsapps |