| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht starteteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.09.2017, 21:18
| #1 |
 |  Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Ich setzte das Notebook zweimal zurück, das zweite Mal aus dem gleichen / selben Grund wie beim ersten Mal (der Rechner zeigte wohl als Grund des nicht startens: "autochk not existing, skipping AUTOCHECK" - https://www.trojaner-board.de/186882-autochk-exe-schadsoftware.html), momentan läuft der Rechner wieder. Habe gestern mit Adwarecleaner von Malwarebytes einige ungewünschte Software entfernt. Ausgangsgrund für diesen Thread aber: https://www.trojaner-board.de/186875-welche-programme-sollte-man-oft-laufen-lassen-um-jegliche-art-schadsoftware-erkennen.html#post1670187 Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
durchgeführt von Acer (Administrator) auf LAPTOP-3HCESL2G (26-09-2017 22:01:49)
Gestartet von I:\Downloads
Geladene Profile: Acer (Verfügbare Profile: Acer)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Lw C\Programme\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(AIMP DevTeam) C:\Lw C\Programme\Aimp\AIMP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Lw C\Programme\ArsClip\ArsClip.exe
() C:\Lw C\Programme\Everything\Everything.exe
() C:\Lw C\Programme\Everything\Everything.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Skwire Empire) C:\Lw C\Programme\sWeather\sWeather.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Marek Jasinski) C:\Lw C\LiberKey\Apps\FreeCommander\App\FreeCommander\FreeCommander.exe
() C:\Program Files\EqualizerAPO\config\Peace.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(www.FreeFileSync.org) C:\Lw C\Programme\FreeFileSync\FreeFileSync.exe
(www.FreeFileSync.org) C:\Lw C\Programme\FreeFileSync\Bin\FreeFileSync_x64.exe
(Don HO don.h@free.fr) C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Bartels Media GmbH) C:\Lw C\Programme\PhraseExpress\phraseexpress.exe
() C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(www.FreeFileSync.org) C:\Lw C\Programme\FreeFileSync\FreeFileSync.exe
(www.FreeFileSync.org) C:\Lw C\Programme\FreeFileSync\Bin\FreeFileSync_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\SndVol.exe
(Highresolution Enterprises) C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe
(QuestSoft) C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Oracle Corporation) C:\Program Files (x86)\Java2\bin\javaw.exe
(PortableApps.com) C:\Lw C\Programme\RainlendarPro\RainlendarProPortable.exe
() C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\Rainlendar2.exe
(Scrivener HQ Pty Ltd.) C:\Lw C\Programme\Scrivener\Scrivener.exe
() C:\Lw C\Programme\Cherrytree\bin\cherrytree.exe
() C:\Lw C\Programme\Cherrytree\bin\dbus-daemon.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\SpybotPortable\SpybotPortable.exe
(Safer-Networking Ltd.) C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\SDWelcome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(ShareX Team) C:\Lw C\Programme\ShareX\ShareX.exe
(Safer-Networking Ltd.) C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\SDRootAlyzer.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) C:\Lw C\PortableApps\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
(Oracle Corporation) C:\Program Files (x86)\Java2\bin\java.exe
() C:\Lw C\Programme\Sprache - Englisch\QuickDic\QuickDic.exe
(Safer-Networking Ltd.) C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\SDPrepPos.exe
(Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe
(AppWork GmbH) C:\Lw C\Programme\jDownloader 2 - zippy\JDownloader2.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2307472 2017-06-30] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [SUPERAntiSpyware] => C:\Lw C\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [Task Till Dawn] => C:\Lw C\Programme\Task Till Dawn\Task Till Dawn.exe [4262257 2017-07-25] (Oliver Matuschin)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Verknüpfung.lnk [2017-07-16]
ShortcutTarget: ArsClip.exe - Verknüpfung.lnk -> C:\Lw C\Programme\ArsClip\ArsClip.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-09-21] ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Film- und Serienlisten.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Film- und Serienlisten.lnk -> C:\Lw C\Programme\Everything\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Verknüpfung.lnk -> C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTranslate.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: QTranslate.exe - Verknüpfung.lnk -> C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe (QuestSoft)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-03-24]
ShortcutTarget: ShareX.lnk -> C:\Lw C\Programme\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sWeather.lnk [2016-04-04]
ShortcutTarget: sWeather.lnk -> C:\Lw C\Programme\sWeather\sWeather.exe (Skwire Empire)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XMouseButtonControl.exe - Verknüpfung.lnk [2017-07-11]
ShortcutTarget: XMouseButtonControl.exe - Verknüpfung.lnk -> C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe (Highresolution Enterprises)
GroupPolicy: Beschränkung <==== ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Hosts Datei wurde nicht im Standardordner gefunden
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8f4735e8-d30b-453d-87af-d26ae5341fdc}: [DhcpNameServer] 40.31.1.55
Tcpip\..\Interfaces\{ea4d4100-31d9-4320-8daa-4d4792956ba8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> DefaultScope {715F8B10-E4A8-401F-A82B-7789336983AA} URL =
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> {4D47EB80-5AEB-4282-8128-D87EEE1DD9B0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java2\bin\ssv.dll [2017-09-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java2\bin\jp2ssv.dll [2017-09-25] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\dtplugin\npDeployJava1.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\plugin2\npjp2.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Lw C\Programme\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-30] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [175152 2015-06-09] (ELAN Microelectronic Corp.)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-03] (Intel Corporation)
S3 IUFileFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-09-21] (IObit.com)
S3 IURegProcessFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [45024 2017-09-21] (IObit.com)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-04] (Acer Incorporated)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-26] (Malwarebytes)
R1 MpKsla4c802e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E032127-BEC2-41B1-BD66-98436E5A8768}\MpKsla4c802e5.sys [44928 2017-09-26] (Microsoft Corporation)
S3 MWAC; C:\WINDOWS\system32\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
S3 MWAC; C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-04] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Lw C\Programme\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Lw C\Programme\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181392 2017-09-14] (Ray Hinchliffe)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-26] (Zemana Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-26 22:01 - 2017-09-26 22:01 - 000000000 ____D C:\FRST
2017-09-26 18:20 - 2017-09-26 18:20 - 000000000 ____D C:\Users\Acer\AppData\Local\Thunderbird
2017-09-26 15:53 - 2017-09-26 15:53 - 000000000 ___HD C:\$Windows.~WS
2017-09-26 14:44 - 2017-09-26 14:44 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2017-09-26 14:42 - 2017-09-26 15:31 - 000000000 ____D C:\BootBiff
2017-09-26 13:22 - 2017-09-26 13:22 - 000000000 ____D C:\Users\Acer\AppData\Roaming\MyImgur
2017-09-26 13:02 - 2017-09-26 13:02 - 000000000 ____D C:\Users\Acer\AppData\Roaming\CareCenter
2017-09-26 12:39 - 2017-09-26 12:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Acer Incorporated
2017-09-26 11:53 - 2017-09-26 20:05 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-09-26 11:15 - 2017-09-26 22:01 - 000124613 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-26 11:15 - 2017-09-26 22:01 - 000110312 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000000000 ____D C:\Users\Acer\AppData\Local\Zemana
2017-09-26 11:07 - 2017-09-26 11:44 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-09-26 11:07 - 2017-09-26 11:07 - 000000000 ____D C:\Users\Acer\Documents\ProcAlyzer Dumps
2017-09-26 09:57 - 2017-09-26 09:57 - 000002014 _____ C:\Users\Acer\Desktop\Reflect.lnk
2017-09-26 09:50 - 2017-09-26 15:54 - 000000306 __RSH C:\ProgramData\ntuser.pol
2017-09-26 09:47 - 2017-09-26 18:20 - 000000000 ____D C:\ESD
2017-09-26 09:28 - 2017-09-14 09:05 - 000181392 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2017-09-26 07:25 - 2017-09-26 08:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\XnView
2017-09-26 00:33 - 2017-09-26 00:32 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-25 22:44 - 2017-09-25 23:17 - 000000000 ____D C:\Users\Acer\AppData\Roaming\IObit
2017-09-25 22:33 - 2017-09-25 23:17 - 000000000 ____D C:\ProgramData\ProductData
2017-09-25 22:33 - 2017-09-25 22:33 - 000000000 ____D C:\ProgramData\IObit
2017-09-25 20:31 - 2017-09-26 10:15 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Task Till Dawn
2017-09-25 19:40 - 2017-09-25 19:40 - 000001198 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Western Digital
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2017-09-25 18:41 - 2017-09-26 18:20 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Thunderbird
2017-09-25 18:41 - 2017-09-26 18:20 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2017-09-25 18:31 - 2017-09-25 18:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-25 18:31 - 2017-09-25 18:31 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-25 15:54 - 2017-09-26 20:06 - 000000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2017-09-25 15:50 - 2017-09-25 15:50 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Foxit Software
2017-09-25 15:43 - 2017-09-25 15:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2017-09-25 15:19 - 2017-09-25 15:19 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633882361-2691834456-3919945701-1001
2017-09-25 15:14 - 2017-09-26 20:09 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-25 15:14 - 2017-09-25 15:14 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-25 15:14 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-25 15:07 - 2017-09-25 15:07 - 000001952 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-09-25 15:04 - 2017-09-25 15:04 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\Program Files (x86)\Java2
2017-09-25 14:51 - 2017-09-25 15:35 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 14:43 - 2017-09-25 14:44 - 000001883 _____ C:\Users\Acer\Desktop\Peace.lnk
2017-09-25 14:43 - 2017-09-25 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Program Files\EqualizerAPO
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-09-25 14:19 - 2017-09-25 14:21 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree - alt
2017-09-25 14:16 - 2017-09-25 15:35 - 000000000 ____D C:\Users\Acer\AppData\Roaming\FreeFileSync
2017-09-25 14:13 - 2017-09-25 14:13 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-25 14:08 - 2017-09-25 15:41 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-25 14:08 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Oracle
2017-09-25 14:08 - 2017-09-25 14:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Sun
2017-09-25 13:15 - 2017-09-25 13:15 - 000002014 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\Program Files\Macrium
2017-09-25 13:03 - 2017-09-25 13:03 - 000012288 _____ C:\Sparplan.pow - neu
2017-09-25 12:55 - 2017-09-26 08:22 - 000000000 ____D C:\Windows.old 2 - 2. Zurücksetzen
2017-09-25 12:55 - 2017-09-25 12:55 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-09-25 12:54 - 2017-09-25 12:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-25 12:54 - 2017-09-25 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-09-25 12:54 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Elantech
2017-09-25 12:54 - 2017-09-25 11:58 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-25 12:53 - 2017-09-25 12:53 - 000000000 ____D C:\WINDOWS\Setup
2017-09-25 12:52 - 2017-09-26 00:30 - 000819248 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-25 12:52 - 2017-09-26 00:30 - 000167340 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-25 12:52 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\MSBuild
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-25 12:52 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\OCR
2017-09-25 12:51 - 2017-09-02 17:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-25 12:51 - 2017-09-02 17:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-25 12:50 - 2017-09-25 12:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-25 12:50 - 2017-09-25 12:48 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-09-25 12:50 - 2017-09-25 12:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-09-25 12:50 - 2017-09-25 12:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-09-25 12:50 - 2017-09-25 12:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-09-25 12:49 - 2017-09-26 19:27 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 12:49 - 2017-09-26 14:13 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-09-25 12:49 - 2017-09-26 12:18 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-25 12:49 - 2017-09-26 12:18 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-25 12:49 - 2017-09-26 09:50 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-25 12:49 - 2017-09-26 09:50 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-25 12:49 - 2017-09-26 03:12 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-25 12:49 - 2017-09-26 00:24 - 000000000 ___RD C:\Program Files (x86)
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\Provisioning
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-25 12:49 - 2017-09-25 22:40 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-25 12:49 - 2017-09-25 22:31 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\IME
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\Help
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\ias
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __RSD C:\WINDOWS\Media
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Web
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Vss
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\tracing
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\TAPI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SystemResources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\System
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SKB
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SchCache
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Resources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\PLA
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Performance
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Cursors
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Branding
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\addins
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Common Files\Services
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:10 - 000000000 ____D C:\WINDOWS\rescache
2017-09-25 12:49 - 2017-09-25 12:09 - 000000000 ____D C:\Program Files\Windows NT
2017-09-25 12:49 - 2017-09-25 12:08 - 000000000 ____D C:\WINDOWS\Registration
2017-09-25 12:49 - 2017-09-25 12:07 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-25 12:49 - 2017-09-25 12:06 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-25 12:49 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-25 12:49 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-25 12:46 - 2017-09-26 00:20 - 074448896 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-09-25 12:46 - 2017-09-26 00:20 - 041156608 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-25 12:46 - 2017-09-26 00:20 - 033554432 _____ C:\WINDOWS\system32\config\BBI
2017-09-25 12:46 - 2017-09-26 00:20 - 001572864 _____ C:\WINDOWS\system32\config\DEFAULT
2017-09-25 12:46 - 2017-09-26 00:20 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2017-09-25 12:46 - 2017-09-25 22:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-25 12:46 - 2017-09-25 18:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-25 12:46 - 2017-09-25 13:50 - 000000000 ____D C:\ProgramData\Macrium
2017-09-25 12:46 - 2017-09-25 12:55 - 000024576 _____ C:\WINDOWS\system32\config\SAM
2017-09-25 12:46 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\servicing
2017-09-25 12:46 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-09-25 12:45 - 2017-09-26 18:20 - 000000000 ____D C:\WINDOWS\Panther
2017-09-25 12:45 - 2017-09-25 12:10 - 000000000 ____D C:\$Windows.~BT
2017-09-25 12:44 - 2017-09-25 12:55 - 000000000 ___HD C:\$SysReset
2017-09-25 12:36 - 2017-09-25 12:36 - 000000000 ____D C:\Users\Acer\AppData\Local\DBG
2017-09-25 12:29 - 2017-09-25 12:29 - 000000000 ____D C:\Users\Acer\AppData\Local\MicrosoftEdge
2017-09-25 12:27 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\Comms
2017-09-25 12:25 - 2017-09-25 12:25 - 000000000 ____D C:\ProgramData\Synaptics
2017-09-25 12:17 - 2017-09-26 09:15 - 000000000 ____D C:\Users\Acer\AppData\Local\Mozilla
2017-09-25 12:16 - 2017-09-25 12:16 - 000000000 ____D C:\Users\Acer\AppData\Local\Notepad++
2017-09-25 12:15 - 2017-09-25 15:47 - 000003508 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-09-25 12:13 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\CareCenter
2017-09-25 12:12 - 2017-09-25 15:19 - 000002392 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-25 12:12 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Macromedia
2017-09-25 12:11 - 2017-09-25 15:44 - 000000000 ____D C:\Users\Acer\AppData\Local\clear.fi
2017-09-25 12:11 - 2017-09-25 12:11 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Highresolution Enterprises
2017-09-25 12:10 - 2017-09-25 13:21 - 000000000 ____D C:\Users\Acer\AppData\Local\Packages
2017-09-25 12:10 - 2017-09-25 13:19 - 000000000 ____D C:\Users\Acer\AppData\Local\Publishers
2017-09-25 12:10 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Local\AOP SDK
2017-09-25 12:10 - 2017-09-25 12:10 - 000000020 ___SH C:\Users\Acer\ntuser.ini
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\WINDOWS\oem
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\VirtualStore
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\TileDataLayer
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\ConnectedDevicesPlatform
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\All Users
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Vorlagen
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Startmenü
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Dokumente
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien
2017-09-25 12:06 - 2017-09-26 00:28 - 000003004 _____ C:\WINDOWS\System32\Tasks\FUB
2017-09-25 12:06 - 2017-09-26 00:27 - 000005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2017-09-25 12:06 - 2017-09-26 00:27 - 000003778 _____ C:\WINDOWS\System32\Tasks\ACC
2017-09-25 12:06 - 2017-09-26 00:27 - 000003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2017-09-25 12:06 - 2017-09-26 00:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-25 12:06 - 2017-09-25 15:47 - 000003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-09-25 12:06 - 2017-09-25 12:06 - 000022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-09-25 12:06 - 2017-09-25 12:06 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2017-09-25 12:06 - 2017-09-25 12:06 - 000002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2017-09-25 12:06 - 2017-09-25 12:06 - 000002264 _____ C:\WINDOWS\System32\Tasks\Power Button
2017-09-25 12:06 - 2017-09-25 12:06 - 000002222 _____ C:\WINDOWS\System32\Tasks\Power Management
2017-09-25 12:06 - 2017-09-25 12:06 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2017-09-25 12:06 - 2017-09-25 12:06 - 000002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2017-09-25 12:03 - 2017-09-26 10:31 - 000000000 ____D C:\Users\Acer
2017-09-25 12:03 - 2017-09-25 12:03 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Vorlagen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Startmenü
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Netzwerkumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Lokale Einstellungen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Eigene Dateien
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Druckumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Videos
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Musik
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Bilder
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Verlauf
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Anwendungsdaten
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Anwendungsdaten
2017-09-25 12:01 - 2017-09-25 12:01 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-09-25 11:59 - 2017-09-26 00:25 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-25 11:59 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Intel
2017-09-25 11:59 - 2017-09-25 11:59 - 032931716 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-09-25 11:59 - 2017-09-25 11:59 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Realtek
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Common Files\Atheros
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-25 11:59 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-25 11:59 - 2017-02-01 02:01 - 000112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-09-25 11:59 - 2017-02-01 02:01 - 000108568 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-25 11:58 - 2017-09-26 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-25 11:58 - 2017-09-26 00:24 - 000217984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 20:45 - 2015-05-03 08:31 - 000012288 _____ C:\Sparplan.pow Biffs
2017-09-22 11:01 - 2017-09-24 12:05 - 000000000 ____D C:\Users\Acer\Documents\Reflect
2017-09-21 16:12 - 2017-09-21 16:17 - 000000000 ____D C:\Users\Acer\Documents\Peace back up
2017-09-21 14:31 - 2017-09-21 14:31 - 000001341 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2017-09-21 14:27 - 2017-09-25 12:08 - 000008404 _____ C:\Users\Acer\Desktop\Entfernte Apps.html
2017-09-21 14:22 - 2015-03-21 02:28 - 000002343 _____ C:\Users\Acer\Desktop\App Explorer (1).lnk
2017-09-16 17:34 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-16 17:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-16 17:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-16 17:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-16 17:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-16 17:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-16 17:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-16 17:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-16 17:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-16 17:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-16 17:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-16 17:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-16 17:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-16 17:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-16 17:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-16 17:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-16 17:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-16 17:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-16 17:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-16 17:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-16 17:33 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-16 17:33 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-16 17:33 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-16 17:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-16 17:33 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-16 17:33 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-16 17:33 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-16 17:33 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-16 17:33 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-16 17:33 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-16 17:33 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-16 17:33 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-16 17:33 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-16 17:33 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-16 17:33 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-16 17:33 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-16 17:33 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-16 17:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-16 17:33 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-16 17:33 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-16 17:33 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-16 17:33 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-16 17:33 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-16 17:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-16 17:33 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-16 17:33 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-16 17:33 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-16 17:33 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-16 17:33 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-16 17:33 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-16 17:33 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-16 17:33 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-16 17:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-16 17:33 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-16 17:33 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-16 17:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-16 17:33 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-16 17:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-16 17:33 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-16 17:33 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-16 17:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-16 17:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-16 17:32 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-16 17:32 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-16 17:32 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-16 17:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-16 17:32 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-16 17:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-16 17:32 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-16 17:32 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-16 17:32 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-16 17:32 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-08 10:53 - 2017-09-08 10:53 - 000000000 ____D C:\Users\Acer\.rainlendar2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-26 18:51 - 2016-07-16 18:55 - 000000000 ____D C:\Users\Acer\.mediathek3
2017-09-26 18:20 - 2016-11-16 16:51 - 000000000 ____D C:\Users\Acer\AppData\LocalLow\Mozilla
2017-09-26 09:55 - 2016-02-15 11:59 - 000000000 ____D C:\Lw C
2017-09-26 08:22 - 2015-10-24 19:24 - 000000000 ____D C:\ProgramData\Intel
2017-09-26 08:22 - 2015-08-31 12:52 - 000000000 ____D C:\ProgramData\McAfee
2017-09-26 08:22 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\WildTangent
2017-09-26 01:02 - 2016-11-02 10:29 - 000000000 ____D C:\xampp-cz
2017-09-26 01:02 - 2016-10-27 23:15 - 000000000 ____D C:\xampp
2017-09-26 00:30 - 2015-08-31 13:01 - 001882062 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-26 00:27 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-09-26 00:25 - 2015-12-25 19:58 - 000000000 __SHD C:\Users\Acer\IntelGraphicsProfiles
2017-09-26 00:25 - 2015-08-31 12:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-25 19:40 - 2015-10-24 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-25 15:47 - 2015-08-31 13:43 - 000000000 ___HD C:\OEM
2017-09-25 15:47 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\OEM
2017-09-25 15:45 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Acer
2017-09-25 15:41 - 2015-10-24 19:48 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-09-25 15:19 - 2015-12-25 20:00 - 000000000 ___RD C:\Users\Acer\OneDrive
2017-09-25 12:48 - 2017-03-18 22:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-09-25 12:07 - 2016-06-23 12:38 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ember Media Manager BETA
2017-09-25 12:06 - 2015-07-10 13:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-25 12:02 - 2015-10-25 04:56 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\Users\Public\Foxit Software
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\Users\Public\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CLSK
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\Temp
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\install_clap
2017-09-25 12:02 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-09-25 12:02 - 2015-10-24 19:31 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\ProgramData\Mozilla
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-09-25 12:02 - 2015-07-10 14:22 - 000000000 ____D C:\ProgramData\USOShared
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\Foxit PhantomPDF
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-09-25 12:01 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2017-09-25 12:01 - 2015-10-24 19:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-25 12:01 - 2015-10-24 19:26 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-25 12:01 - 2015-08-31 12:52 - 000000000 ____D C:\Program Files\Acer
2017-09-25 12:01 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\Acer
2017-09-25 12:01 - 2015-07-10 15:14 - 000000000 ____D C:\Program Files\Windows Journal
2017-09-20 21:13 - 2017-05-04 15:25 - 000000886 _____ C:\Users\Acer\Desktop\EMDB.lnk
2017-09-20 09:46 - 2016-11-17 22:53 - 000000000 ____D C:\Users\Acer\Documents\Custom Office Templates
2017-09-02 10:05 - 2016-11-18 15:16 - 000000000 ____D C:\Users\Acer\Scrivener ScratchPad
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-09-25 11:58
==================== Ende von FRST.txt ============================
|
|
26.09.2017, 21:19
| #2 |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht starteteCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
durchgeführt von Acer (26-09-2017 22:03:55)
Gestartet von I:\Downloads
Windows 10 Home Version 1703 (X64) (2017-09-25 10:10:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Acer (S-1-5-21-2633882361-2691834456-3919945701-1001 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-2633882361-2691834456-3919945701-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2633882361-2691834456-3919945701-503 - Limited - Disabled)
Gast (S-1-5-21-2633882361-2691834456-3919945701-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-8d9b4f73-bb47-4fea-917d-c50dd2ffed5c) (Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Amazon 1Button App (HKLM-x32\...\{5095145F-A690-405A-9ABF-69C7A7319834}) (Version: 2.2.2 - Amazon) <==== ACHTUNG
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (HKLM-x32\...\WTA-ff512562-ab4b-4aae-9e8c-1d09bd47ac58) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-679326c7-f13f-4d56-ae2e-6a7fee2304c7) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-ad853ef4-00ea-4eae-8b6e-18dee9cd5722) (Version: 3.0.2.118 - WildTangent) Hidden
Kodi (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Kodi) (Version: - XBMC-Foundation)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic Academy (HKLM-x32\...\WTA-4c57b906-a5ca-4c03-9798-68e13f3261f1) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Peace (HKLM\...\Peace) (Version: 1.4.2.3 - P.E. Verbeek)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d421feba-0407-4288-b40c-de6252d31e83) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.067 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-6e35cc10-c9f5-48e9-baf9-e03aec7ff14d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-4527bc60-c537-4ef8-8c87-cc9539bb1241) (Version: 3.0.2.126 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WD Drive Utilities (HKLM-x32\...\{11CB7063-2D22-42B5-B57B-CC0BABBB2B21}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{6f54e1c5-bdbf-46bf-987d-345aeffd2b61}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001_Classes\CLSID\{CF6181BA-D469-441A-BE79-BB70A2EC3D0B}\InprocServer32 -> C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll (SHIROUZU Hiroaki)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ContextMenuHandlers1: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-01] (Intel Corporation)
ContextMenuHandlers6: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers4_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {049A9857-C539-41BD-95B7-B2CD78B144F8} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {353CCCF2-8496-4036-889F-ADEDBF63AFFD} - System32\Tasks\FUB => C:\Program Files (x86)\Acer\Care Center\FUB.bat [2012-05-31] () <==== ACHTUNG
Task: {39C2231C-6A73-4957-BFB0-B4E4889CBF97} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => C:\WINDOWS\system32\ResetEngine.exe [2017-03-18] (Microsoft Corporation)
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {5DA8FE22-3893-4E4A-B7BD-892617287A0B} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {6D57CCCD-F0C1-4B07-99B9-5CB6B8E83A2A} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
Task: {6E6FA363-2D80-4036-AA76-B037CF49BC4B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {932EC946-767B-4FAA-9B54-A4A4A2DF1822} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {BE83D780-8532-4A19-8D70-15DB8C617FBA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {D580BF3C-83CE-4E6B-B1A1-20EB95353BC4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-01 02:01 - 2017-02-01 02:01 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-05-18 19:16 - 2017-05-06 23:54 - 004825600 _____ () C:\Lw C\Programme\ArsClip\ArsClip.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\Programme\Everything\Everything.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
2017-05-24 20:11 - 2017-05-24 20:11 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-09-25 14:43 - 2017-07-26 14:25 - 004755968 _____ () C:\Program Files\EqualizerAPO\config\Peace.exe
2015-08-31 12:56 - 2015-05-08 19:41 - 000111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-03-18 21:56 - 2017-08-16 20:17 - 000222720 _____ () C:\Lw C\Programme\FreeFileSync\Bin\Taskbar7_x64.dll
2017-05-05 20:04 - 2017-01-29 10:23 - 002791424 _____ () C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
2016-08-15 13:40 - 2016-08-08 14:00 - 003097640 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\Rainlendar2.exe
2016-08-15 13:40 - 2016-08-08 14:00 - 000184320 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\lua52.dll
2016-08-15 13:40 - 2016-08-08 14:00 - 000330240 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\libical.dll
2016-08-15 13:40 - 2016-08-08 14:00 - 000060928 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\libicalss.dll
2016-08-15 13:40 - 2016-08-08 14:00 - 000075816 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\plugins\iCalendarPlugin.dll
2016-08-15 13:40 - 2016-08-08 14:00 - 000141864 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\plugins\NetworkPlugin.dll
2016-08-15 13:40 - 2016-08-08 14:00 - 000015872 _____ () C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\lfs.dll
2017-09-03 06:36 - 2017-09-02 00:01 - 000099840 _____ () C:\Lw C\Programme\Cherrytree\bin\cherrytree.exe
2017-09-03 06:36 - 2012-07-20 00:16 - 001777510 _____ () C:\Lw C\Programme\Cherrytree\bin\dbus-daemon.exe
2017-09-25 12:32 - 2017-09-25 12:33 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-25 12:32 - 2017-09-25 12:33 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-19 21:55 - 2017-07-19 21:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2015-02-14 14:00 - 2009-07-01 03:00 - 002428928 _____ () C:\Lw C\Programme\Sprache - Englisch\QuickDic\QuickDic.exe
2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-26 21:28 - 2017-09-26 21:28 - 000566439 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-09-26 21:28 - 2017-09-26 21:28 - 004078962 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-09-16 17:33 - 2017-09-05 07:19 - 004125088 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000205824 _____ () C:\Lw C\Programme\Aimp\System\libsoxr.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\libFLAC.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\lame_enc.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000759296 _____ () C:\Lw C\Programme\Aimp\System\Encoders\aimp_libvorbis.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000156208 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_AnalogMeter\aimp_AnalogMeter.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000171568 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_cdda\aimp_cdda.dll
2017-05-16 21:14 - 2016-12-05 08:42 - 001271296 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_openwith\aimp_openwith.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000159232 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_sacd\libsacd.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000026624 _____ () C:\Lw C\Programme\Aimp\Plugins\Aorta\Aorta.dll
2017-03-08 13:12 - 2016-05-24 11:43 - 002184704 _____ () C:\Lw C\Programme\Aimp\Plugins\CurrentTrackInfoToFile\CurrentTrackInfoToFile.dll
2017-04-23 18:11 - 2015-12-18 16:22 - 000355328 _____ () C:\Lw C\Programme\Aimp\Plugins\NextGroup\NextGroup.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-09-25 15:47 - 2017-09-25 15:47 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-08-31 12:56 - 2015-05-08 19:41 - 000090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2017-01-23 22:11 - 2010-08-15 20:34 - 000204800 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ComparePlugin.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000121344 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ElasticTabstops.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000100864 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\gtagfornplus.dll
2017-08-15 23:20 - 2017-08-15 23:20 - 000021680 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppExport.dll
2017-01-23 22:11 - 2011-09-21 22:46 - 001673728 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppFTP.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000157184 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppPlugin_PluginMargin.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000230400 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppQCP.dll
2017-06-08 22:04 - 2017-05-30 10:14 - 000503832 _____ () C:\Lw C\Programme\PhraseExpress\pexlang.dll
2017-09-26 09:15 - 2017-09-26 09:15 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nspF7D9.tmp\System.dll
2017-09-26 09:15 - 2017-09-26 09:15 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nspF7D9.tmp\registry.dll
2017-09-26 09:15 - 2017-09-26 09:15 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nspF7D9.tmp\newadvsplash.dll
2017-09-26 09:15 - 2017-09-26 09:15 - 000004096 _____ () C:\Users\Acer\AppData\Local\Temp\nspF7D9.tmp\FindProcDLL.dll
2017-09-26 10:31 - 2017-09-26 10:31 - 000011264 _____ () C:\Users\Acer\AppData\Local\Temp\nso87B6.tmp\System.dll
2017-09-26 10:31 - 2017-09-26 10:31 - 000013312 _____ () C:\Users\Acer\AppData\Local\Temp\nso87B6.tmp\UAC.dll
2017-09-26 10:31 - 2017-09-26 10:31 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nso87B6.tmp\registry.dll
2017-09-03 06:35 - 2011-04-09 10:59 - 000058368 _____ () C:\Lw C\Programme\Cherrytree\bin\glib._glib.pyd
2017-09-03 06:35 - 2011-04-09 10:59 - 000113152 _____ () C:\Lw C\Programme\Cherrytree\bin\gobject._gobject.pyd
2017-09-03 06:35 - 2011-04-09 11:02 - 001882624 _____ () C:\Lw C\Programme\Cherrytree\bin\gtk._gtk.pyd
2017-09-03 06:36 - 2012-02-09 01:51 - 000100352 _____ () C:\Lw C\Programme\Cherrytree\bin\zlib1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000279059 _____ () C:\Lw C\Programme\Cherrytree\bin\libfontconfig-1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000143096 _____ () C:\Lw C\Programme\Cherrytree\bin\libexpat-1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000538324 _____ () C:\Lw C\Programme\Cherrytree\bin\freetype6.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 001294335 _____ () C:\Lw C\Programme\Cherrytree\bin\libcairo-2.dll
2017-09-03 06:36 - 2012-02-09 01:51 - 000230529 _____ () C:\Lw C\Programme\Cherrytree\bin\libpng14-14.dll
2017-09-03 06:35 - 2010-11-02 22:35 - 000069632 _____ () C:\Lw C\Programme\Cherrytree\bin\cairo._cairo.pyd
2017-09-03 06:35 - 2011-04-09 10:59 - 000263168 _____ () C:\Lw C\Programme\Cherrytree\bin\gio._gio.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000111616 _____ () C:\Lw C\Programme\Cherrytree\bin\pango.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000208384 _____ () C:\Lw C\Programme\Cherrytree\bin\atk.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000017920 _____ () C:\Lw C\Programme\Cherrytree\bin\pangocairo.pyd
2017-09-03 06:36 - 2012-07-20 00:55 - 000673115 _____ () C:\Lw C\Programme\Cherrytree\bin\_dbus_bindings.pyd
2017-09-03 06:36 - 2012-07-20 00:16 - 001213961 _____ () C:\Lw C\Programme\Cherrytree\bin\libdbus-1-3.dll
2017-09-03 06:35 - 2016-12-17 22:44 - 000136704 _____ () C:\Lw C\Programme\Cherrytree\bin\pyexpat.pyd
2017-09-03 06:36 - 2012-07-20 00:55 - 000062767 _____ () C:\Lw C\Programme\Cherrytree\bin\_dbus_glib_bindings.pyd
2017-09-03 06:36 - 2012-07-20 00:42 - 000617232 _____ () C:\Lw C\Programme\Cherrytree\bin\libdbus-glib-1-2.dll
2017-09-03 06:35 - 2010-11-02 16:26 - 000115200 _____ () C:\Lw C\Programme\Cherrytree\bin\gtksourceview2.pyd
2017-09-03 06:36 - 2012-02-09 01:50 - 001808660 _____ () C:\Lw C\Programme\Cherrytree\bin\libgtksourceview-2.0-0.dll
2017-09-03 06:36 - 2010-04-07 03:14 - 001225225 _____ () C:\Lw C\Programme\Cherrytree\bin\libxml2-2.dll
2017-09-03 06:36 - 2016-12-17 22:46 - 001016832 _____ () C:\Lw C\Programme\Cherrytree\bin\_hashlib.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 000046592 _____ () C:\Lw C\Programme\Cherrytree\bin\_socket.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 001410048 _____ () C:\Lw C\Programme\Cherrytree\bin\_ssl.pyd
2017-09-03 06:36 - 2016-12-17 22:44 - 000091648 _____ () C:\Lw C\Programme\Cherrytree\bin\_ctypes.pyd
2017-09-03 06:36 - 2010-12-15 00:46 - 000154514 _____ () C:\Lw C\Programme\Cherrytree\bin\libenchant-1.dll
2017-09-03 06:36 - 2010-12-15 00:46 - 000449832 _____ () C:\Lw C\Programme\Cherrytree\lib\enchant\libenchant_ispell.dll
2017-09-03 06:36 - 2010-12-15 00:46 - 000937047 _____ () C:\Lw C\Programme\Cherrytree\lib\enchant\libenchant_myspell.dll
2017-09-03 06:36 - 2016-12-17 22:45 - 000050688 _____ () C:\Lw C\Programme\Cherrytree\bin\_sqlite3.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 000551424 _____ () C:\Lw C\Programme\Cherrytree\bin\sqlite3.dll
2017-09-03 06:36 - 2012-02-08 22:37 - 000100255 _____ () C:\Lw C\Programme\Cherrytree\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2017-09-26 11:07 - 2017-09-26 11:07 - 000011264 _____ () C:\Users\Acer\AppData\Local\Temp\nsk798C.tmp\System.dll
2017-09-26 11:07 - 2017-09-26 11:07 - 000013312 _____ () C:\Users\Acer\AppData\Local\Temp\nsk798C.tmp\UAC.dll
2017-09-26 11:07 - 2017-09-26 11:07 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsk798C.tmp\registry.dll
2016-09-13 20:00 - 2016-09-13 20:00 - 000109400 _____ () C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\snlThirdParty150.bpl
2016-09-13 20:00 - 2016-09-13 20:00 - 000167768 _____ () C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\snlFileFormats150.bpl
2016-09-13 20:00 - 2016-09-13 20:00 - 000416600 _____ () C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\DEC150.bpl
2017-05-12 17:36 - 2017-05-12 17:36 - 000507464 _____ () C:\Lw C\PortableApps\PortableApps\SpybotPortable\App\Spybot\sqlite3.dll
2017-09-26 18:20 - 2017-09-26 18:20 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nswB7C8.tmp\System.dll
2017-09-26 18:20 - 2017-09-26 18:20 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nswB7C8.tmp\newadvsplash.dll
2017-09-26 18:20 - 2017-09-26 18:20 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nswB7C8.tmp\registry.dll
2017-06-25 19:13 - 2017-09-26 18:20 - 000077824 _____ () C:\Lw C\Programme\TV-Browser\settings\4\CalendarExportPlugin\jcom.dll
2015-03-08 21:32 - 2017-06-25 14:49 - 000043920 _____ () C:\Lw C\Programme\TV-Browser\jRegistryKey.dll
2017-09-26 20:32 - 2017-09-26 20:32 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nsi7DFE.tmp\System.dll
2017-09-26 20:32 - 2017-09-26 20:32 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsi7DFE.tmp\registry.dll
2017-09-26 20:32 - 2017-09-26 20:32 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nsi7DFE.tmp\newadvsplash.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\amazon.de -> amazon.de
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{1DC6C7A3-EBE0-4DF0-89AA-BBA55F0F7879}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9F3D082C-E9A7-4F4D-A002-396AC10401BF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E481D4A6-A948-409F-AAA7-C020B0F72C36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{2FC80161-023D-4FF3-BF16-5E33180DD171}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{B9DCC327-76F1-429A-86C6-1709B65AB2EF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3427B4A3-9259-4595-943F-505BFFB2539B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BA76611A-53EA-4E98-9240-01D77C34D7E0}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{9374E55F-F31F-454E-8D92-4D68414A5ACB}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{05EBF720-9C08-4032-9F83-DDB35AB3D67E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{D1449E72-5288-4FF3-88B1-34F6AC527BFF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{153D9351-68F9-4CE6-AE66-5419EB374260}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{227DE642-B4A4-40DB-B65D-741AF59B20FE}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{DA225F5C-C571-418A-9132-30223D45C585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91692DC0-BF42-45CE-82A5-6E667F038C2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7EB10621-E6E2-4F46-BDAD-2F20EC223F72}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [UDP Query User{E726E781-3C25-48EE-8465-01C90567D1FE}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{35E1F77A-EEE6-4CD7-AAE1-ED7493FCDC70}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{B33EC8AF-FC36-4B55-B36E-A7E24CEBD2E7}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [TCP Query User{6C1E71B7-CA02-418C-9343-E0C185404F89}C:\lw c\programme\kodi\kodi.exe] => (Allow) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [UDP Query User{9AA7054E-8850-4E55-A35A-B462489FB5F6}C:\lw c\programme\kodi\kodi.exe] => (Allow) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [{56A02F73-C334-4D46-8A09-E595074A4436}] => (Block) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [{7E75F286-86A7-48D9-AD0D-88CFA5C9A0F8}] => (Block) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [{D864CE5C-9495-4809-937D-40B465938F94}] => (Allow) C:\Lw C\Programme\ShareX\ShareX.exe
==================== Wiederherstellungspunkte =========================
25-09-2017 13:15:38 Installed Macrium Reflect Free Edition
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/26/2017 08:06:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0x01d336f21da97f2b
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 7d038a37-3f24-472a-8e68-49ab737b705b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 08:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0x01d336f21da97f2b
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: e2adf8a8-0d8d-49bf-a2a9-ee49e3e671f3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:58:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d336f105e2c7a6
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: dea2704a-2c36-4cae-ad70-f4b2fd837d50
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x31d0
Startzeit der fehlerhaften Anwendung: 0x01d336f105e2c7a6
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 2a5290d9-0fba-49e3-8072-552c97d5ea5f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:28:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x298
Startzeit der fehlerhaften Anwendung: 0x01d336ece71a5603
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 69a58f43-b125-42d6-8417-85500b6c2ce8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:28:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x298
Startzeit der fehlerhaften Anwendung: 0x01d336ece71a5603
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 4afb88ef-f4cd-4c59-ae02-58b858849891
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x3058
Startzeit der fehlerhaften Anwendung: 0x01d336eca46c8f17
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 1fcf6861-873d-4890-b16c-5ed04e646cf0
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:26:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x3058
Startzeit der fehlerhaften Anwendung: 0x01d336eca46c8f17
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 087af7b5-d26f-4c91-bfbe-daa4e21df95e
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:26:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x2164
Startzeit der fehlerhaften Anwendung: 0x01d336ec84b04985
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 2ebd59b5-fb23-4537-b0d4-2909c34ecac8
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 07:26:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0x2164
Startzeit der fehlerhaften Anwendung: 0x01d336ec84b04985
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 2d6278ea-bf84-449d-b7a6-5aa3baaa7b38
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (09/26/2017 07:59:33 PM) (Source: VDS Basic Provider) (EventID: 5) (User: )
Description: Sektoren auf Datenträger "\\?\PhysicalDrive3" können nicht auf null gesetzt werden. Fehlercode: 5@0101000F
Error: (09/26/2017 04:45:29 PM) (Source: VDS Basic Provider) (EventID: 5) (User: )
Description: Sektoren auf Datenträger "\\?\PhysicalDrive3" können nicht auf null gesetzt werden. Fehlercode: 5@0101000F
Error: (09/26/2017 03:55:09 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/26/2017 03:50:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (09/26/2017 02:42:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR10 gefunden.
Error: (09/26/2017 02:24:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/26/2017 02:08:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Emsisoft Protection Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (09/26/2017 02:08:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Emsisoft Protection Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2017 02:06:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Emsisoft Protection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/26/2017 01:52:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
CodeIntegrity:
===================================
Date: 2017-09-26 20:04:04.592
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 20:00:25.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 20:00:06.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 18:21:26.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 14:15:53.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 14:15:51.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:31:46.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:22:52.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:13:48.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:01:39.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 78%
Installierter physikalischer RAM: 8107.32 MB
Verfügbarer physikalischer RAM: 1757.07 MB
Summe virtueller Speicher: 12953.09 MB
Verfügbarer virtueller Speicher: 2656.75 MB
==================== Laufwerke ================================
Drive c: (C - Acer) (Fixed) (Total:237.87 GB) (Free:23.12 GB) NTFS
Drive e: (C - Acer) (RAMDisk) (Total:237.87 GB) (Free:23.32 GB) NTFS
Drive f: () (Removable) (Total:31.99 GB) (Free:22.37 GB) FAT32
Drive i: (I 5TB WD Elemen BiffsHaupt-Daten) (Fixed) (Total:4657.49 GB) (Free:128.86 GB) NTFS
Drive z: (Z 8TBMyBooK) (Fixed) (Total:7452 GB) (Free:859.56 GB) exFAT
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B7D59E20)
Partition: GPT.
========================================================
Disk: 1 (Size: 7452 GB) (Disk ID: 16F2A91F)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 457DCB4E)
Partition 1: (Active) - (Size=32 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
|
|
26.09.2017, 21:23
| #3 |
| /// TB-Ausbilder   | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Post mir doch bitte die Logdatei von AdwCleaner mit den Funden.  |
|
26.09.2017, 21:50
| #4 |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Hallo Matthias, herzlichen Dank, freut mich! Glaube, ich verschob AdwCleaner.exe in einen anderen Ordner, es werden keine Protokolle angezeigt:  Aber falls sie als Datei gespeichert würden, müßte ich sie ja noch finden, wie könnten die denn heißen? Hier sicherheitshalber das Protokoll von Malwarebytes: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 9/25/17
Scan Time: 3:15 PM
Log File: 8d31681e-a1f3-11e7-aeef-2c600cea7f00.json
Administrator: Yes
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2881
License: Free
-System Information-
OS: Windows 10 (Build 15063.0)
CPU: x64
File System: NTFS
User: LAPTOP-3HCESL2G\Acer
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342199
Threats Detected: 76
Threats Quarantined: 75
Time Elapsed: 1 min, 49 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 1
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe, Quarantined, [1470], [333344],1.0.2881
Module: 3
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll, Quarantined, [1470], [333344],1.0.2881
Registry Key: 50
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FD1B7376-A344-48BD-857D-C87B4D8502EF}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{921462B2-5269-45A2-AA8D-F8F7A3690255}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.Amazon1ButtonRuntime, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\Amazon1ButtonRuntime.AmazonRuntimeServer, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B7479D5-C493-40F0-99B6-BFC901980034}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{48DDEC26-CEC3-478E-9566-0842DAF10CEA}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Amazon 1Button App Service, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\AmazonAppIE.AppGateway, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\AmazonAppIE.GadgetGateway, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\CLASSES\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}\InprocServer32, Quarantined, [1470], [333344],1.0.2881
Registry Value: 2
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [1470], [-1],0.0.0
PUP.Optional.Amazon1Button.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Quarantined, [1470], [-1],0.0.0
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 2
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Booking, C:\PROGRAM FILES\BOOKING.COM, Quarantined, [410], [310593],1.0.2881
File: 18
PUP.Optional.Booking, C:\USERS\PUBLIC\DESKTOP\BOOKING.COM.LNK, Quarantined, [410], [310601],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\PROGRAM FILES (X86)\AMAZON\AMAZON1BUTTONAPP\Amazon1ButtonBrowserHelper.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonRuntime.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Amazon1Button.AppFlsh, C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll, Quarantined, [1470], [333344],1.0.2881
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.com.lnk, Quarantined, [410], [310593],1.0.2881
PUP.Optional.Booking, C:\Program Files\Booking.COM\Booking.ico, Quarantined, [410], [310593],1.0.2881
PUP.Optional.Booking, C:\Program Files\Booking.COM\StartURL.exe, Quarantined, [410], [310593],1.0.2881
PUP.Optional.Booking, C:\Program Files\Booking.COM\Version.txt, Quarantined, [410], [310593],1.0.2881
Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Removal Failed, [25], [301381],1.0.2881
Physical Sector: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 25 22:15:39 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-23-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\Users\Acer\AppData\Local\Host App Service
PUP.Optional.Legacy, C:\Users\Default\AppData\Local\Host App Service
PUP.Optional.Legacy, C:\Users\Default User\AppData\Local\Host App Service
PUP.Optional.Legacy, C:\ProgramData\DriverSetupUtility
PUP.Optional.Legacy, C:\Program Files\DriverSetupUtility
PUP.Optional.Legacy, C:\Users\All Users\DriverSetupUtility
***** [ Files ] *****
PUP.Optional.Legacy, C:\Users\Acer\Desktop\App Explorer.lnk
PUP.Optional.Legacy, C:\Users\Default\Desktop\App Explorer.lnk
PUP.Optional.Legacy, C:\Users\Default User\Desktop\App Explorer.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
Code:
ATTFilter # AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 25 22:17:41 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\Acer\AppData\Local\Host App Service
Deleted: C:\Users\Default\AppData\Local\Host App Service
Deleted: C:\Users\Default User\AppData\Local\Host App Service
Deleted: C:\ProgramData\DriverSetupUtility
Deleted: C:\Program Files\DriverSetupUtility
Deleted: C:\Users\All Users\DriverSetupUtility
***** [ Files ] *****
Deleted: C:\Users\Acer\Desktop\\App Explorer.lnk
Deleted: C:\Users\Default\Desktop\\App Explorer.lnk
Deleted: C:\Users\Default User\Desktop\\App Explorer.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\Amazon1ButtonBrowserHelper.dll
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [2378 B] - [2017/9/25 22:15:39]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Geändert von Dirki (26.09.2017 um 22:01 Uhr) |
|
27.09.2017, 21:02
| #5 |
| /// TB-Ausbilder | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus, welche Probleme gibt es denn aktuell noch mit dem PC? Schritt 1
Schritt 2 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
27.09.2017, 21:15
| #6 | ||
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus! Zitat:
Zitat:
 |
|
27.09.2017, 21:22
| #7 |
| /// TB-Ausbilder | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus, du musst nur die Code-Box kopieren, FRST starten und direkt auf den Button "Entfernen" klicken (Von "einfügen" habe ich nichts geschrieben...  ) .FRST holt sich den Fix aus dem Cache (Zwischenablage). |
|
27.09.2017, 22:00
| #8 | |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus! Zitat:
Vielen Dank! Puh, alle Programme wurden ohne Warnung geschlossen als ich auf "Entfernen" klickte, war das so richtig? Übrigens startete das Notebook früher recht schenll, jetzt dauert es sehr lange. Auch wird offenbar nach jedem Neustart das UAC auf die Voreinstellungen zurückgesetzt. Und offenbar jedes Mal nach einen Neustart kommen auch erneut die gleichen Abfragen, angekreuzt "Öffentliche Netzwerke...". Ist das normal:  Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
durchgeführt von Acer (27-09-2017 22:25:44) Run:1
Gestartet von I:\Vorübergehend
Geladene Profile: Acer (Verfügbare Profile: Acer)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-09-21] ()
GroupPolicy: Beschränkung <==== ACHTUNG
Unlock: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
Hosts:
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
Konnte nicht verschoben werden "C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => ist geplant bei Neustart verschoben zu werden.
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben
"C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS" => wurde entsperrt
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21624662 B
Java, Flash, Steam htmlcache => 717 B
Windows/system/drivers => 75023863 B
Edge => 3472544 B
Chrome => 51307975 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 255656 B
NetworkService => 4172 B
Acer => 166824022 B
RecycleBin => 14902612244 B
EmptyTemp: => 14.2 GB temporäre Dateien entfernt.
================================
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 27-09-2017 22:33:19)
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled => ist erfolgreich verschoben
==== Ende vom Fixlog 22:33:19 ====
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 22:46 on 27/09/2017 by Acer
Administrator - Elevation successful
========== filefind ==========
Searching for "*Amazon1Button*"
No files found.
Searching for "*Amazon 1Button*"
No files found.
Searching for "*BOOKING.COM*"
C:\Dirks Lw C\Programme\jDownloader 2\themes\standard\org\jdownloader\images\fav\albanian-booking.com.png --a---- 1530 bytes [18:17 28/05/2017] [18:17 28/05/2017] 2E9B80443C4F52FB22453AAF73BB8458
C:\OEM\Preload\Command\AlaunchX\BackupLinks\Booking.com.lnk --a---- 2023 bytes [17:45 24/10/2015] [17:45 24/10/2015] 2571C4A0ECE9172CC3D43F381F51E875
C:\Users\Acer\Favorites\Booking.com.url --a---- 133 bytes [10:03 25/09/2017] [11:23 25/09/2017] 22E983AD2F0009FCED03B1F63B79B433
C:\Users\Default\Favorites\Booking.com.url --a---- 133 bytes [17:45 24/10/2015] [17:45 24/10/2015] 22E983AD2F0009FCED03B1F63B79B433
Searching for "*Host App Service*"
No files found.
Searching for "*HostAppService*"
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\1xVPfvJcrg\Engine\HostAppService.exe --a---- 7215672 bytes [22:17 25/09/2017] [15:31 26/06/2015] 443E29569896045733E9525C4EA21C20
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\1xVPfvJcrg\Engine\HostAppServiceUpdater.exe --a---- 9893432 bytes [22:17 25/09/2017] [15:31 26/06/2015] 4C02D6FA1C3539FB0CFB420E6E608477
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\frAQBc8Wsa\Engine\HostAppService.exe --a---- 7215672 bytes [22:17 25/09/2017] [15:31 26/06/2015] 443E29569896045733E9525C4EA21C20
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\frAQBc8Wsa\Engine\HostAppServiceUpdater.exe --a---- 9893432 bytes [22:17 25/09/2017] [15:31 26/06/2015] 4C02D6FA1C3539FB0CFB420E6E608477
Searching for "*App Explorer*"
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\1xVPfvJcrg\IconCache\persistent\App Explorer.ico --a---- 38266 bytes [22:17 25/09/2017] [00:28 21/03/2015] 2A13A142D93492DC495D14EBE7C7659C
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\frAQBc8Wsa\IconCache\persistent\App Explorer.ico --a---- 38266 bytes [22:17 25/09/2017] [00:28 21/03/2015] 2A13A142D93492DC495D14EBE7C7659C
C:\Dirks Lw C\Vorübergehend\AdwCleaner\Quarantine\x3CF3EDNhm\App Explorer.lnk --a---- 3236 bytes [22:17 25/09/2017] [00:28 21/03/2015] 5066236938F2B315E1A46AEE8C49637C
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk --a---- 3236 bytes [00:28 21/03/2015] [00:28 21/03/2015] 5066236938F2B315E1A46AEE8C49637C
C:\Users\Acer\Desktop\App Explorer (1).lnk --a---- 2343 bytes [12:22 21/09/2017] [00:28 21/03/2015] 3119137539952868BFE67129650AEA33
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk --a---- 3236 bytes [00:28 21/03/2015] [00:28 21/03/2015] 5066236938F2B315E1A46AEE8C49637C
Searching for "*AppExplorer*"
No files found.
Searching for "autochk.exe"
C:\Windows\System32\autochk.exe --a---- 971264 bytes [05:25 03/08/2017] [04:09 28/07/2017] BD2775BCFB7735266CD90392E934B5C3
C:\Windows\syswow64\autochk.exe --a---- 892928 bytes [05:26 03/08/2017] [04:05 28/07/2017] B0D0EFC87829526BEC82AEF638DB1E89
C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.15063.0_none_f307c682fa8fdc57\autochk.exe --a---- 969728 bytes [20:58 18/03/2017] [10:48 25/09/2017] 4A762DDC23C069EA7C238542CF07D655
C:\Windows\WinSxS\amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.15063.502_none_7732ae0427f2973a\autochk.exe --a---- 971264 bytes [05:25 03/08/2017] [04:09 28/07/2017] BD2775BCFB7735266CD90392E934B5C3
C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.15063.0_none_fd5c70d52ef09e52\autochk.exe --a---- 891904 bytes [20:58 18/03/2017] [10:47 25/09/2017] CC1D95F0D688B14810E1064ADD8DDA1D
C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.15063.502_none_818758565c535935\autochk.exe --a---- 892928 bytes [05:26 03/08/2017] [04:05 28/07/2017] B0D0EFC87829526BEC82AEF638DB1E89
========== folderfind ==========
Searching for "*Amazon1Button*"
No folders found.
Searching for "*Amazon 1Button*"
No folders found.
Searching for "*BOOKING.COM*"
No folders found.
Searching for "*Host App Service*"
No folders found.
Searching for "*HostAppService*"
No folders found.
Searching for "*App Explorer*"
No folders found.
Searching for "*AppExplorer*"
No folders found.
========== regfind ==========
Searching for "Amazon1Button"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Amazon1ButtonRuntime.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6}]
@="Amazon1ButtonBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2}]
@="Amazon1ButtonRuntime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943\SourceList]
"LastUsedSource"="n;1;c:\OEM\Preload\APP\Amazon1ButtonAPP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943\SourceList]
"PackageName"="Amazon1ButtonApp.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943\SourceList\Net]
"1"="c:\OEM\Preload\APP\Amazon1ButtonAPP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Amazon1ButtonRuntime.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6}]
@="Amazon1ButtonBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2}]
@="Amazon1ButtonRuntime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\Amazon\Amazon1ButtonApp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C0C3CA4FFEA0346A0ACE4D9BEF71DD]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19BB5F38476A9A04699E5DF4D212E28D]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\475EC990AB4A77A47AEB4634C05FACC6]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4AF6DE4C454BBAD4FA1431F87EECE467]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DEE7B81C6C92DB4396DA6BD047D88EC]
"F5415905096AA504A9FB967C7A138943"="00:\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO\CLSID\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B6A5CBB65D82A9498CE4E5F62953929]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonRuntime.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7709E5237A966A141B50E3C2968FB526]
"F5415905096AA504A9FB967C7A138943"="22:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Amazon1ButtonTaskbarApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85F66E78FFD612748A7996B0DE61378C]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9464C13F9ECD062429DA8DE5D9E7AB6B]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96F5B314D7F105945855BC242CE9C496]
"F5415905096AA504A9FB967C7A138943"="01:\Software\Microsoft\Amazon1ButtonApp\installedAcceptance"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD9DA246F09D07E44ADF0A50DD81ECC0]
"F5415905096AA504A9FB967C7A138943"="02:\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp\InstalledIE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C33667B7C7829EC4EB41BFCD0B1A48FF]
"F5415905096AA504A9FB967C7A138943"="20:\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO\CLSID\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5F319C6A5A8B0C4BB1B1679C12C353C]
"F5415905096AA504A9FB967C7A138943"="02:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Amazon1ButtonTaskbarApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBB71FE03730CF145A43D407E7C537B8]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonAppIE64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF195D5ABC9626849B3202417F851480]
"F5415905096AA504A9FB967C7A138943"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonBrowserHelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F040C9A31A6EB114ABA8CB7199EE8B79]
"F5415905096AA504A9FB967C7A138943"="02:\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp\OemId"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDA23AF683A82D44F8CD75BE2F12D552]
"F5415905096AA504A9FB967C7A138943"="00:\Amazon1ButtonRuntime.AmazonRuntimeServer\CLSID\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943\InstallProperties]
"InstallSource"="c:\OEM\Preload\APP\Amazon1ButtonAPP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AppDataLow\Software\Amazon\Amazon1ButtonApp]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AppDataLow\Software\Amazon\Amazon1ButtonApp]
"Location"="c:\Program Files (x86)\Amazon\Amazon1ButtonApp\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5095145F-A690-405A-9ABF-69C7A7319834}]
"InstallSource"="c:\OEM\Preload\APP\Amazon1ButtonAPP\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\AppID\Amazon1ButtonRuntime.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6}]
@="Amazon1ButtonBHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2}]
@="Amazon1ButtonRuntime"
[HKEY_USERS\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp]
Searching for "Amazon 1Button"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943]
"ProductName"="Amazon 1Button App"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943\InstallProperties]
"DisplayName"="Amazon 1Button App"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5095145F-A690-405A-9ABF-69C7A7319834}]
"DisplayName"="Amazon 1Button App"
Searching for "BOOKING.COM"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder0"="C:\Program Files\BOOKING.COM"
Searching for "Host App Service"
No data found.
Searching for "HostAppService"
No data found.
Searching for "App Explorer"
No data found.
Searching for "AppExplorer"
No data found.
-= EOF =-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
durchgeführt von Acer (Administrator) auf LAPTOP-3HCESL2G (27-09-2017 22:55:14)
Gestartet von I:\Vorübergehend
Geladene Profile: Acer (Verfügbare Profile: Acer)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Lw C\Programme\SUPERAntiSpyware\SASCore64.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(AppWork GmbH) C:\Lw C\Programme\jDownloader 2 - zippy\JDownloader2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(SUPERAntiSpyware) C:\Lw C\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Marek Jasinski) C:\Lw C\LiberKey\Apps\FreeCommander\App\FreeCommander\FreeCommander.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Lw C\Programme\ArsClip\ArsClip.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Lw C\Programme\Everything\Everything.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
(QuestSoft) C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe
() C:\Lw C\Programme\Everything\Everything.exe
(Skwire Empire) C:\Lw C\Programme\sWeather\sWeather.exe
(Highresolution Enterprises) C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
() C:\Program Files\EqualizerAPO\config\Peace.exe
(AIMP DevTeam) C:\Lw C\Programme\Aimp\AIMP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(ShareX Team) C:\Lw C\Programme\ShareX\ShareX.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe
(Bartels Media GmbH) C:\Lw C\Programme\PhraseExpress\phraseexpress.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\Notepad++Portable\Notepad++Portable.exe
(Don HO don.h@free.fr) C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\notepad++.exe
() C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
() I:\Downloads\SystemLook_x64.exe
() C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2307472 2017-06-30] (Western Digital Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-09-24] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-09-24] ()
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [SUPERAntiSpyware] => C:\Lw C\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [Task Till Dawn] => C:\Lw C\Programme\Task Till Dawn\Task Till Dawn.exe [4262257 2017-07-25] (Oliver Matuschin)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Verknüpfung.lnk [2017-07-16]
ShortcutTarget: ArsClip.exe - Verknüpfung.lnk -> C:\Lw C\Programme\ArsClip\ArsClip.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Film- und Serienlisten.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Film- und Serienlisten.lnk -> C:\Lw C\Programme\Everything\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Verknüpfung.lnk -> C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTranslate.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: QTranslate.exe - Verknüpfung.lnk -> C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe (QuestSoft)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-03-24]
ShortcutTarget: ShareX.lnk -> C:\Lw C\Programme\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sWeather.lnk [2016-04-04]
ShortcutTarget: sWeather.lnk -> C:\Lw C\Programme\sWeather\sWeather.exe (Skwire Empire)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XMouseButtonControl.exe - Verknüpfung.lnk [2017-07-11]
ShortcutTarget: XMouseButtonControl.exe - Verknüpfung.lnk -> C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe (Highresolution Enterprises)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8f4735e8-d30b-453d-87af-d26ae5341fdc}: [DhcpNameServer] 40.31.1.55
Tcpip\..\Interfaces\{ea4d4100-31d9-4320-8daa-4d4792956ba8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> DefaultScope {715F8B10-E4A8-401F-A82B-7789336983AA} URL =
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> {4D47EB80-5AEB-4282-8128-D87EEE1DD9B0} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java2\bin\ssv.dll [2017-09-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java2\bin\jp2ssv.dll [2017-09-25] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\dtplugin\npDeployJava1.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\plugin2\npjp2.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (Google Präsentationen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-27]
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-27]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-27]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-27]
CHR Extension: (Google Tabellen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-27]
CHR Extension: (Google Mail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Lw C\Programme\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-30] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [175152 2015-06-09] (ELAN Microelectronic Corp.)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-03] (Intel Corporation)
S3 IUFileFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-09-21] (IObit.com)
S3 IURegProcessFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [45024 2017-09-21] (IObit.com)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-04] (Acer Incorporated)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-27] (Malwarebytes)
R1 MpKslc284e4b7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2322CA2A-3200-44E8-BA42-F0678AD126C4}\MpKslc284e4b7.sys [44928 2017-09-27] (Microsoft Corporation)
S3 MWAC; C:\WINDOWS\system32\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
S3 MWAC; C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-04] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Lw C\Programme\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Lw C\Programme\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181392 2017-09-14] (Ray Hinchliffe)
U5 UnlockerDriver5; C:\Lw C\LiberKey\Apps\Unlocker\App\Unlocker\x64\UnlockerDriver5.sys [12352 2011-04-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-26] (Zemana Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-27 22:42 - 2017-09-27 22:42 - 000000000 ____D C:\N++RECOV
2017-09-27 21:30 - 2017-09-27 21:30 - 000000000 ____D C:\Users\Acer\AppData\Local\Google
2017-09-27 18:43 - 2017-09-27 18:43 - 000000000 ____D C:\Users\Acer\AppData\Local\Thunderbird
2017-09-27 18:37 - 2017-09-27 18:37 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-09-27 09:41 - 2017-09-27 09:41 - 000000000 ____D C:\Users\Acer\AppData\Roaming\ThisIsMyFile
2017-09-27 08:24 - 2017-09-27 08:24 - 000000000 ____D C:\CloneSpy - gelöschte Dateien
2017-09-26 22:41 - 2017-09-26 23:18 - 000000000 ____D C:\AdwCleaner
2017-09-26 22:01 - 2017-09-27 22:55 - 000000000 ____D C:\FRST
2017-09-26 15:53 - 2017-09-26 15:53 - 000000000 ___HD C:\$Windows.~WS
2017-09-26 14:44 - 2017-09-26 14:44 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2017-09-26 14:42 - 2017-09-26 15:31 - 000000000 ____D C:\BootBiff
2017-09-26 13:22 - 2017-09-26 13:22 - 000000000 ____D C:\Users\Acer\AppData\Roaming\MyImgur
2017-09-26 13:02 - 2017-09-26 13:02 - 000000000 ____D C:\Users\Acer\AppData\Roaming\CareCenter
2017-09-26 12:39 - 2017-09-26 12:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Acer Incorporated
2017-09-26 11:15 - 2017-09-27 22:54 - 000074887 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-26 11:15 - 2017-09-27 22:54 - 000044060 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000000000 ____D C:\Users\Acer\AppData\Local\Zemana
2017-09-26 09:57 - 2017-09-26 09:57 - 000002014 _____ C:\Users\Acer\Desktop\Reflect.lnk
2017-09-26 09:50 - 2017-09-27 22:29 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-26 09:47 - 2017-09-26 18:20 - 000000000 ____D C:\ESD
2017-09-26 09:28 - 2017-09-14 09:05 - 000181392 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2017-09-26 07:25 - 2017-09-26 08:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\XnView
2017-09-26 00:33 - 2017-09-26 00:32 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-25 22:44 - 2017-09-25 23:17 - 000000000 ____D C:\Users\Acer\AppData\Roaming\IObit
2017-09-25 22:33 - 2017-09-25 23:17 - 000000000 ____D C:\ProgramData\ProductData
2017-09-25 22:33 - 2017-09-25 22:33 - 000000000 ____D C:\ProgramData\IObit
2017-09-25 20:31 - 2017-09-26 10:15 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Task Till Dawn
2017-09-25 19:40 - 2017-09-25 19:40 - 000001198 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Western Digital
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2017-09-25 18:41 - 2017-09-27 18:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Thunderbird
2017-09-25 18:41 - 2017-09-27 18:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2017-09-25 18:31 - 2017-09-25 18:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-25 18:31 - 2017-09-25 18:31 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-25 15:54 - 2017-09-27 12:44 - 000000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2017-09-25 15:50 - 2017-09-25 15:50 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Foxit Software
2017-09-25 15:43 - 2017-09-25 15:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2017-09-25 15:19 - 2017-09-25 15:19 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633882361-2691834456-3919945701-1001
2017-09-25 15:14 - 2017-09-27 22:33 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-25 15:14 - 2017-09-25 15:14 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-25 15:14 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-25 15:07 - 2017-09-25 15:07 - 000001952 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-09-25 15:04 - 2017-09-25 15:04 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\Program Files (x86)\Java2
2017-09-25 14:51 - 2017-09-27 21:44 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 14:43 - 2017-09-25 14:44 - 000001883 _____ C:\Users\Acer\Desktop\Peace.lnk
2017-09-25 14:43 - 2017-09-25 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Program Files\EqualizerAPO
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-09-25 14:19 - 2017-09-25 14:21 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree - alt
2017-09-25 14:16 - 2017-09-27 08:46 - 000000000 ____D C:\Users\Acer\AppData\Roaming\FreeFileSync
2017-09-25 14:13 - 2017-09-25 14:13 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-25 14:08 - 2017-09-25 15:41 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-25 14:08 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Oracle
2017-09-25 14:08 - 2017-09-25 14:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Sun
2017-09-25 13:15 - 2017-09-25 13:15 - 000002014 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\Program Files\Macrium
2017-09-25 12:55 - 2017-09-27 09:41 - 000000000 ____D C:\Windows.old 2 - 2. Zurücksetzen - löschen, erledigt
2017-09-25 12:55 - 2017-09-25 12:55 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-09-25 12:54 - 2017-09-25 12:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-25 12:54 - 2017-09-25 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-09-25 12:54 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Elantech
2017-09-25 12:54 - 2017-09-25 11:58 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-25 12:53 - 2017-09-25 12:53 - 000000000 ____D C:\WINDOWS\Setup
2017-09-25 12:52 - 2017-09-27 22:41 - 000836010 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-25 12:52 - 2017-09-27 22:41 - 000171896 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-25 12:52 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\MSBuild
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-25 12:52 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\OCR
2017-09-25 12:51 - 2017-09-02 17:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-25 12:51 - 2017-09-02 17:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-25 12:50 - 2017-09-25 12:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-25 12:50 - 2017-09-25 12:48 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-09-25 12:50 - 2017-09-25 12:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-09-25 12:50 - 2017-09-25 12:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-09-25 12:50 - 2017-09-25 12:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-09-25 12:49 - 2017-09-27 22:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-25 12:49 - 2017-09-27 22:25 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-25 12:49 - 2017-09-27 22:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-25 12:49 - 2017-09-27 18:40 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 12:49 - 2017-09-27 10:31 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-25 12:49 - 2017-09-26 14:13 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-09-25 12:49 - 2017-09-26 03:12 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-25 12:49 - 2017-09-26 00:24 - 000000000 ___RD C:\Program Files (x86)
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\Provisioning
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-25 12:49 - 2017-09-25 22:40 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-25 12:49 - 2017-09-25 22:31 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\IME
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\Help
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\ias
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __RSD C:\WINDOWS\Media
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Web
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Vss
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\tracing
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\TAPI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SystemResources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\System
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SKB
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SchCache
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Resources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\PLA
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Performance
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Cursors
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Branding
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\addins
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Common Files\Services
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:10 - 000000000 ____D C:\WINDOWS\rescache
2017-09-25 12:49 - 2017-09-25 12:09 - 000000000 ____D C:\Program Files\Windows NT
2017-09-25 12:49 - 2017-09-25 12:08 - 000000000 ____D C:\WINDOWS\Registration
2017-09-25 12:49 - 2017-09-25 12:07 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-25 12:49 - 2017-09-25 12:06 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-25 12:49 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-25 12:49 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-25 12:46 - 2017-09-27 22:29 - 074448896 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-09-25 12:46 - 2017-09-27 22:29 - 041156608 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-25 12:46 - 2017-09-27 22:29 - 033554432 _____ C:\WINDOWS\system32\config\BBI
2017-09-25 12:46 - 2017-09-27 22:29 - 001572864 _____ C:\WINDOWS\system32\config\DEFAULT
2017-09-25 12:46 - 2017-09-27 22:29 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2017-09-25 12:46 - 2017-09-27 11:31 - 000000000 ____D C:\ProgramData\Macrium
2017-09-25 12:46 - 2017-09-25 22:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-25 12:46 - 2017-09-25 18:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-25 12:46 - 2017-09-25 12:55 - 000024576 _____ C:\WINDOWS\system32\config\SAM
2017-09-25 12:46 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\servicing
2017-09-25 12:46 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-09-25 12:45 - 2017-09-26 18:20 - 000000000 ____D C:\WINDOWS\Panther
2017-09-25 12:45 - 2017-09-25 12:10 - 000000000 ____D C:\$Windows.~BT
2017-09-25 12:44 - 2017-09-25 12:55 - 000000000 ___HD C:\$SysReset
2017-09-25 12:36 - 2017-09-25 12:36 - 000000000 ____D C:\Users\Acer\AppData\Local\DBG
2017-09-25 12:29 - 2017-09-25 12:29 - 000000000 ____D C:\Users\Acer\AppData\Local\MicrosoftEdge
2017-09-25 12:27 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\Comms
2017-09-25 12:25 - 2017-09-25 12:25 - 000000000 ____D C:\ProgramData\Synaptics
2017-09-25 12:17 - 2017-09-26 09:15 - 000000000 ____D C:\Users\Acer\AppData\Local\Mozilla
2017-09-25 12:16 - 2017-09-25 12:16 - 000000000 ____D C:\Users\Acer\AppData\Local\Notepad++
2017-09-25 12:15 - 2017-09-25 15:47 - 000003508 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-09-25 12:13 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\CareCenter
2017-09-25 12:12 - 2017-09-25 15:19 - 000002392 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-25 12:12 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Macromedia
2017-09-25 12:11 - 2017-09-25 15:44 - 000000000 ____D C:\Users\Acer\AppData\Local\clear.fi
2017-09-25 12:11 - 2017-09-25 12:11 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Highresolution Enterprises
2017-09-25 12:10 - 2017-09-25 13:21 - 000000000 ____D C:\Users\Acer\AppData\Local\Packages
2017-09-25 12:10 - 2017-09-25 13:19 - 000000000 ____D C:\Users\Acer\AppData\Local\Publishers
2017-09-25 12:10 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Local\AOP SDK
2017-09-25 12:10 - 2017-09-25 12:10 - 000000020 ___SH C:\Users\Acer\ntuser.ini
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\WINDOWS\oem
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\VirtualStore
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\TileDataLayer
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\ConnectedDevicesPlatform
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\All Users
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Vorlagen
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Startmenü
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Dokumente
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien
2017-09-25 12:06 - 2017-09-27 22:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-25 12:06 - 2017-09-26 00:27 - 000005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2017-09-25 12:06 - 2017-09-26 00:27 - 000003778 _____ C:\WINDOWS\System32\Tasks\ACC
2017-09-25 12:06 - 2017-09-26 00:27 - 000003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2017-09-25 12:06 - 2017-09-25 15:47 - 000003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-09-25 12:06 - 2017-09-25 12:06 - 000022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-09-25 12:06 - 2017-09-25 12:06 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2017-09-25 12:06 - 2017-09-25 12:06 - 000002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2017-09-25 12:06 - 2017-09-25 12:06 - 000002264 _____ C:\WINDOWS\System32\Tasks\Power Button
2017-09-25 12:06 - 2017-09-25 12:06 - 000002222 _____ C:\WINDOWS\System32\Tasks\Power Management
2017-09-25 12:06 - 2017-09-25 12:06 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2017-09-25 12:06 - 2017-09-25 12:06 - 000002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2017-09-25 12:03 - 2017-09-27 10:30 - 000000000 ____D C:\Users\Acer
2017-09-25 12:03 - 2017-09-25 12:03 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Vorlagen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Startmenü
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Netzwerkumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Lokale Einstellungen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Eigene Dateien
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Druckumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Videos
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Musik
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Bilder
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Verlauf
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Anwendungsdaten
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Anwendungsdaten
2017-09-25 12:01 - 2017-09-25 12:01 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-09-25 11:59 - 2017-09-27 22:33 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-25 11:59 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Intel
2017-09-25 11:59 - 2017-09-25 11:59 - 032931716 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-09-25 11:59 - 2017-09-25 11:59 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Realtek
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Common Files\Atheros
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-25 11:59 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-25 11:59 - 2017-02-01 02:01 - 000112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-09-25 11:59 - 2017-02-01 02:01 - 000108568 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-25 11:58 - 2017-09-27 19:00 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-25 11:58 - 2017-09-26 00:24 - 000217984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 11:01 - 2017-09-27 09:40 - 000000000 ____D C:\Users\Acer\Documents\Reflect
2017-09-21 16:12 - 2017-09-21 16:17 - 000000000 ____D C:\Users\Acer\Documents\Peace back up
2017-09-21 14:31 - 2017-09-21 14:31 - 000001341 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2017-09-21 14:27 - 2017-09-25 12:08 - 000008404 _____ C:\Users\Acer\Desktop\Entfernte Apps.html
2017-09-21 14:22 - 2015-03-21 02:28 - 000002343 _____ C:\Users\Acer\Desktop\App Explorer (1).lnk
2017-09-16 17:34 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-16 17:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-16 17:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-16 17:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-16 17:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-16 17:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-16 17:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-16 17:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-16 17:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-16 17:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-16 17:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-16 17:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-16 17:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-16 17:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-16 17:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-16 17:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-16 17:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-16 17:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-16 17:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-16 17:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-16 17:33 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-16 17:33 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-16 17:33 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-16 17:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-16 17:33 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-16 17:33 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-16 17:33 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-16 17:33 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-16 17:33 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-16 17:33 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-16 17:33 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-16 17:33 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-16 17:33 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-16 17:33 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-16 17:33 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-16 17:33 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-16 17:33 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-16 17:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-16 17:33 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-16 17:33 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-16 17:33 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-16 17:33 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-16 17:33 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-16 17:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-16 17:33 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-16 17:33 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-16 17:33 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-16 17:33 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-16 17:33 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-16 17:33 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-16 17:33 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-16 17:33 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-16 17:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-16 17:33 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-16 17:33 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-16 17:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-16 17:33 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-16 17:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-16 17:33 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-16 17:33 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-16 17:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-16 17:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-16 17:32 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-16 17:32 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-16 17:32 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-16 17:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-16 17:32 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-16 17:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-16 17:32 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-16 17:32 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-16 17:32 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-16 17:32 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-08 10:53 - 2017-09-08 10:53 - 000000000 ____D C:\Users\Acer\.rainlendar2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-27 22:41 - 2015-08-31 13:01 - 001912472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-27 22:33 - 2015-12-25 19:58 - 000000000 __SHD C:\Users\Acer\IntelGraphicsProfiles
2017-09-27 22:26 - 2016-02-27 14:11 - 000000000 ____D C:\Users\Acer\AppData\LocalLow\Temp
2017-09-27 18:43 - 2016-11-16 16:51 - 000000000 ____D C:\Users\Acer\AppData\LocalLow\Mozilla
2017-09-27 17:41 - 2016-11-02 10:29 - 000000000 ____D C:\xampp-cz
2017-09-27 17:41 - 2016-10-27 23:15 - 000000000 ____D C:\xampp
2017-09-27 17:41 - 2016-02-15 11:59 - 000000000 ____D C:\Lw C
2017-09-27 00:51 - 2016-07-16 18:55 - 000000000 ____D C:\Users\Acer\.mediathek3
2017-09-26 08:22 - 2015-10-24 19:24 - 000000000 ____D C:\ProgramData\Intel
2017-09-26 08:22 - 2015-08-31 12:52 - 000000000 ____D C:\ProgramData\McAfee
2017-09-26 08:22 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\WildTangent
2017-09-26 00:27 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-09-26 00:25 - 2015-08-31 12:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-25 19:40 - 2015-10-24 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-25 15:47 - 2015-08-31 13:43 - 000000000 ___HD C:\OEM
2017-09-25 15:47 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\OEM
2017-09-25 15:45 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Acer
2017-09-25 15:41 - 2015-10-24 19:48 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-09-25 15:19 - 2015-12-25 20:00 - 000000000 ___RD C:\Users\Acer\OneDrive
2017-09-25 12:48 - 2017-03-18 22:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-09-25 12:07 - 2016-06-23 12:38 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ember Media Manager BETA
2017-09-25 12:06 - 2015-07-10 13:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-25 12:02 - 2015-10-25 04:56 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\Users\Public\Foxit Software
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\Users\Public\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CLSK
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\Temp
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\install_clap
2017-09-25 12:02 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-09-25 12:02 - 2015-10-24 19:31 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\ProgramData\Mozilla
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-09-25 12:02 - 2015-07-10 14:22 - 000000000 ____D C:\ProgramData\USOShared
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\Foxit PhantomPDF
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-09-25 12:01 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2017-09-25 12:01 - 2015-10-24 19:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-25 12:01 - 2015-10-24 19:26 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-25 12:01 - 2015-08-31 12:52 - 000000000 ____D C:\Program Files\Acer
2017-09-25 12:01 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\Acer
2017-09-25 12:01 - 2015-07-10 15:14 - 000000000 ____D C:\Program Files\Windows Journal
2017-09-20 21:13 - 2017-05-04 15:25 - 000000886 _____ C:\Users\Acer\Desktop\EMDB.lnk
2017-09-20 09:46 - 2016-11-17 22:53 - 000000000 ____D C:\Users\Acer\Documents\Custom Office Templates
2017-09-02 10:05 - 2016-11-18 15:16 - 000000000 ____D C:\Users\Acer\Scrivener ScratchPad
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-09-25 11:58
==================== Ende von FRST.txt ============================
|
|
27.09.2017, 22:01
| #9 |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht starteteCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
durchgeführt von Acer (27-09-2017 22:56:04)
Gestartet von I:\Vorübergehend
Windows 10 Home Version 1703 (X64) (2017-09-25 10:10:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Acer (S-1-5-21-2633882361-2691834456-3919945701-1001 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-2633882361-2691834456-3919945701-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2633882361-2691834456-3919945701-503 - Limited - Disabled)
Gast (S-1-5-21-2633882361-2691834456-3919945701-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-8d9b4f73-bb47-4fea-917d-c50dd2ffed5c) (Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
Amazon 1Button App (HKLM-x32\...\{5095145F-A690-405A-9ABF-69C7A7319834}) (Version: 2.2.2 - Amazon) <==== ACHTUNG
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (HKLM-x32\...\WTA-ff512562-ab4b-4aae-9e8c-1d09bd47ac58) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-679326c7-f13f-4d56-ae2e-6a7fee2304c7) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-ad853ef4-00ea-4eae-8b6e-18dee9cd5722) (Version: 3.0.2.118 - WildTangent) Hidden
Kodi (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Kodi) (Version: - XBMC-Foundation)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic Academy (HKLM-x32\...\WTA-4c57b906-a5ca-4c03-9798-68e13f3261f1) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Peace (HKLM\...\Peace) (Version: 1.4.2.3 - P.E. Verbeek)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d421feba-0407-4288-b40c-de6252d31e83) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.067 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-6e35cc10-c9f5-48e9-baf9-e03aec7ff14d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-4527bc60-c537-4ef8-8c87-cc9539bb1241) (Version: 3.0.2.126 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WD Drive Utilities (HKLM-x32\...\{11CB7063-2D22-42B5-B57B-CC0BABBB2B21}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{6f54e1c5-bdbf-46bf-987d-345aeffd2b61}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001_Classes\CLSID\{CF6181BA-D469-441A-BE79-BB70A2EC3D0B}\InprocServer32 -> C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll (SHIROUZU Hiroaki)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ContextMenuHandlers1: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-01] (Intel Corporation)
ContextMenuHandlers6: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers4_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {049A9857-C539-41BD-95B7-B2CD78B144F8} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {39C2231C-6A73-4957-BFB0-B4E4889CBF97} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => C:\WINDOWS\system32\ResetEngine.exe [2017-03-18] (Microsoft Corporation)
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {5DA8FE22-3893-4E4A-B7BD-892617287A0B} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {6D57CCCD-F0C1-4B07-99B9-5CB6B8E83A2A} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
Task: {6E6FA363-2D80-4036-AA76-B037CF49BC4B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {932EC946-767B-4FAA-9B54-A4A4A2DF1822} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {BE83D780-8532-4A19-8D70-15DB8C617FBA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {D580BF3C-83CE-4E6B-B1A1-20EB95353BC4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-19 09:11 - 2015-05-19 09:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-01 02:01 - 2017-02-01 02:01 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-25 12:32 - 2017-09-25 12:33 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-27 22:33 - 2017-09-27 22:33 - 000566439 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-09-27 22:33 - 2017-09-27 22:33 - 004078962 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-04-24 20:23 - 2015-02-09 11:18 - 000124440 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2017-07-19 21:55 - 2017-07-19 21:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-05-18 19:16 - 2017-05-06 23:54 - 004825600 _____ () C:\Lw C\Programme\ArsClip\ArsClip.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\Programme\Everything\Everything.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
2015-10-24 20:00 - 2015-05-14 09:10 - 000030976 _____ () C:\OEM\Preload\FubTracking\FubTracking.exe
2017-09-25 14:43 - 2017-07-26 14:25 - 004755968 _____ () C:\Program Files\EqualizerAPO\config\Peace.exe
2017-05-24 20:11 - 2017-05-24 20:11 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-05-05 20:04 - 2017-01-29 10:23 - 002791424 _____ () C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
2017-09-27 22:16 - 2017-09-27 22:16 - 000165376 _____ () I:\Downloads\SystemLook_x64.exe
2017-05-24 20:12 - 2017-05-24 20:12 - 002920752 _____ () C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
2017-05-24 20:17 - 2017-05-24 20:17 - 000233264 _____ () C:\Program Files (x86)\Acer\Care Center\ManagedNativeUtilities.dll
2017-09-25 12:34 - 2017-09-25 12:34 - 000061952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000205824 _____ () C:\Lw C\Programme\Aimp\System\libsoxr.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\libFLAC.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\lame_enc.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000759296 _____ () C:\Lw C\Programme\Aimp\System\Encoders\aimp_libvorbis.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000156208 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_AnalogMeter\aimp_AnalogMeter.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000171568 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_cdda\aimp_cdda.dll
2017-05-16 21:14 - 2016-12-05 08:42 - 001271296 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_openwith\aimp_openwith.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000159232 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_sacd\libsacd.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000026624 _____ () C:\Lw C\Programme\Aimp\Plugins\Aorta\Aorta.dll
2017-03-08 13:12 - 2016-05-24 11:43 - 002184704 _____ () C:\Lw C\Programme\Aimp\Plugins\CurrentTrackInfoToFile\CurrentTrackInfoToFile.dll
2017-04-23 18:11 - 2015-12-18 16:22 - 000355328 _____ () C:\Lw C\Programme\Aimp\Plugins\NextGroup\NextGroup.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-09-25 15:47 - 2017-09-25 15:47 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-27 22:39 - 2017-09-27 22:39 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nso37D4.tmp\System.dll
2017-09-27 22:39 - 2017-09-27 22:39 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nso37D4.tmp\registry.dll
2017-09-27 22:39 - 2017-09-27 22:39 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nso37D4.tmp\newadvsplash.dll
2017-06-08 22:04 - 2017-05-30 10:14 - 000503832 _____ () C:\Lw C\Programme\PhraseExpress\pexlang.dll
2017-09-27 22:42 - 2017-09-27 22:42 - 000011264 _____ () C:\Users\Acer\AppData\Local\Temp\nsbAA27.tmp\System.dll
2017-09-27 22:42 - 2017-09-27 22:42 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nsbAA27.tmp\newadvsplash.dll
2017-09-27 22:42 - 2017-09-27 22:42 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsbAA27.tmp\registry.dll
2017-01-23 22:11 - 2010-08-15 20:34 - 000204800 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ComparePlugin.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000121344 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ElasticTabstops.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000100864 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\gtagfornplus.dll
2017-08-15 23:20 - 2017-08-15 23:20 - 000021680 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppExport.dll
2017-01-23 22:11 - 2011-09-21 22:46 - 001673728 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppFTP.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000157184 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppPlugin_PluginMargin.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000230400 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppQCP.dll
2017-01-23 22:12 - 2007-08-05 03:10 - 000250368 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\Config\tidy\libTidy.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\amazon.de -> amazon.de
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-09-27 22:25 - 2017-09-27 22:25 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{E3FEAC49-AFA0-40F6-AB81-AE90E5ECC1DD}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [UDP Query User{F94CE2B9-86A2-4FCE-B14E-F1D931EBC7D6}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{FCEA3589-4A97-4635-90C6-CCC85FACDBD0}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{F7BC1AF9-4ED2-4E86-ADED-F9195B3AD18A}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
==================== Wiederherstellungspunkte =========================
25-09-2017 13:15:38 Installed Macrium Reflect Free Edition
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/27/2017 10:35:48 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (09/27/2017 10:35:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (09/27/2017 09:51:40 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0x8007232B
Befehlszeilenargumente:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=TimerEvent
Error: (09/27/2017 12:44:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FreeCommander.exe, Version: 2017.1.0.740, Zeitstempel: 0x58820979
Name des fehlerhaften Moduls: windows.storage.dll, Version: 10.0.15063.608, Zeitstempel: 0x6f35672f
Ausnahmecode: 0xc000041d
Fehleroffset: 0x001e2a41
ID des fehlerhaften Prozesses: 0x32e8
Startzeit der fehlerhaften Anwendung: 0x01d337701154912a
Pfad der fehlerhaften Anwendung: C:\Lw C\LiberKey\Apps\FreeCommander\App\FreeCommander\FreeCommander.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\windows.storage.dll
Berichtskennung: ec3f7df9-9951-4a9c-a89f-fafd87717a79
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/27/2017 12:44:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FreeCommander.exe, Version: 2017.1.0.740, Zeitstempel: 0x58820979
Name des fehlerhaften Moduls: windows.storage.dll, Version: 10.0.15063.608, Zeitstempel: 0x6f35672f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001e2a41
ID des fehlerhaften Prozesses: 0x32e8
Startzeit der fehlerhaften Anwendung: 0x01d337701154912a
Pfad der fehlerhaften Anwendung: C:\Lw C\LiberKey\Apps\FreeCommander\App\FreeCommander\FreeCommander.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\windows.storage.dll
Berichtskennung: ee4b2562-a64f-49cc-ba5e-a65910bc3bcc
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/27/2017 12:19:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Scrivener.exe, Version 1.9.7.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1e20
Startzeit: 01d3377841552725
Beendigungszeit: 354
Anwendungspfad: C:\Lw C\Programme\Scrivener\Scrivener.exe
Berichts-ID: 0a809c20-47f3-4b28-822c-3361635b9cf0
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/27/2017 07:44:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Rainlendar2.exe, Version: 2.13.1.0, Zeitstempel: 0x5645d53e
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.15063.608, Zeitstempel: 0x8274fd8b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000003cd29
ID des fehlerhaften Prozesses: 0x10b8
Startzeit der fehlerhaften Anwendung: 0x01d3375392eba467
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\RainlendarPro\App\Rainlendar64\Rainlendar2.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: b7e6d168-f2d2-43af-8e89-656e56bb644f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 11:59:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm AIMP.exe, Version 4.1.3.1897 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1dac
Startzeit: 01d3364d319b564a
Beendigungszeit: 4294967295
Anwendungspfad: C:\Lw C\Programme\Aimp\AIMP.exe
Berichts-ID: 55c00ae0-28e3-4799-9bc4-e39ba0669990
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/26/2017 08:06:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0x01d336f21da97f2b
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: 7d038a37-3f24-472a-8e68-49ab737b705b
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/26/2017 08:06:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Name des fehlerhaften Moduls: MyImgur.exe, Version: 3.8.5.394, Zeitstempel: 0x57deb4c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000882f
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0x01d336f21da97f2b
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Pfad des fehlerhaften Moduls: C:\Lw C\Programme\MyImgur - Screenshot und Uploader\MyImgur.exe
Berichtskennung: e2adf8a8-0d8d-49bf-a2a9-ee49e3e671f3
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (09/27/2017 10:33:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (09/27/2017 10:26:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (09/27/2017 10:25:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Malwarebytes Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/27/2017 10:25:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Security Assist" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "User Experience Improvement Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GamesAppIntegrationService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/27/2017 10:25:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2017-09-26 20:04:04.592
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 20:00:25.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 20:00:06.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 18:21:26.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 14:15:53.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 14:15:51.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:31:46.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:22:52.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:13:48.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:01:39.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 85%
Installierter physikalischer RAM: 8107.32 MB
Verfügbarer physikalischer RAM: 1210.36 MB
Summe virtueller Speicher: 12459.32 MB
Verfügbarer virtueller Speicher: 4977.07 MB
==================== Laufwerke ================================
Drive c: (C - Acer) (Fixed) (Total:237.87 GB) (Free:32.47 GB) NTFS
Drive i: (I 5TB WD Elemen BiffsHaupt-Daten) (Fixed) (Total:4657.49 GB) (Free:118.82 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B7D59E20)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== Ende von Addition.txt ============================
|
|
28.09.2017, 13:49
| #10 | |||
| /// TB-Ausbilder | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus, Zitat:
Zitat:
Zitat:
wir entfernen noch ein bisschen was und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (28.09.2017 um 13:55 Uhr) |
|
28.09.2017, 22:33
| #11 | |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus Matthias! Das Scannen, fast 5 Stunden bis jetzt, wird wohl noch einige Zeit dauern, glaube, gerade wurde die angeschlossene externe 5TB zu scannen begonnen. Hier schon mal der erste Teil abgearbeitet. Zitat:
Woher kommen eigentlich all diese Einträge in der Registry? War da eigentlich - von diesen PUP, diesen wohl nur als unerwünscht, aber wohl nicht als richtig schädlich ansehbaren kleinen Programmen, etwa auch Cookies (zum Beispiel Amazon) abgesehen - auch richtig unschöne Schadsoftware, die die Probleme verursachte oder kann es auch nach wie vor noch an besagtem Win-Update gelegen haben oder an technischen Problemen, vielleicht einer defekte SSD, oder woanders dran? Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
durchgeführt von Acer (28-09-2017 18:20:49) Run:2
Gestartet von I:\Vorübergehend
Geladene Profile: Acer (Verfügbare Profile: Acer)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\OEM\Preload\Command\AlaunchX\BackupLinks\Booking.com.lnk
C:\Users\Acer\Favorites\Booking.com.url
C:\Users\Default\Favorites\Booking.com.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
C:\Users\Acer\Desktop\App Explorer*.lnk
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> {4D47EB80-5AEB-4282-8128-D87EEE1DD9B0} URL =
DeleteKey: HKEY_CURRENT_USER\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Amazon1ButtonRuntime.dll
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Amazon1ButtonRuntime.dll
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AppDataLow\Software\Amazon\Amazon1ButtonApp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5095145F-A690-405A-9ABF-69C7A7319834}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\AppID\Amazon1ButtonRuntime.dll
Reboot:
*****************
C:\OEM\Preload\Command\AlaunchX\BackupLinks\Booking.com.lnk => erfolgreich verschoben
C:\Users\Acer\Favorites\Booking.com.url => erfolgreich verschoben
C:\Users\Default\Favorites\Booking.com.url => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk => erfolgreich verschoben
=========== "C:\Users\Acer\Desktop\App Explorer*.lnk" ==========
C:\Users\Acer\Desktop\App Explorer (1).lnk => erfolgreich verschoben
========= Ende -> "C:\Users\Acer\Desktop\App Explorer*.lnk" ========
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D47EB80-5AEB-4282-8128-D87EEE1DD9B0} => Schlüssel erfolgreich entfernt
HKLM\Software\Classes\CLSID\{4D47EB80-5AEB-4282-8128-D87EEE1DD9B0} => Schlüssel nicht gefunden.
HKEY_CURRENT_USER\Software\AppDataLow\Software\Amazon\Amazon1ButtonApp => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Amazon1ButtonRuntime.dll => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F5415905096AA504A9FB967C7A138943 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Amazon1ButtonRuntime.dll => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{87BDDAA1-CB99-4B47-89F6-7651D7731BC6} => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{D2E5FFD9-E488-4844-8C6D-051AA67C99F2} => Schlüssel nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F5415905096AA504A9FB967C7A138943 => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AppDataLow\Software\Amazon\Amazon1ButtonApp => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5095145F-A690-405A-9ABF-69C7A7319834} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\AppID\Amazon1ButtonRuntime.dll => Schlüssel nicht gefunden.
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:20:53 ====
Code:
ATTFilter HitmanPro 3.7.20.286
www.hitmanpro.com
Computer name . . . . : LAPTOP-3HCESL2G
Windows . . . . . . . : 10.0.0.15063.X64/4
User name . . . . . . : LAPTOP-3HCESL2G\Acer
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-09-28 18:34:38
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 18s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 3.009.362
Files scanned . . . . : 66.723
Remnants scanned . . : 1.595.309 files / 1.347.330 keys
Suspicious files ____________________________________________________________
C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Size . . . . . . . : 1.686.736 bytes
Age . . . . . . . : 3.3 days (2017-09-25 12:12:36)
Entropy . . . . . : 4.6
SHA-256 . . . . . : A343D94D748F8A2C06EA45566ECCCE1FCDC7660E0A2DBFF92E9741904FE0D559
Product . . . . . : Microsoft OneDrive
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft OneDrive
Version . . . . . : 17.3.6998.0830
Copyright . . . . : © Microsoft Corporation. All rights reserved.
RSA Key Size . . . : 2048
Parent Name . . . : C:\Windows\explorer.exe
LanguageID . . . . : 1033
Authenticode . . . : Valid
Running processes : 10208
Fuzzy . . . . . . : 22.0
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
Uses the Windows Registry to run each time the user logs on.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Program is code signed with a valid Authenticode certificate.
Startup
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive
References
C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
Forensic Cluster
-64.6s C:\Users\Acer\AppData\Local\Microsoft\GameDVR\
-64.6s C:\Users\Acer\AppData\Local\Microsoft\GameDVR\KnownGameList.bin
-64.1s C:\ProgramData\Microsoft\DataMart\PaidWiFi\NetworksCache\
-64.1s C:\ProgramData\Microsoft\DataMart\PaidWiFi\NetworksCache\Etag.txt
-64.0s C:\ProgramData\Microsoft\DataMart\PaidWiFi\NetworksCache\Networks.json
-64.0s C:\Users\Acer\Searches\winrt--{S-1-5-21-2633882361-2691834456-3919945701-1001}-.searchconnector-ms
-63.9s C:\Users\Acer\AppData\Local\Microsoft\Windows\Burn\
-63.9s C:\Users\Acer\AppData\Local\Microsoft\Windows\Burn\Burn\
-63.9s C:\Users\Acer\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
-63.9s C:\ProgramData\Microsoft\DataMart\PaidWiFi\Rules\
-62.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\53\7D894F7FFC3DF2CD.dat
-62.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\53\
-61.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1
-61.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.6s C:\Users\Acer\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.6s C:\Users\Acer\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.6s C:\Users\Acer\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.6s C:\Users\Acer\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.6s C:\Users\Acer\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.6s C:\Users\Acer\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.5s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296329\imprbeacons.dat
-61.5s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296329\
-61.5s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296329\eventbeacons.dat
-61.5s C:\Users\Acer\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1
-61.5s C:\Users\Acer\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG2
-61.5s C:\Users\Acer\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG1
-61.5s C:\Users\Acer\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.LOG2
-60.3s C:\Users\Acer\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd
-59.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00001.log
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb00002.log
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log
-59.4s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbtmp.log
-59.3s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00001.jrs
-59.3s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edbres00002.jrs
-59.3s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk
-59.1s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.jfm
-59.0s C:\Users\Acer\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243289\eventbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\eventbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\onesettings_waas_featuremanagement\eventbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296333\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296333\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\296333\eventbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\eventbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\imprbeacons.dat
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\
-58.2s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280819\eventbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\eventbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\imprbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\imprbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\243292\eventbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\imprbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280813\eventbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\imprbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\280815\eventbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\imprbeacons.dat
-58.1s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310091\eventbeacons.dat
-56.5s C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f26e3033-8d1f-460f-8e04-165d08110d32}\
-56.5s C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{f26e3033-8d1f-460f-8e04-165d08110d32}\snapshot.etl
-56.5s C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\
-56.3s C:\Users\Acer\AppData\Roaming\Microsoft\InputMethod\Chs\
-56.3s C:\Users\Acer\AppData\Roaming\Microsoft\InputMethod\Chs\ChsPinyinUDL_RoamUp.dat
-56.3s C:\Users\Acer\AppData\Roaming\Microsoft\InputMethod\Chs\ChsPinyinEUDP_RoamUp.lex
-56.3s C:\Users\Acer\AppData\Roaming\Microsoft\InputMethod\
-53.2s C:\Windows\prefetch\CONSENT.EXE-40419367.pf
-52.2s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\
-52.2s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\setup\logs\
-52.2s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2017-09-25_121144_1f94-2f0.log
-52.2s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\setup\
-52.0s C:\Users\Acer\AppData\Local\Microsoft\Windows Live\
-52.0s C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Bici\
-51.7s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2017-09-25_121145_1f80-1820.log
-50.7s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\logs\BackgroundAgent.20170925.log
-50.2s C:\Users\Acer\AppData\Local\clear.fi\
-50.2s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\logs\acercloudsdk.20170925_121146_662000.log
-50.2s C:\ProgramData\Acer\CCDMSrv\Users\S-1-5-21-2633882361-2691834456-3919945701-1001
-49.6s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\logs\ccd\
-49.4s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\logs\ccd\special_logs\
-49.4s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\logs\ccd\special_logs\CCDStart.log
-49.3s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\
-49.3s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\iotp
-49.3s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\update\
-49.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\79\
-49.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\79\E6B26FF05C0B984B.dat
-49.2s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\cache\
-49.2s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\cache\users\
-49.1s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\cache\main.bin
-49.0s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\options.xml
-48.5s C:\Users\Acer\AppData\Local\clear.fi\acerlib\
-48.5s C:\Users\Acer\AppData\Local\clear.fi\acerlib\photo\
-48.5s C:\Users\Acer\AppData\Local\clear.fi\acerlib\media\
-48.5s C:\Users\Acer\AppData\Local\clear.fi\acerlib\photo\acerlib.db
-48.4s C:\Users\Acer\AppData\Local\clear.fi\acerlib\media\acerlib.db
-45.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\85\633836A0A8BF9891.dat
-45.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\85\
-45.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\AB353B2DD70F3505F3A5843D7FF1CA53
-45.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\
-44.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ED4C8E6DB4717086D41B7F156B08BFE4
-44.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\7EEA782E55AEBA25.dat
-44.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\
-44.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\
-43.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\7FBC246B1FDC8007D98D7F8F9D004044
-42.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\
-42.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\
-42.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{307ECFA1-4E3A-4D7C-AA2B-2DF1C962CCDE}
-39.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\00AF38C8C566F986.dat
-39.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\
-39.3s C:\Users\Acer\AppData\Roaming\Highresolution Enterprises\
-39.3s C:\Users\Acer\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\
-38.0s C:\Windows\prefetch\EVERYTHING.EXE-8E7C577B.pf
-37.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\53\7EEA782E55AEBA25.dat
-36.8s C:\Windows\prefetch\EVERYTHING.EXE-6F319A90.pf
-29.3s C:\Windows\prefetch\XMOUSEBUTTONCONTROL.EXE-81BF644D.pf
-28.9s C:\Users\Acer\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\
-28.9s C:\Users\Acer\AppData\Local\Packages\ActiveSync\
-28.9s C:\Users\Acer\AppData\Local\Packages\ActiveSync\LocalState\
-27.8s C:\Users\Acer\AppData\Local\AOP SDK\acer\
-27.8s C:\Users\Acer\AppData\Local\AOP SDK\acer\log\
-27.8s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\log\
-27.8s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\log\AcerPortal.20170925_121209_123000.log
-27.6s C:\Users\Acer\AppData\Local\AOP SDK\acer\log\CommonComponent.AcerPortal.20170925.log
-26.8s C:\Users\Acer\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
-23.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\31\E8113734E89CED37.dat
-23.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\31\
0.0s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrive.exe
0.0s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDrivePersonal.cmd
0.0s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
0.5s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Credentials\
0.5s C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D
0.9s C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\0000000000000000.idx
2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\0000000000000000.idx
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\13\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\08\
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\06\
3.3s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\logs\
3.3s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\logs\Personal\
3.3s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\logs\Personal\SyncEngine-2017-9-25.1012.10604.1.odl
3.5s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\settings\
3.5s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2017-09-25_121240_296c-2950.log
3.5s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\Update\
3.5s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\settings\Personal\
4.6s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\Update\update.xml
4.6s C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Bici\_00.sqm
4.7s C:\Users\Acer\AppData\Local\Microsoft\Windows Live\Bici\_01.sqm
4.8s C:\Users\Acer\AppData\Local\clear.fi\Photo.zip
5.8s C:\Users\Acer\AppData\Local\AOP SDK\acer infra\acer\SyncAgent\cc\to_delete\
5.9s C:\Users\Acer\AppData\Local\clear.fi\Photo\
5.9s C:\Users\Acer\AppData\Local\clear.fi\Photo\abPhotoSetup.exe
6.6s C:\Users\Acer\AppData\Local\clear.fi\Photo\abPhoto\
6.9s C:\Users\Acer\AppData\Local\clear.fi\Photo\abPhoto\abPhoto.exe
8.4s C:\ProgramData\McAfee\mcini.ini
10.5s C:\Users\Acer\AppData\Local\clear.fi\Photo\abPhoto\abPhotoSetup.exe
10.6s C:\Windows\syswow64\config\systemprofile\AppData\Local\Microsoft\
10.6s C:\Windows\syswow64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches\
10.6s C:\Windows\syswow64\config\systemprofile\AppData\Local\Microsoft\Windows\
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_EF79A545C782BBA655019EC0ADB90AE2
10.9s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\
11.1s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37570AF16029C559A6224EE4AF54691D
11.1s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37570AF16029C559A6224EE4AF54691D
11.3s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9F08575E2099C04869F34A6342C1C728_4D089AAE9B5080FE53328B264F4DEBDF
11.3s C:\Windows\syswow64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9F08575E2099C04869F34A6342C1C728_4D089AAE9B5080FE53328B264F4DEBDF
12.5s C:\Windows\INF\1394.PNF
12.5s C:\Windows\INF\acpidev.PNF
12.5s C:\Windows\INF\acpipagr.PNF
12.5s C:\Windows\INF\acpipmi.PNF
12.5s C:\Windows\INF\acpitime.PNF
12.5s C:\Windows\INF\arcsas.PNF
12.5s C:\Windows\INF\netbvbda.PNF
12.5s C:\Windows\INF\bcmfn2.PNF
12.6s C:\Windows\INF\ChargeArbitration.PNF
12.6s C:\Windows\INF\capimg.PNF
12.6s C:\Windows\INF\cdrom.PNF
12.6s C:\Windows\INF\cht4vx64.PNF
12.6s C:\Windows\INF\circlass.PNF
12.6s C:\Windows\INF\cmbatt.PNF
12.6s C:\Windows\INF\compositebus.PNF
12.6s C:\Windows\INF\disk.PNF
12.6s C:\Windows\INF\netevbda.PNF
12.6s C:\Windows\INF\ehstortcgdrv.PNF
12.6s C:\Windows\INF\errdev.PNF
12.6s C:\Windows\INF\oem6.PNF
12.6s C:\Windows\INF\fdc.PNF
12.7s C:\Windows\INF\flpydisk.PNF
12.7s C:\Windows\INF\wgencounter.PNF
12.7s C:\Windows\INF\genericusbfn.PNF
12.7s C:\Windows\INF\hidbatt.PNF
12.7s C:\Windows\INF\hidi2c.PNF
12.7s C:\Windows\INF\hidinterrupt.PNF
12.7s C:\Windows\INF\hidir.PNF
12.7s C:\Windows\INF\input.PNF
12.7s C:\Windows\INF\msmouse.PNF
12.7s C:\Windows\INF\iagpio.PNF
12.7s C:\Windows\INF\iai2c.PNF
12.7s C:\Windows\INF\iaLPSS2i_GPIO2_SKL.PNF
12.7s C:\Windows\INF\iaLPSS2i_GPIO2_BXT_P.PNF
12.8s C:\Windows\INF\iaLPSS2i_I2C_SKL.PNF
12.8s C:\Windows\INF\iaLPSS2i_I2C_BXT_P.PNF
12.8s C:\Windows\INF\ialpssi_gpio.PNF
12.8s C:\Windows\INF\ialpssi_i2c.PNF
12.8s C:\Windows\INF\oem1.PNF
12.8s C:\Windows\INF\oem12.PNF
12.8s C:\Windows\INF\oem10.PNF
12.8s C:\Windows\INF\oem4.PNF
12.8s C:\Windows\INF\iastorav.PNF
12.8s C:\Windows\INF\iastorv.PNF
12.8s C:\Windows\INF\mlx4_bus.PNF
12.8s C:\Windows\INF\intelpep.PNF
12.8s C:\Windows\INF\kdnic.PNF
12.8s C:\Windows\INF\mausbhost.PNF
13.1s C:\Windows\INF\monitor.PNF
13.1s C:\Windows\INF\msgpiowin32.PNF
13.1s C:\Windows\INF\mssmbios.PNF
13.1s C:\Windows\INF\mtconfig.PNF
13.1s C:\Windows\INF\npsvctrig.PNF
13.1s C:\Windows\INF\nvdimmn.PNF
13.1s C:\Windows\INF\msports.PNF
13.2s C:\Windows\INF\pmem.PNF
13.2s C:\Windows\INF\rdpbus.PNF
13.2s C:\Windows\INF\sbp2.PNF
13.2s C:\Windows\INF\scmbus.PNF
13.2s C:\Windows\INF\SDFRd.PNF
13.2s C:\Windows\INF\sdstor.PNF
13.2s C:\Windows\INF\spaceport.PNF
13.2s C:\Windows\INF\wstorflt.PNF
13.2s C:\Windows\INF\stornvme.PNF
13.2s C:\Windows\INF\storufs.PNF
13.2s C:\Windows\INF\swenum.PNF
13.2s C:\Windows\INF\termmou.PNF
13.2s C:\Windows\INF\tsgenericusbdriver.PNF
13.2s C:\Windows\INF\uaspstor.PNF
13.3s C:\Windows\INF\uefi.PNF
13.3s C:\Windows\INF\ufxchipidea.PNF
13.3s C:\Windows\INF\ufxsynopsys.PNF
13.3s C:\Windows\INF\umbus.PNF
13.3s C:\Windows\INF\umpass.PNF
13.3s C:\Windows\INF\urschipidea.PNF
13.3s C:\Windows\INF\urssynopsys.PNF
13.3s C:\Windows\INF\usb.PNF
13.3s C:\Windows\INF\usbcir.PNF
13.3s C:\Windows\INF\usbport.PNF
13.3s C:\Windows\INF\usbprint.PNF
13.3s C:\Windows\INF\usbstor.PNF
13.3s C:\Windows\INF\vdrvroot.PNF
13.3s C:\Windows\INF\wvmbus.PNF
13.3s C:\Windows\INF\wvmgid.PNF
13.3s C:\Windows\INF\volmgr.PNF
13.3s C:\Windows\INF\volume.PNF
13.3s C:\Windows\INF\wvpci.PNF
13.3s C:\Windows\INF\vstxraid.PNF
13.4s C:\Windows\INF\hiddigi.PNF
13.4s C:\Windows\INF\winusb.PNF
13.4s C:\Windows\INF\wmiacpi.PNF
13.4s C:\Windows\INF\xinputhid.PNF
22.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx
22.8s C:\Users\Acer\AppData\Roaming\Adobe\Flash Player\NativeCache\NativeCache.directory
22.9s C:\Users\Acer\AppData\Roaming\Adobe\Flash Player\AssetCache\
22.9s C:\Users\Acer\AppData\Roaming\Adobe\Flash Player\AssetCache\LEN2R4AU\
23.0s C:\Users\Acer\AppData\Roaming\Macromedia\
23.0s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\
23.0s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\
23.1s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\
23.1s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
23.1s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\macromedia.com\
23.1s C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\
24.8s C:\Windows\INF\basicdisplay.PNF
24.8s C:\Windows\INF\machine.PNF
24.8s C:\Windows\INF\c_swdevice.PNF
26.3s C:\Users\Acer\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
55.0s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\
55.8s C:\Users\Acer\AppData\Local\Microsoft\Internet Explorer\imagestore\
55.8s C:\Users\Acer\AppData\Local\Microsoft\Internet Explorer\imagestore\kkqomb7\
55.8s C:\Users\Acer\AppData\Local\Microsoft\Windows\WER\
55.8s C:\Users\Acer\AppData\Local\Microsoft\Windows\WER\ERC\
55.8s C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
55.8s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
55.8s C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx
55.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-FileHistory-Core%4WHC.evtx
55.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-ConnectedAccountState%4ActionCenter.evtx
55.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-ManagementAgent%4WHC.evtx
55.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-WorkFolders%4WHC.evtx
56.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{07BE0F27-AE90-4442-9938-F1AD2376BBF7}
56.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{0709F19E-223E-4144-BF4C-2990D65B8035}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{07CE2B24-9833-4A36-963E-830D102471EB}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{05CC57C1-2D71-48D9-857D-23C9FB6170E6}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{377BF47C-B97C-4693-BC6D-AFDF995EB9F1}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{0A3CEFB6-2906-4BBF-9E8A-DF32FC31E6F8}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1F37F0DA-F57B-4FEE-8C2B-3B5E1F1FB9F3}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{0B5CEAB4-E731-4B7C-91FA-57AD83F8BA8F}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{11975005-5E79-4A74-9CD2-9AD67C94630B}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{062F3DF3-DE37-4BE2-861F-5B3A172FD568}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1EB01783-E828-4EBD-869E-D01B6EB2F853}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{1F7F22D1-6D64-4B6F-AA56-7E21DE230CE5}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{2F2FDCB6-C5C7-42F0-983D-BB34922A4E4D}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{11372C8D-61EA-4084-B9E0-469ECCA357B9}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{336E4E2C-DFE5-453F-B735-878EEE6B2B2D}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{30666CEB-8548-4987-ADED-9E13AA6CAF45}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{30735845-8C8D-4635-A536-E8AC99018EA7}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{42F066AA-A57B-4AF7-8A24-7F3B50B0231F}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{4A480BD5-2386-4654-829A-B768063B28C4}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{3F766C83-185B-4261-B454-9CB7CEA5BEF1}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{4FA57CA6-250F-4B57-8EE5-1D73704E0B57}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{3AC96686-772D-438A-BE2C-24B732C07267}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{3A78354C-D79F-4472-AE63-1A47040AA5B4}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{2488B88D-6001-477D-BE98-2391E0218C3C}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{50DB3F64-1CF3-4CB7-8823-182313B71D7A}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{4F4DD6BD-2C4D-4AA9-AFEE-66B052EB3AE2}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{5948191A-D71B-4658-9366-9251C4F52118}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{418C4517-7929-478E-A68D-E98868102F79}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{5BB408B6-79A4-45FF-B172-C000586D9EC0}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{4FFA123B-16A5-4C88-AC03-A8AFD9058D0B}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{63A41BEF-3CD2-48C5-8CCC-BD872ADE3B92}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{63973356-03E0-4AE2-8F93-45D5B70F9681}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{54E920EC-5DCE-4DE0-93F5-A1A2981B8CD3}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{61CE26F7-6FA3-4F66-ABD2-E1BCD484F891}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{5B2CAFFD-5003-4279-883C-DF459051A538}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{63F6D4DF-A4B7-4243-92BE-51FC1C43ADE4}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{60F53940-14A9-4BD3-B851-38DC4AD8D718}
56.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{60155009-1354-4540-A01A-EDDF65827D56}
56.8s C:\ProgramData\OEM\Acer Registration\
56.8s C:\ProgramData\OEM\Acer Registration\timestamp.blob
56.8s C:\ProgramData\OEM\Acer Registration\NoNeedSendOOBE.dat
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{775AB8F6-9615-45F1-804F-95DE000F7B7F}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7554AB38-F4A4-4E97-AEC2-363311F08BDD}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7F813C20-114D-4D4C-AC6F-CE663D3CB1AA}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7E3CEDA0-2FB3-4D77-A58B-F75A114D8504}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{73EE3BBA-9D6A-42EC-B08E-B26F9C3A4571}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{827E7347-6CD5-4329-A00B-59B434BAAD15}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D847024-5CDA-465F-8D89-63A969C208EF}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{6B78D1F1-195A-45E8-81AE-A4D8CE212355}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{8E58F087-F842-4502-AE74-E43D5AF6A093}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{80A7572B-83F8-45DB-9570-168224A22DFB}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{9BAAE331-F8B9-4D35-90DC-58B7F67EE73A}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{8548D554-39D4-4512-935D-DC3E5F3381B0}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{87FEB2FC-3A4A-405C-B77C-CE895E793558}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{4BBDE7F7-1C90-4176-81D5-EDC550FB4DC7}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{8280ABFE-AA5F-4966-8D30-603F16BE2436}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{9B1ED4F2-8E75-4DCB-83EC-9C354142A9A3}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{9E95295D-1A63-4476-B07C-595047648A45}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A53A3578-5129-49FA-B37B-56FC5517ABC6}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A41A8921-03CF-4099-8750-4A25138F8559}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{5A5081A7-7CC7-41F8-B5D7-73BC67B6267F}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A94A68EA-42E9-47A3-9BA2-DB884ABF3E38}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{9AA25B0F-EC64-4B91-BE5F-D1051BD4F858}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{ADD28A3D-45D8-4BD4-849A-FD5578FF631B}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{9012A14C-D02B-450C-B548-B0DA64B97FB8}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{AF150160-D74D-4115-9C9A-85CFD3858608}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A13CA2E4-6871-4ECD-ABEA-E7036B749ADA}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{7F74670C-F311-4F39-8AD1-C65969D402F0}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A6FDCA63-2F04-4018-9A55-A7E614348397}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{AB347D34-AD1B-4DFB-8493-8C7885888311}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{92FE4D1B-FDD9-47F3-97DF-0D22C41F3541}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{B50F0EC4-D3B3-49BE-86FC-237A4B9AA704}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BC381550-1983-4960-BF05-1D74DD8222DF}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{AEB132E7-D059-41BC-B50A-44F0F9D96B1C}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BD7708FF-FA83-462C-8E08-912A58581DCA}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{B201E870-F6E4-4C3C-B812-DBBCEF54F7DF}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BC1D8569-46FB-4AB2-A7C5-4A2B96218A79}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C0F90C62-1AE7-4D52-800D-2BC73097791D}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BF1E503E-C7D0-42E6-960F-0BDDC91B9AB5}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BE61F00E-7A4B-461D-BFBF-B280100246FD}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C0528F44-4E21-4A1A-84E0-A956C77BE2AB}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{A37FECBF-8468-4038-AA71-E2BD5520331A}
57.3s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C6B52D96-D2A1-42EA-A1E9-42C43A760C05}
57.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C2127292-8182-4FE7-B93B-40EC25EB8494}
57.7s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{CDFED0B6-A93A-41E5-AD3F-A59C8478AE87}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{CC70FFFD-6EEB-4A28-8B89-8C17DE3C90B5}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D6024E99-6BD7-4862-AE73-3009CBACF0A3}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{DB898848-47D2-45CD-8E08-6692E866CA00}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D58502E3-E708-4F06-A92D-BE715CEAAF19}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{DBD7FABC-0ED3-4F87-9BD9-7455056B25B8}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{DE647852-1C87-49FA-BFB5-CF17DA87372C}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{DCF6B207-B8D7-42BF-80B6-5F13D66F42AB}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{DE8D62F1-68ED-4595-97B0-A166752D6060}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{E2D25A09-1F58-43D6-91AC-CB5692BCD4F3}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{D6F158FD-B879-4202-94A3-1A481DB1D10D}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{E1468D6E-3208-4A4F-B71B-55640658EED2}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{EA6CB045-E314-4133-8812-C06AEEB7366E}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{E221ABFE-96B6-4C3F-89A7-2821DB334107}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{BA67E9F8-B126-4D71-ACBD-3DDCEA40E18B}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{E7BD9E99-3C81-4A3B-8D44-9AB0E5DFDD56}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{F632FA1D-7F06-4EE8-AEB2-8F1419DC9129}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FA48C7E4-6CDF-46C3-951B-220A18D3FC18}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{B35A5E8D-0B80-45BC-8A34-70A1FC3B80A1}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FBB071A0-7135-439B-B934-24E83DAB8A59}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{E67EF0F1-0990-46EA-84D9-7236A3F35C09}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C1B7C972-F1B8-482C-A9B1-1972174FE24F}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FC6C4B6E-A226-4F72-92A7-80E2FDB32D83}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{F16D72B9-124F-4F33-BB07-FD97F4FC9CFF}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FF26B71C-4748-471A-9135-01C6480E65C6}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FECD23DB-2B95-4C05-8F25-CA3D56F389E4}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{FF916CA9-C889-49F0-B339-23EFB6738A90}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{F1892528-11C7-4029-8C56-5FC7301306A7}
57.8s C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\{C1238EA5-40E5-448B-87FD-9DF11EE4FAC9}
58.3s C:\ProgramData\Acer\CareCenter\TuneUp\Config\
58.3s C:\ProgramData\Acer\CareCenter\TuneUp\
58.3s C:\ProgramData\Acer\CareCenter\TuneUp\Config\CommonConfig.ini
58.3s C:\Users\Acer\AppData\Local\CareCenter\TuneUp\Config\
58.3s C:\Users\Acer\AppData\Local\CareCenter\
58.3s C:\Users\Acer\AppData\Local\CareCenter\TuneUp\
58.3s C:\ProgramData\Acer\CareCenter\TuneUp\Config\AppImpactHistory.ini
58.4s C:\Users\Acer\AppData\Local\CareCenter\TuneUp\Config\LocalConfig.ini
58.4s C:\Users\Acer\AppData\Local\CareCenter\TuneUp\Config\BootConfig.ini
58.4s C:\Users\Acer\AppData\Local\CareCenter\TuneUp\Config\TaskTemplate.xml
58.4s C:\ProgramData\Acer\CareCenter\TuneUp\Config\TaskTemplate.xml
68.3s C:\Windows\INF\hal.PNF
68.4s C:\Windows\INF\printqueue.PNF
70.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx
|
|
29.09.2017, 07:19
| #12 |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Hier der letzte Teil: Eset: Code:
ATTFilter C:\Lw C\Programme\FreeFileSync\FreeFileSync_8.6_Windows_Setup.exe Variante von Win32/FusionCore.I eventuell unerwünschte Anwendung
C:\Lw C\Programme\FreeFileSync\FreeFileSync_9.3_Windows_Setup.exe Variante von Win32/FusionCore.P eventuell unerwünschte Anwendung,Variante von Win32/FusionCore.I eventuell unerwünschte Anwendung
C:\Lw C\Programme\Movie Collector\Movie Collector\Movie Collector.rar Variante von MSIL/Injector.SBC Trojaner
C:\OEM\Preload\APP\PCMANAGER\qqpcmgr_v10.5.15785.701_130175_Silence.exe Variante von Win32/Tencent.A eventuell unerwünschte Anwendung
I:\Eigene Dateien\Notebooks\Notebook Medion akoya P6630\Windows 7 & Support Disc\SUPPORT_40035611\TOOLS\Medion MediaPack\medion_mediapack_ext.exe Variante von Win32/Toolbar.Conduit.B eventuell unerwünschte Anwendung,Win32/Toolbar.Conduit.Y eventuell unerwünschte Anwendung,Win32/Toolbar.Conduit.A eventuell unerwünschte Anwendung
I:\Eigene Dateien\Theater\Filme\Wahrheit\Schüler gewinnen Film-Workshop in Mailand _ svz.de.mht HTML/ScrInject.B Trojaner
I:\Eigene Dateien\Theater\Theater\Bühne - Kultur allgemein - Kultur - Nachrichten - morgenweb.mht HTML/ScrInject.B Trojaner
I:\Eigene Dateien\Theater\Theater\„Wir sind Sprache_“ - Kultur - Nachrichten - morgenweb.mht HTML/ScrInject.B Trojaner
I:\Vorübergehend\date_and_time_calculator.exe Variante von Win32/InstallCore.AVR eventuell unerwünschte Anwendung
I:\Vorübergehend\Datum ändern\Vorübergehend\date_and_time_calculator.exe Variante von Win32/InstallCore.AVR eventuell unerwünschte Anwendung
I:\Vorübergehend\Datum ändern\Vorübergehend\Datum ändern\Vorübergehend\date_and_time_calculator.exe Variante von Win32/InstallCore.AVR eventuell unerwünschte Anwendung
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
durchgeführt von Acer (Administrator) auf LAPTOP-3HCESL2G (29-09-2017 07:58:17)
Gestartet von I:\Vorübergehend
Geladene Profile: Acer (Verfügbare Profile: Acer)
Platform: Windows 10 Home Version 1703 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: "C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "%1")
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Lw C\Programme\SUPERAntiSpyware\SASCore64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(AIMP DevTeam) C:\Lw C\Programme\Aimp\AIMP.exe
(Marek Jasinski) C:\Lw C\LiberKey\Apps\FreeCommander\App\FreeCommander\FreeCommander.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Lw C\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
() C:\Lw C\Programme\ArsClip\ArsClip.exe
() C:\Lw C\Programme\Everything\Everything.exe
() C:\Lw C\Programme\Everything\Everything.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
() C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
(Skwire Empire) C:\Lw C\Programme\sWeather\sWeather.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\Notepad++Portable\Notepad++Portable.exe
(Don HO don.h@free.fr) C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\notepad++.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
() C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Lw C\PortableApps\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe
(Bartels Media GmbH) C:\Lw C\Programme\PhraseExpress\phraseexpress.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
() C:\Lw C\Programme\Cherrytree\bin\cherrytree.exe
() C:\Lw C\Programme\Cherrytree\bin\dbus-daemon.exe
(ShareX Team) C:\Lw C\Programme\ShareX\ShareX.exe
() C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(AppWork GmbH) C:\Lw C\Programme\jDownloader 2\JDownloader2.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Highresolution Enterprises) C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe
(Scrivener HQ Pty Ltd.) C:\Lw C\Programme\Scrivener 2\Scrivener.exe
(QuestSoft) C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\EqualizerAPO\config\Peace.exe
(AppWork GmbH) C:\Lw C\Programme\jDownloader 2 - zippy\JDownloader2.exe
(PortableApps.com) C:\Lw C\PortableApps\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) C:\Lw C\PortableApps\PortableApps\ThunderbirdPortable\App\Thunderbird\thunderbird.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3351248 2015-09-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2307472 2017-06-30] (Western Digital Technologies, Inc.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-09-24] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-09-24] ()
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [SUPERAntiSpyware] => C:\Lw C\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964064 2017-08-17] (SUPERAntiSpyware)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Run: [Task Till Dawn] => C:\Lw C\Programme\Task Till Dawn\Task Till Dawn.exe [4262257 2017-07-25] (Oliver Matuschin)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Verknüpfung.lnk [2017-07-16]
ShortcutTarget: ArsClip.exe - Verknüpfung.lnk -> C:\Lw C\Programme\ArsClip\ArsClip.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Film- und Serienlisten.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Film- und Serienlisten.lnk -> C:\Lw C\Programme\Everything\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Everything.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: Everything.exe - Verknüpfung.lnk -> C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe ()
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\QTranslate.exe - Verknüpfung.lnk [2017-08-23]
ShortcutTarget: QTranslate.exe - Verknüpfung.lnk -> C:\Lw C\Programme\Sprache - Englisch\QTranslate\QTranslate.exe (QuestSoft)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2017-03-24]
ShortcutTarget: ShareX.lnk -> C:\Lw C\Programme\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sWeather.lnk [2016-04-04]
ShortcutTarget: sWeather.lnk -> C:\Lw C\Programme\sWeather\sWeather.exe (Skwire Empire)
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XMouseButtonControl.exe - Verknüpfung.lnk [2017-07-11]
ShortcutTarget: XMouseButtonControl.exe - Verknüpfung.lnk -> C:\Lw C\Programme\XMouseButtonControl\64bit (x64)\XMouseButtonControl.exe (Highresolution Enterprises)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8f4735e8-d30b-453d-87af-d26ae5341fdc}: [DhcpNameServer] 40.31.1.55
Tcpip\..\Interfaces\{ea4d4100-31d9-4320-8daa-4d4792956ba8}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001 -> DefaultScope {715F8B10-E4A8-401F-A82B-7789336983AA} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java2\bin\ssv.dll [2017-09-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java2\bin\jp2ssv.dll [2017-09-25] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\dtplugin\npDeployJava1.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java2\bin\plugin2\npjp2.dll [2017-09-25] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
Chrome:
=======
CHR Profile: C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (Google Präsentationen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-27]
CHR Extension: (Google Docs) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-27]
CHR Extension: (Google Drive) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-27]
CHR Extension: (YouTube) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-27]
CHR Extension: (Google Tabellen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-27]
CHR Extension: (Google Mail) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 !SASCORE; C:\Lw C\Programme\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Datei ist nicht signiert]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-26] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-04] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-04] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [331632 2017-06-30] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 ETDI2C; C:\WINDOWS\System32\drivers\ETDI2C.sys [175152 2015-06-09] (ELAN Microelectronic Corp.)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-03] (Intel Corporation)
S3 IUFileFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-09-21] (IObit.com)
S3 IURegProcessFilter; C:\Lw C\Programme\IObit Uninstaller Pro\App\uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [45024 2017-09-21] (IObit.com)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-04] (Acer Incorporated)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-28] (Malwarebytes)
R1 MpKsl3b158e13; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4EA60BC3-54BC-4ADF-B27A-AE373B9DECA9}\MpKsl3b158e13.sys [58120 2017-09-28] (Microsoft Corporation)
S3 MWAC; C:\WINDOWS\system32\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
S3 MWAC; C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ACHTUNG (Null Byte Datei/Ordner)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-04] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-05] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Lw C\Programme\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Lw C\Programme\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181392 2017-09-14] (Ray Hinchliffe)
U5 UnlockerDriver5; C:\Lw C\LiberKey\Apps\Unlocker\App\Unlocker\x64\UnlockerDriver5.sys [12352 2011-04-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-09-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-09-26] (Zemana Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-29 07:40 - 2017-09-29 07:40 - 000000000 ____D C:\Users\Acer\AppData\Local\Thunderbird
2017-09-28 19:41 - 2017-09-28 19:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-28 19:22 - 2017-09-28 19:22 - 000000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2017-09-28 18:41 - 2017-09-28 18:41 - 000000000 ____D C:\Users\Acer\AppData\Local\ESET
2017-09-28 18:33 - 2017-09-28 18:37 - 000000000 ____D C:\ProgramData\HitmanPro
2017-09-28 18:30 - 2017-09-28 18:30 - 000000000 ____D C:\N++RECOV
2017-09-28 14:21 - 2017-09-28 14:21 - 000000000 ____D C:\Users\Acer\AppData\Local\Remove_Empty_Directories
2017-09-28 09:32 - 2017-09-28 09:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMDB
2017-09-28 09:29 - 2017-09-28 09:29 - 000000000 ____D C:\Users\Acer\AppData\Roaming\WinRAR
2017-09-28 09:29 - 2017-09-28 09:29 - 000000000 ____D C:\Program Files\WinRAR
2017-09-28 07:50 - 2017-09-28 07:50 - 000000000 ____D C:\Users\Acer\AppData\Local\Ofi Labs
2017-09-27 21:30 - 2017-09-27 21:30 - 000000000 ____D C:\Users\Acer\AppData\Local\Google
2017-09-27 18:37 - 2017-09-27 18:37 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-09-27 09:41 - 2017-09-27 09:41 - 000000000 ____D C:\Users\Acer\AppData\Roaming\ThisIsMyFile
2017-09-27 08:24 - 2017-09-27 08:24 - 000000000 ____D C:\CloneSpy - gelöschte Dateien
2017-09-26 22:41 - 2017-09-26 23:18 - 000000000 ____D C:\AdwCleaner
2017-09-26 22:01 - 2017-09-29 07:58 - 000000000 ____D C:\FRST
2017-09-26 15:53 - 2017-09-26 15:53 - 000000000 ___HD C:\$Windows.~WS
2017-09-26 14:44 - 2017-09-26 14:44 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2017-09-26 14:42 - 2017-09-26 15:31 - 000000000 ____D C:\Boot
2017-09-26 13:22 - 2017-09-26 13:22 - 000000000 ____D C:\Users\Acer\AppData\Roaming\MyImgur
2017-09-26 13:02 - 2017-09-26 13:02 - 000000000 ____D C:\Users\Acer\AppData\Roaming\CareCenter
2017-09-26 12:39 - 2017-09-26 12:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Acer Incorporated
2017-09-26 11:15 - 2017-09-29 07:57 - 000196160 _____ C:\WINDOWS\ZAM.krnl.trace
2017-09-26 11:15 - 2017-09-29 07:57 - 000169601 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-09-26 11:15 - 2017-09-26 11:15 - 000000000 ____D C:\Users\Acer\AppData\Local\Zemana
2017-09-26 09:57 - 2017-09-26 09:57 - 000002014 _____ C:\Users\Acer\Desktop\Reflect.lnk
2017-09-26 09:50 - 2017-09-27 22:29 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-09-26 09:47 - 2017-09-26 18:20 - 000000000 ____D C:\ESD
2017-09-26 09:28 - 2017-09-14 09:05 - 000181392 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2017-09-26 07:25 - 2017-09-26 08:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\XnView
2017-09-26 00:33 - 2017-09-26 00:32 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-09-25 22:44 - 2017-09-25 23:17 - 000000000 ____D C:\Users\Acer\AppData\Roaming\IObit
2017-09-25 22:33 - 2017-09-25 23:17 - 000000000 ____D C:\ProgramData\ProductData
2017-09-25 22:33 - 2017-09-25 22:33 - 000000000 ____D C:\ProgramData\IObit
2017-09-25 20:31 - 2017-09-26 10:15 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Task Till Dawn
2017-09-25 19:40 - 2017-09-25 19:40 - 000001198 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Western Digital
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2017-09-25 19:40 - 2017-09-25 19:40 - 000000000 ____D C:\Program Files (x86)\Western Digital
2017-09-25 18:41 - 2017-09-29 07:40 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Thunderbird
2017-09-25 18:41 - 2017-09-29 07:40 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Mozilla
2017-09-25 18:31 - 2017-09-25 18:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-25 18:31 - 2017-09-25 18:31 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-25 15:50 - 2017-09-25 15:50 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Foxit Software
2017-09-25 15:43 - 2017-09-25 15:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2017-09-25 15:19 - 2017-09-25 15:19 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2633882361-2691834456-3919945701-1001
2017-09-25 15:14 - 2017-09-28 18:28 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-25 15:14 - 2017-09-25 15:14 - 000001920 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 15:14 - 2017-09-25 15:14 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-25 15:14 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-25 15:07 - 2017-09-25 15:07 - 000001952 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\Users\Acer\AppData\Roaming\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-09-25 15:07 - 2017-09-25 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-09-25 15:04 - 2017-09-25 15:04 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-25 15:04 - 2017-09-25 15:04 - 000000000 ____D C:\Program Files (x86)\Java2
2017-09-25 14:51 - 2017-09-27 21:44 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 14:43 - 2017-09-25 14:44 - 000001883 _____ C:\Users\Acer\Desktop\Peace.lnk
2017-09-25 14:43 - 2017-09-25 14:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peace
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Equalizer APO 1.2
2017-09-25 14:39 - 2017-09-25 14:39 - 000000000 ____D C:\Program Files\EqualizerAPO
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-09-25 14:28 - 2017-09-25 14:28 - 000000000 ____D C:\Program Files (x86)\Kodi
2017-09-25 14:19 - 2017-09-25 14:21 - 000000000 ____D C:\Users\Acer\AppData\Roaming\cherrytree - alt
2017-09-25 14:16 - 2017-09-27 08:46 - 000000000 ____D C:\Users\Acer\AppData\Roaming\FreeFileSync
2017-09-25 14:13 - 2017-09-25 14:13 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-25 14:08 - 2017-09-25 15:41 - 000000000 ____D C:\Program Files (x86)\Java
2017-09-25 14:08 - 2017-09-25 15:14 - 000000000 ____D C:\ProgramData\Oracle
2017-09-25 14:08 - 2017-09-25 14:08 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Sun
2017-09-25 13:15 - 2017-09-25 13:15 - 000002014 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-09-25 13:15 - 2017-09-25 13:15 - 000000000 ____D C:\Program Files\Macrium
2017-09-25 12:55 - 2017-09-28 12:43 - 000000000 ____D C:\Windows.old 2 - 2. Zurücksetzen - löschen, erledigt
2017-09-25 12:55 - 2017-09-25 12:55 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-09-25 12:54 - 2017-09-25 12:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-25 12:54 - 2017-09-25 12:54 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-09-25 12:54 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Elantech
2017-09-25 12:54 - 2017-09-25 11:58 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-25 12:53 - 2017-09-25 12:53 - 000000000 ____D C:\WINDOWS\Setup
2017-09-25 12:52 - 2017-09-28 18:34 - 000852772 _____ C:\WINDOWS\system32\perfh007.dat
2017-09-25 12:52 - 2017-09-28 18:34 - 000176452 _____ C:\WINDOWS\system32\perfc007.dat
2017-09-25 12:52 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\0409
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\MSBuild
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-25 12:52 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-25 12:52 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\OCR
2017-09-25 12:51 - 2017-09-02 17:15 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-25 12:51 - 2017-09-02 17:15 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-25 12:50 - 2017-09-25 12:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-25 12:50 - 2017-09-25 12:48 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-09-25 12:50 - 2017-09-25 12:48 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-09-25 12:50 - 2017-09-25 12:48 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-09-25 12:50 - 2017-09-25 12:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-09-25 12:50 - 2017-09-25 12:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-09-25 12:50 - 2017-09-25 12:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-09-25 12:50 - 2017-09-25 12:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-09-25 12:49 - 2017-09-28 19:41 - 000000000 ___RD C:\Program Files (x86)
2017-09-25 12:49 - 2017-09-28 18:29 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-25 12:49 - 2017-09-28 12:48 - 000000000 ____D C:\WINDOWS\rescache
2017-09-25 12:49 - 2017-09-28 08:16 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-25 12:49 - 2017-09-27 22:25 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-25 12:49 - 2017-09-27 22:25 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-25 12:49 - 2017-09-27 18:40 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 12:49 - 2017-09-26 14:13 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-09-25 12:49 - 2017-09-26 03:12 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-25 12:49 - 2017-09-26 00:20 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\WINDOWS\Provisioning
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-25 12:49 - 2017-09-26 00:19 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-25 12:49 - 2017-09-25 22:40 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-25 12:49 - 2017-09-25 22:31 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\IME
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\Help
2017-09-25 12:49 - 2017-09-25 12:52 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\ias
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-09-25 12:49 - 2017-09-25 12:50 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 __RSD C:\WINDOWS\Media
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Web
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Vss
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\tracing
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\TAPI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SystemResources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ras
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\IME
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\System
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SKB
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\SchCache
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Resources
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\PLA
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Performance
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\InputMethod
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Cursors
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\Branding
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\addins
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Security
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files\Common Files\Services
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-09-25 12:49 - 2017-09-25 12:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-09-25 12:49 - 2017-09-25 12:09 - 000000000 ____D C:\Program Files\Windows NT
2017-09-25 12:49 - 2017-09-25 12:08 - 000000000 ____D C:\WINDOWS\Registration
2017-09-25 12:49 - 2017-09-25 12:07 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-25 12:49 - 2017-09-25 12:06 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-25 12:49 - 2017-09-25 12:02 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-25 12:49 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-25 12:49 - 2017-09-25 12:00 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-25 12:49 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-25 12:46 - 2017-09-28 18:24 - 074973184 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-09-25 12:46 - 2017-09-28 18:24 - 041156608 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-25 12:46 - 2017-09-28 18:24 - 033554432 _____ C:\WINDOWS\system32\config\BBI
2017-09-25 12:46 - 2017-09-28 18:24 - 001572864 _____ C:\WINDOWS\system32\config\DEFAULT
2017-09-25 12:46 - 2017-09-28 18:24 - 000028672 _____ C:\WINDOWS\system32\config\SECURITY
2017-09-25 12:46 - 2017-09-27 11:31 - 000000000 ____D C:\ProgramData\Macrium
2017-09-25 12:46 - 2017-09-25 22:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-25 12:46 - 2017-09-25 18:31 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-25 12:46 - 2017-09-25 12:55 - 000024576 _____ C:\WINDOWS\system32\config\SAM
2017-09-25 12:46 - 2017-09-25 12:52 - 000000000 ____D C:\WINDOWS\servicing
2017-09-25 12:46 - 2017-09-25 12:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-09-25 12:45 - 2017-09-26 18:20 - 000000000 ____D C:\WINDOWS\Panther
2017-09-25 12:36 - 2017-09-25 12:36 - 000000000 ____D C:\Users\Acer\AppData\Local\DBG
2017-09-25 12:29 - 2017-09-25 12:29 - 000000000 ____D C:\Users\Acer\AppData\Local\MicrosoftEdge
2017-09-25 12:27 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\Comms
2017-09-25 12:25 - 2017-09-25 12:25 - 000000000 ____D C:\ProgramData\Synaptics
2017-09-25 12:17 - 2017-09-28 18:31 - 000000000 ____D C:\Users\Acer\AppData\Local\Mozilla
2017-09-25 12:16 - 2017-09-25 12:16 - 000000000 ____D C:\Users\Acer\AppData\Local\Notepad++
2017-09-25 12:15 - 2017-09-25 15:47 - 000003508 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2017-09-25 12:13 - 2017-09-25 12:27 - 000000000 ____D C:\Users\Acer\AppData\Local\CareCenter
2017-09-25 12:12 - 2017-09-25 15:19 - 000002392 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-25 12:12 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Macromedia
2017-09-25 12:11 - 2017-09-25 15:44 - 000000000 ____D C:\Users\Acer\AppData\Local\clear.fi
2017-09-25 12:11 - 2017-09-25 12:11 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Highresolution Enterprises
2017-09-25 12:10 - 2017-09-25 13:21 - 000000000 ____D C:\Users\Acer\AppData\Local\Packages
2017-09-25 12:10 - 2017-09-25 13:19 - 000000000 ____D C:\Users\Acer\AppData\Local\Publishers
2017-09-25 12:10 - 2017-09-25 12:12 - 000000000 ____D C:\Users\Acer\AppData\Local\AOP SDK
2017-09-25 12:10 - 2017-09-25 12:10 - 000000020 ___SH C:\Users\Acer\ntuser.ini
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\WINDOWS\oem
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Adobe
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\VirtualStore
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\TileDataLayer
2017-09-25 12:10 - 2017-09-25 12:10 - 000000000 ____D C:\Users\Acer\AppData\Local\ConnectedDevicesPlatform
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\Default User
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Users\All Users
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Vorlagen
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Startmenü
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Dokumente
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\ProgramData\Anwendungsdaten
2017-09-25 12:09 - 2017-09-25 12:09 - 000000000 _SHDL C:\Program Files\Gemeinsame Dateien
2017-09-25 12:06 - 2017-09-28 18:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-25 12:06 - 2017-09-26 00:27 - 000005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2017-09-25 12:06 - 2017-09-26 00:27 - 000003778 _____ C:\WINDOWS\System32\Tasks\ACC
2017-09-25 12:06 - 2017-09-26 00:27 - 000003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2017-09-25 12:06 - 2017-09-25 15:47 - 000003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2017-09-25 12:06 - 2017-09-25 12:06 - 000022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-09-25 12:06 - 2017-09-25 12:06 - 000003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2017-09-25 12:06 - 2017-09-25 12:06 - 000002706 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2017-09-25 12:06 - 2017-09-25 12:06 - 000002264 _____ C:\WINDOWS\System32\Tasks\Power Button
2017-09-25 12:06 - 2017-09-25 12:06 - 000002222 _____ C:\WINDOWS\System32\Tasks\Power Management
2017-09-25 12:06 - 2017-09-25 12:06 - 000002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2017-09-25 12:06 - 2017-09-25 12:06 - 000002074 _____ C:\WINDOWS\System32\Tasks\FUBTrackingByPLD
2017-09-25 12:03 - 2017-09-28 18:47 - 000000000 ____D C:\Users\Acer
2017-09-25 12:03 - 2017-09-25 12:03 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Vorlagen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Startmenü
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Netzwerkumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Lokale Einstellungen
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Eigene Dateien
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Druckumgebung
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Videos
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Musik
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Documents\Eigene Bilder
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Verlauf
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\AppData\Local\Anwendungsdaten
2017-09-25 12:03 - 2017-09-25 12:03 - 000000000 _SHDL C:\Users\Acer\Anwendungsdaten
2017-09-25 12:01 - 2017-09-25 12:01 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-09-25 11:59 - 2017-09-28 18:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-25 11:59 - 2017-09-25 12:01 - 000000000 ____D C:\Program Files\Intel
2017-09-25 11:59 - 2017-09-25 11:59 - 032931716 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-09-25 11:59 - 2017-09-25 11:59 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Realtek
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____D C:\Program Files\Common Files\Atheros
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-25 11:59 - 2017-03-18 22:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-25 11:59 - 2017-02-01 02:01 - 000112664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-09-25 11:59 - 2017-02-01 02:01 - 000108568 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-25 11:58 - 2017-09-29 07:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-25 11:58 - 2017-09-28 18:27 - 000218008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 11:01 - 2017-09-27 09:40 - 000000000 ____D C:\Users\Acer\Documents\Reflect
2017-09-21 16:12 - 2017-09-21 16:17 - 000000000 ____D C:\Users\Acer\Documents\Peace back up
2017-09-21 14:31 - 2017-09-21 14:31 - 000001341 _____ C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2017-09-21 14:27 - 2017-09-25 12:08 - 000008404 _____ C:\Users\Acer\Desktop\Entfernte Apps.html
2017-09-16 17:34 - 2017-09-05 07:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-16 17:34 - 2017-09-05 07:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-16 17:34 - 2017-09-05 07:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-16 17:34 - 2017-09-05 06:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-16 17:34 - 2017-09-05 06:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-16 17:34 - 2017-09-05 06:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-16 17:34 - 2017-09-05 06:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-16 17:34 - 2017-09-05 06:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-16 17:34 - 2017-09-05 06:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-16 17:34 - 2017-09-05 06:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-16 17:34 - 2017-09-05 06:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-16 17:34 - 2017-09-05 06:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:34 - 2017-09-05 06:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-16 17:34 - 2017-09-05 06:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-16 17:34 - 2017-09-05 06:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-16 17:34 - 2017-09-05 06:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-16 17:34 - 2017-09-05 06:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-16 17:34 - 2017-09-05 06:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-16 17:34 - 2017-09-05 06:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-16 17:34 - 2017-09-05 06:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-16 17:34 - 2017-09-05 06:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-16 17:34 - 2017-09-05 06:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-16 17:34 - 2017-09-05 06:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-16 17:34 - 2017-09-05 06:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-16 17:34 - 2017-09-05 06:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-16 17:34 - 2017-09-05 06:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-16 17:34 - 2017-09-05 06:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-16 17:34 - 2017-09-05 06:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-16 17:34 - 2017-09-05 06:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-16 17:34 - 2017-09-05 06:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-16 17:34 - 2017-09-05 06:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-16 17:34 - 2017-09-05 06:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-16 17:34 - 2017-09-05 06:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-16 17:34 - 2017-09-05 06:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-16 17:33 - 2017-09-05 07:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-16 17:33 - 2017-09-05 07:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-16 17:33 - 2017-09-05 07:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-16 17:33 - 2017-09-05 07:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-16 17:33 - 2017-09-05 07:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-16 17:33 - 2017-09-05 07:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-16 17:33 - 2017-09-05 07:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-16 17:33 - 2017-09-05 07:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-16 17:33 - 2017-09-05 07:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-16 17:33 - 2017-09-05 07:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-16 17:33 - 2017-09-05 07:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-16 17:33 - 2017-09-05 07:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-16 17:33 - 2017-09-05 07:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-16 17:33 - 2017-09-05 07:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-16 17:33 - 2017-09-05 07:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-16 17:33 - 2017-09-05 07:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-16 17:33 - 2017-09-05 07:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-16 17:33 - 2017-09-05 07:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-16 17:33 - 2017-09-05 07:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-16 17:33 - 2017-09-05 07:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-16 17:33 - 2017-09-05 07:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-16 17:33 - 2017-09-05 07:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-16 17:33 - 2017-09-05 07:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-16 17:33 - 2017-09-05 07:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-16 17:33 - 2017-09-05 07:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-16 17:33 - 2017-09-05 07:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-16 17:33 - 2017-09-05 07:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-16 17:33 - 2017-09-05 06:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-16 17:33 - 2017-09-05 06:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-16 17:33 - 2017-09-05 06:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-16 17:33 - 2017-09-05 06:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-16 17:33 - 2017-09-05 06:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-16 17:33 - 2017-09-05 06:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-16 17:33 - 2017-09-05 06:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-16 17:33 - 2017-09-05 06:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-16 17:33 - 2017-09-05 06:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-16 17:33 - 2017-09-05 06:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-16 17:33 - 2017-09-05 06:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-16 17:33 - 2017-09-05 06:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-16 17:33 - 2017-09-05 06:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-16 17:33 - 2017-09-05 06:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-16 17:33 - 2017-09-05 06:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-16 17:33 - 2017-09-05 06:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-16 17:33 - 2017-09-05 06:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-16 17:33 - 2017-09-05 06:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-16 17:33 - 2017-09-05 06:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-16 17:33 - 2017-09-05 06:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-16 17:33 - 2017-09-05 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-16 17:33 - 2017-09-05 06:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-16 17:33 - 2017-09-05 06:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-16 17:33 - 2017-09-05 06:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-16 17:33 - 2017-09-05 06:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-16 17:33 - 2017-09-05 06:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-16 17:33 - 2017-09-05 06:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-16 17:33 - 2017-09-05 06:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-16 17:33 - 2017-09-05 06:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-16 17:33 - 2017-09-05 06:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-16 17:33 - 2017-09-05 06:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-16 17:33 - 2017-09-05 06:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-16 17:33 - 2017-09-05 06:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-16 17:33 - 2017-09-05 06:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-16 17:33 - 2017-09-05 06:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-16 17:33 - 2017-09-05 06:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-16 17:33 - 2017-09-05 06:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-16 17:33 - 2017-09-05 06:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-16 17:33 - 2017-09-05 06:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-16 17:33 - 2017-09-05 06:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-16 17:33 - 2017-09-05 06:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-16 17:33 - 2017-09-05 06:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-16 17:33 - 2017-09-05 06:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-16 17:33 - 2017-09-05 06:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-16 17:33 - 2017-09-05 06:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-16 17:33 - 2017-09-05 06:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-16 17:33 - 2017-09-01 07:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-16 17:32 - 2017-09-05 07:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-16 17:32 - 2017-09-05 07:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-16 17:32 - 2017-09-05 07:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-16 17:32 - 2017-09-05 07:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-16 17:32 - 2017-09-05 07:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-16 17:32 - 2017-09-05 07:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-16 17:32 - 2017-09-05 07:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-16 17:32 - 2017-09-05 06:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-16 17:32 - 2017-09-05 06:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-16 17:32 - 2017-09-05 06:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-16 17:32 - 2017-09-05 06:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-16 17:32 - 2017-09-05 06:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-16 17:32 - 2017-09-05 06:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-16 17:32 - 2017-09-05 06:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-16 17:32 - 2017-09-05 06:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-16 17:32 - 2017-09-05 06:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-16 17:32 - 2017-09-05 06:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-16 17:32 - 2017-09-05 06:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-16 17:32 - 2017-09-05 06:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-16 17:32 - 2017-09-05 06:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-16 17:32 - 2017-09-05 06:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-16 17:32 - 2017-09-05 06:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-16 17:32 - 2017-09-05 06:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-16 17:32 - 2017-09-05 06:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-16 17:32 - 2017-09-05 06:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-16 17:32 - 2017-09-05 06:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-08 10:53 - 2017-09-08 10:53 - 000000000 ____D C:\Users\Acer\.rainlendar2
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-09-29 07:40 - 2016-11-16 16:51 - 000000000 ____D C:\Users\Acer\AppData\LocalLow\Mozilla
2017-09-29 00:49 - 2016-07-16 18:55 - 000000000 ____D C:\Users\Acer\.mediathek3
2017-09-28 18:34 - 2015-08-31 13:01 - 001942882 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-28 18:28 - 2015-12-25 19:58 - 000000000 __SHD C:\Users\Acer\IntelGraphicsProfiles
2017-09-28 09:32 - 2017-05-04 15:25 - 000000886 _____ C:\Users\Acer\Desktop\EMDB.lnk
2017-09-27 22:26 - 2016-02-27 14:11 - 000000000 ____D C:\Users\Acer\AppData\LocalLow\Temp
2017-09-27 17:41 - 2016-11-02 10:29 - 000000000 ____D C:\xampp-cz
2017-09-27 17:41 - 2016-10-27 23:15 - 000000000 ____D C:\xampp
2017-09-27 17:41 - 2016-02-15 11:59 - 000000000 ____D C:\Lw C
2017-09-26 08:22 - 2015-10-24 19:24 - 000000000 ____D C:\ProgramData\Intel
2017-09-26 08:22 - 2015-08-31 12:52 - 000000000 ____D C:\ProgramData\McAfee
2017-09-26 08:22 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\WildTangent
2017-09-26 00:27 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-09-26 00:25 - 2015-08-31 12:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-25 19:40 - 2015-10-24 19:25 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-25 15:47 - 2015-08-31 13:43 - 000000000 ___HD C:\OEM
2017-09-25 15:47 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\OEM
2017-09-25 15:45 - 2015-08-31 12:50 - 000000000 ____D C:\ProgramData\Acer
2017-09-25 15:41 - 2015-10-24 19:48 - 000000000 ____D C:\Program Files (x86)\Amazon
2017-09-25 15:19 - 2015-12-25 20:00 - 000000000 ___RD C:\Users\Acer\OneDrive
2017-09-25 12:48 - 2017-03-18 22:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-09-25 12:07 - 2016-06-23 12:38 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ember Media Manager BETA
2017-09-25 12:06 - 2015-07-10 13:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-25 12:02 - 2015-10-25 04:56 - 000000000 ____D C:\WINDOWS\NAPP_Dism_Log
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\Users\Public\Foxit Software
2017-09-25 12:02 - 2015-10-24 19:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\Users\Public\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CyberLink
2017-09-25 12:02 - 2015-10-24 19:50 - 000000000 ____D C:\ProgramData\CLSK
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\Temp
2017-09-25 12:02 - 2015-10-24 19:49 - 000000000 ____D C:\ProgramData\install_clap
2017-09-25 12:02 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2017-09-25 12:02 - 2015-10-24 19:31 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\ProgramData\Mozilla
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-25 12:02 - 2015-08-31 12:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-09-25 12:02 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-09-25 12:02 - 2015-07-10 14:22 - 000000000 ____D C:\ProgramData\USOShared
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
2017-09-25 12:02 - 2015-07-10 13:04 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\Foxit PhantomPDF
2017-09-25 12:01 - 2015-10-24 19:50 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-09-25 12:01 - 2015-10-24 19:33 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2017-09-25 12:01 - 2015-10-24 19:31 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-25 12:01 - 2015-10-24 19:26 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-25 12:01 - 2015-08-31 12:52 - 000000000 ____D C:\Program Files\Acer
2017-09-25 12:01 - 2015-08-31 12:50 - 000000000 ____D C:\Program Files (x86)\Acer
2017-09-25 12:01 - 2015-07-10 15:14 - 000000000 ____D C:\Program Files\Windows Journal
2017-09-20 09:46 - 2016-11-17 22:53 - 000000000 ____D C:\Users\Acer\Documents\Custom Office Templates
2017-09-02 10:05 - 2016-11-18 15:16 - 000000000 ____D C:\Users\Acer\Scrivener ScratchPad
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2017-09-25 14:48 - 2017-09-25 14:48 - 000000893 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2017-09-25 11:59 - 2017-09-25 11:59 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
2017-09-28 13:47 - 2017-09-28 13:47 - 000040448 ____N () C:\Users\Acer\AppData\Local\Temp\proxy_vole1300226655591872444.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-09-25 11:58
==================== Ende von FRST.txt ============================
|
|
29.09.2017, 07:20
| #13 | |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht starteteCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
durchgeführt von Acer (29-09-2017 07:58:55)
Gestartet von I:\Vorübergehend
Windows 10 Home Version 1703 (X64) (2017-09-25 10:10:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Acer (S-1-5-21-2633882361-2691834456-3919945701-1001 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-2633882361-2691834456-3919945701-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2633882361-2691834456-3919945701-503 - Limited - Disabled)
Gast (S-1-5-21-2633882361-2691834456-3919945701-501 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
12 Labours of Hercules III: Girl Power (HKLM-x32\...\WTA-8d9b4f73-bb47-4fea-917d-c50dd2ffed5c) (Version: 3.0.2.118 - WildTangent) Hidden
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.03.2003 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3029 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3001 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8109 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3008 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.01.3002 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5427.02 - CyberLink Corp.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
EMDB 3.02 (HKLM-x32\...\EMDB_is1) (Version: - Wicked & Wild Inc.)
Equalizer APO (HKLM\...\EqualizerAPO) (Version: 1.2 - )
Foxit PhantomPDF (HKLM-x32\...\{A4023BDF-82D5-412D-9D58-8C2819EBFE2E}) (Version: 7.0.410.326 - Foxit Software Inc.)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 13.0.0.6 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 13.0.0.6 - WildTangent, Inc.)
Home Makeover (HKLM-x32\...\WTA-ff512562-ab4b-4aae-9e8c-1d09bd47ac58) (Version: 3.0.2.59 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4268 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-679326c7-f13f-4d56-ae2e-6a7fee2304c7) (Version: 2.2.0.97 - WildTangent) Hidden
Jewel Match Snowscapes (HKLM-x32\...\WTA-ad853ef4-00ea-4eae-8b6e-18dee9cd5722) (Version: 3.0.2.118 - WildTangent) Hidden
Kodi (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\Kodi) (Version: - XBMC-Foundation)
Macrium Reflect Free Edition (HKLM\...\{6085136C-5E0B-4516-BA48-2B909062778A}) (Version: 6.3.1835 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Magic Academy (HKLM-x32\...\WTA-4c57b906-a5ca-4c03-9798-68e13f3261f1) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Peace (HKLM\...\Peace) (Version: 1.4.2.3 - P.E. Verbeek)
Polar Bowler 1st Frame (HKLM-x32\...\WTA-d421feba-0407-4288-b40c-de6252d31e83) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer (HKLM-x32\...\{3241744A-BA36-41F0-B4AA-EF3946D00632}) (Version: 11.0.0.067 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Rory's Restaurant (HKLM-x32\...\WTA-6e35cc10-c9f5-48e9-baf9-e03aec7ff14d) (Version: 3.0.2.126 - WildTangent) Hidden
Runefall (HKLM-x32\...\WTA-4527bc60-c537-4ef8-8c87-cc9539bb1241) (Version: 3.0.2.126 - WildTangent) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Vegas World (HKLM-x32\...\WildTangentGDF-acer-vegasworld) (Version: 13.0.0.6 - WildTangent) Hidden
Villagers and Heroes (HKLM-x32\...\WildTangentGDF-acer-villagersandheroes) (Version: 13.0.0.6 - WildTangent) Hidden
WD Drive Utilities (HKLM-x32\...\{11CB7063-2D22-42B5-B57B-CC0BABBB2B21}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{6f54e1c5-bdbf-46bf-987d-345aeffd2b61}) (Version: 1.4.3.41 - Western Digital Technologies, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.11.16 - WildTangent) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001_Classes\CLSID\{CF6181BA-D469-441A-BE79-BB70A2EC3D0B}\InprocServer32 -> C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll (SHIROUZU Hiroaki)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ContextMenuHandlers1: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-01-27] (Foxit Software Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => C:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-01] (Intel Corporation)
ContextMenuHandlers6: [FastCopy] -> {72FF462B-AB7D-427A-A268-E22E414933D7} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers2_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers4_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers5_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
ContextMenuHandlers6_S-1-5-21-2633882361-2691834456-3919945701-1001: [FastCopyUser] -> {CF6181BA-D469-441A-BE79-BB70A2EC3D0B} => C:\Lw C\PortableApps\PortableApps\FastCopyPortable\App\FastCopy\FastEx64.dll [2017-07-31] (SHIROUZU Hiroaki)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {049A9857-C539-41BD-95B7-B2CD78B144F8} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {4F117C79-2706-4FBF-A748-C0259F51CEFA} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-10] (Acer Incorporated)
Task: {5DA8FE22-3893-4E4A-B7BD-892617287A0B} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Power Management\ePowerButton_NB.exe [2015-05-14] (Acer Incorporated)
Task: {6A1AECEC-0766-473B-AE79-EAAA31DE758F} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-07-10] ()
Task: {6A250F7B-4F8A-4FEA-8CAE-31F28DA85202} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2017-05-24] ()
Task: {6D57CCCD-F0C1-4B07-99B9-5CB6B8E83A2A} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-09-04] (Acer Incorporated)
Task: {6E6FA363-2D80-4036-AA76-B037CF49BC4B} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {932EC946-767B-4FAA-9B54-A4A4A2DF1822} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {BE83D780-8532-4A19-8D70-15DB8C617FBA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2015-05-14] (Acer Incorporated)
Task: {D580BF3C-83CE-4E6B-B1A1-20EB95353BC4} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {FBE1992D-A1B2-44DD-9601-A1A2F799B096} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2017-05-24] ()
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-03-18 22:58 - 2017-03-18 22:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-01 02:01 - 2017-02-01 02:01 - 000410616 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 22:59 - 2017-03-20 06:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-25 12:32 - 2017-09-25 12:33 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-25 12:32 - 2017-09-25 12:33 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-18 19:16 - 2017-05-06 23:54 - 004825600 _____ () C:\Lw C\Programme\ArsClip\ArsClip.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\Programme\Everything\Everything.exe
2017-06-07 12:03 - 2017-06-07 11:12 - 002197608 _____ () C:\Lw C\LiberKey\Apps\Everything\App\Everything\x64\Everything.exe
2017-05-24 20:11 - 2017-05-24 20:11 - 004645168 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-05-05 20:04 - 2017-01-29 10:23 - 002791424 _____ () C:\Lw C\LiberKey\Apps\Ditto\App\Ditto\x64\Ditto.exe
2017-09-03 06:36 - 2017-09-02 00:01 - 000099840 _____ () C:\Lw C\Programme\Cherrytree\bin\cherrytree.exe
2017-09-03 06:36 - 2012-07-20 00:16 - 001777510 _____ () C:\Lw C\Programme\Cherrytree\bin\dbus-daemon.exe
2017-05-24 20:12 - 2017-05-24 20:12 - 002920752 _____ () C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe
2017-05-24 20:17 - 2017-05-24 20:17 - 000233264 _____ () C:\Program Files (x86)\Acer\Care Center\ManagedNativeUtilities.dll
2017-09-28 20:40 - 2017-09-28 20:40 - 000566439 _____ () C:\Lw C\Programme\jDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-09-28 20:40 - 2017-09-28 20:40 - 004078962 _____ () C:\Lw C\Programme\jDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-09-25 12:29 - 2017-09-25 12:30 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-25 12:34 - 2017-09-25 12:34 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-25 12:34 - 2017-09-25 12:34 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-25 14:43 - 2017-07-26 14:25 - 004755968 _____ () C:\Program Files\EqualizerAPO\config\Peace.exe
2017-09-29 07:25 - 2017-09-29 07:25 - 000566439 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-09-29 07:25 - 2017-09-29 07:25 - 004078962 _____ () C:\Lw C\Programme\jDownloader 2 - zippy\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2017-07-19 21:55 - 2017-07-19 21:55 - 000665088 _____ () C:\Program Files\EqualizerAPO\EqualizerAPO.dll
2015-11-22 22:05 - 2015-11-22 22:05 - 001530880 _____ () C:\Program Files\EqualizerAPO\libsndfile-1.dll
2017-07-08 12:52 - 2017-07-08 12:52 - 002983917 _____ () C:\Program Files\EqualizerAPO\libfftw3f-3.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000205824 _____ () C:\Lw C\Programme\Aimp\System\libsoxr.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\libFLAC.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000299008 _____ () C:\Lw C\Programme\Aimp\System\Encoders\lame_enc.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000759296 _____ () C:\Lw C\Programme\Aimp\System\Encoders\aimp_libvorbis.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000156208 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_AnalogMeter\aimp_AnalogMeter.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000171568 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_cdda\aimp_cdda.dll
2017-05-16 21:14 - 2016-12-05 08:42 - 001271296 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_openwith\aimp_openwith.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000159232 _____ () C:\Lw C\Programme\Aimp\Plugins\aimp_sacd\libsacd.dll
2017-06-25 13:31 - 2017-06-25 13:31 - 000026624 _____ () C:\Lw C\Programme\Aimp\Plugins\Aorta\Aorta.dll
2017-03-08 13:12 - 2016-05-24 11:43 - 002184704 _____ () C:\Lw C\Programme\Aimp\Plugins\CurrentTrackInfoToFile\CurrentTrackInfoToFile.dll
2017-04-23 18:11 - 2015-12-18 16:22 - 000355328 _____ () C:\Lw C\Programme\Aimp\Plugins\NextGroup\NextGroup.dll
2015-08-31 12:56 - 2015-05-08 19:41 - 000090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2016-08-15 18:03 - 2016-08-15 18:03 - 000202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2016-08-15 18:05 - 2016-08-15 18:05 - 000641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2016-08-15 18:04 - 2016-08-15 18:04 - 000119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2017-09-25 15:47 - 2017-09-25 15:47 - 000015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-08-30 15:09 - 2016-08-30 15:09 - 000013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-08-30 15:05 - 2016-08-30 15:05 - 000277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000202456 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2016-09-09 10:51 - 2016-09-09 10:51 - 000119000 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2017-09-28 18:30 - 2017-09-28 18:30 - 000011264 _____ () C:\Users\Acer\AppData\Local\Temp\nsp5A3F.tmp\System.dll
2017-09-28 18:30 - 2017-09-28 18:30 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nsp5A3F.tmp\newadvsplash.dll
2017-09-28 18:30 - 2017-09-28 18:30 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsp5A3F.tmp\registry.dll
2017-01-23 22:11 - 2010-08-15 20:34 - 000204800 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ComparePlugin.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000121344 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\ElasticTabstops.dll
2017-04-12 22:15 - 2017-04-12 22:15 - 000100864 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\gtagfornplus.dll
2017-08-29 02:43 - 2017-08-29 02:43 - 000021680 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppExport.dll
2017-01-23 22:11 - 2011-09-21 22:46 - 001673728 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppFTP.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000157184 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppPlugin_PluginMargin.dll
2017-04-12 22:22 - 2017-04-12 22:22 - 000230400 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\NppQCP.dll
2017-01-23 22:12 - 2007-08-05 03:10 - 000250368 _____ () C:\Lw C\PortableApps\PortableApps\Notepad++Portable\App\Notepad++\plugins\Config\tidy\libTidy.dll
2017-09-28 18:31 - 2017-09-28 18:31 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nsb1031.tmp\System.dll
2017-09-28 18:31 - 2017-09-28 18:31 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsb1031.tmp\registry.dll
2017-09-28 18:31 - 2017-09-28 18:31 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nsb1031.tmp\newadvsplash.dll
2017-06-08 22:04 - 2017-05-30 10:14 - 000503832 _____ () C:\Lw C\Programme\PhraseExpress\pexlang.dll
2017-09-03 06:35 - 2011-04-09 10:59 - 000058368 _____ () C:\Lw C\Programme\Cherrytree\bin\glib._glib.pyd
2017-09-03 06:35 - 2011-04-09 10:59 - 000113152 _____ () C:\Lw C\Programme\Cherrytree\bin\gobject._gobject.pyd
2017-09-03 06:35 - 2011-04-09 11:02 - 001882624 _____ () C:\Lw C\Programme\Cherrytree\bin\gtk._gtk.pyd
2017-09-03 06:36 - 2012-02-09 01:51 - 000230529 _____ () C:\Lw C\Programme\Cherrytree\bin\libpng14-14.dll
2017-09-03 06:36 - 2012-02-09 01:51 - 000100352 _____ () C:\Lw C\Programme\Cherrytree\bin\zlib1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000279059 _____ () C:\Lw C\Programme\Cherrytree\bin\libfontconfig-1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000143096 _____ () C:\Lw C\Programme\Cherrytree\bin\libexpat-1.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 000538324 _____ () C:\Lw C\Programme\Cherrytree\bin\freetype6.dll
2017-09-03 06:36 - 2012-02-09 01:50 - 001294335 _____ () C:\Lw C\Programme\Cherrytree\bin\libcairo-2.dll
2017-09-03 06:35 - 2010-11-02 22:35 - 000069632 _____ () C:\Lw C\Programme\Cherrytree\bin\cairo._cairo.pyd
2017-09-03 06:35 - 2011-04-09 10:59 - 000263168 _____ () C:\Lw C\Programme\Cherrytree\bin\gio._gio.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000111616 _____ () C:\Lw C\Programme\Cherrytree\bin\pango.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000208384 _____ () C:\Lw C\Programme\Cherrytree\bin\atk.pyd
2017-09-03 06:35 - 2011-04-09 11:03 - 000017920 _____ () C:\Lw C\Programme\Cherrytree\bin\pangocairo.pyd
2017-09-03 06:36 - 2012-07-20 00:55 - 000673115 _____ () C:\Lw C\Programme\Cherrytree\bin\_dbus_bindings.pyd
2017-09-03 06:36 - 2012-07-20 00:16 - 001213961 _____ () C:\Lw C\Programme\Cherrytree\bin\libdbus-1-3.dll
2017-09-03 06:35 - 2016-12-17 22:44 - 000136704 _____ () C:\Lw C\Programme\Cherrytree\bin\pyexpat.pyd
2017-09-03 06:36 - 2012-07-20 00:55 - 000062767 _____ () C:\Lw C\Programme\Cherrytree\bin\_dbus_glib_bindings.pyd
2017-09-03 06:36 - 2012-07-20 00:42 - 000617232 _____ () C:\Lw C\Programme\Cherrytree\bin\libdbus-glib-1-2.dll
2017-09-03 06:35 - 2010-11-02 16:26 - 000115200 _____ () C:\Lw C\Programme\Cherrytree\bin\gtksourceview2.pyd
2017-09-03 06:36 - 2012-02-09 01:50 - 001808660 _____ () C:\Lw C\Programme\Cherrytree\bin\libgtksourceview-2.0-0.dll
2017-09-03 06:36 - 2010-04-07 03:14 - 001225225 _____ () C:\Lw C\Programme\Cherrytree\bin\libxml2-2.dll
2017-09-03 06:36 - 2016-12-17 22:46 - 001016832 _____ () C:\Lw C\Programme\Cherrytree\bin\_hashlib.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 000046592 _____ () C:\Lw C\Programme\Cherrytree\bin\_socket.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 001410048 _____ () C:\Lw C\Programme\Cherrytree\bin\_ssl.pyd
2017-09-03 06:36 - 2016-12-17 22:44 - 000091648 _____ () C:\Lw C\Programme\Cherrytree\bin\_ctypes.pyd
2017-09-03 06:36 - 2010-12-15 00:46 - 000154514 _____ () C:\Lw C\Programme\Cherrytree\bin\libenchant-1.dll
2017-09-03 06:36 - 2010-12-15 00:46 - 000449832 _____ () C:\Lw C\Programme\Cherrytree\lib\enchant\libenchant_ispell.dll
2017-09-03 06:36 - 2010-12-15 00:46 - 000937047 _____ () C:\Lw C\Programme\Cherrytree\lib\enchant\libenchant_myspell.dll
2017-09-03 06:36 - 2016-12-17 22:45 - 000050688 _____ () C:\Lw C\Programme\Cherrytree\bin\_sqlite3.pyd
2017-09-03 06:36 - 2016-12-17 22:45 - 000551424 _____ () C:\Lw C\Programme\Cherrytree\bin\sqlite3.dll
2017-09-03 06:36 - 2012-02-08 22:37 - 000100255 _____ () C:\Lw C\Programme\Cherrytree\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2017-09-29 07:40 - 2017-09-29 07:40 - 000011776 _____ () C:\Users\Acer\AppData\Local\Temp\nsdA063.tmp\System.dll
2017-09-29 07:40 - 2017-09-29 07:40 - 000008704 _____ () C:\Users\Acer\AppData\Local\Temp\nsdA063.tmp\newadvsplash.dll
2017-09-29 07:40 - 2017-09-29 07:40 - 000029696 _____ () C:\Users\Acer\AppData\Local\Temp\nsdA063.tmp\registry.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\...\amazon.de -> amazon.de
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-09-27 22:25 - 2017-09-27 22:25 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2633882361-2691834456-3919945701-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{E3FEAC49-AFA0-40F6-AB81-AE90E5ECC1DD}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [UDP Query User{F94CE2B9-86A2-4FCE-B14E-F1D931EBC7D6}C:\lw c\programme\phraseexpress\phraseexpress.exe] => (Allow) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{FCEA3589-4A97-4635-90C6-CCC85FACDBD0}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [{F7BC1AF9-4ED2-4E86-ADED-F9195B3AD18A}] => (Block) C:\lw c\programme\phraseexpress\phraseexpress.exe
FirewallRules: [TCP Query User{499A04D2-5EA4-49AD-B857-876C72E7720D}C:\lw c\programme\foobar\foobar2000.exe] => (Allow) C:\lw c\programme\foobar\foobar2000.exe
FirewallRules: [UDP Query User{B361BF42-7F7C-4CB6-A7DD-EDE20D3B10EA}C:\lw c\programme\foobar\foobar2000.exe] => (Allow) C:\lw c\programme\foobar\foobar2000.exe
FirewallRules: [{9C0C2893-E4E5-46CF-A918-933D6832EFC2}] => (Block) C:\lw c\programme\foobar\foobar2000.exe
FirewallRules: [{5CCA3D57-D4E7-4DB0-84FF-EDE7C45AEF9C}] => (Block) C:\lw c\programme\foobar\foobar2000.exe
FirewallRules: [TCP Query User{B08EE572-191C-419F-9C53-FF70F5E1890A}C:\lw c\programme\kodi\kodi.exe] => (Allow) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [UDP Query User{F3AE644C-BFD7-4EF1-ABF3-372807B8A15A}C:\lw c\programme\kodi\kodi.exe] => (Allow) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [{EA425C0E-B764-4DA1-82EE-7732FF17283F}] => (Block) C:\lw c\programme\kodi\kodi.exe
FirewallRules: [{E7CB85C4-DA35-4E51-8220-2406AD11948D}] => (Block) C:\lw c\programme\kodi\kodi.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/29/2017 07:14:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/29/2017 07:08:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/29/2017 03:04:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/29/2017 12:12:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 11:12:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 10:12:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 09:12:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 08:12:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 08:00:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-3HCESL2G)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147009284. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (09/28/2017 07:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PartitionWizard10Portable.exe, Version: 2017.8.7.18, Zeitstempel: 0x4f47e2df
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.15063.608, Zeitstempel: 0xadaa6ed6
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x000eb832
ID des fehlerhaften Prozesses: 0x1474
Startzeit der fehlerhaften Anwendung: 0x01d3387e3bed073e
Pfad der fehlerhaften Anwendung: C:\Lw C\Programme\MiniTool Partition Wizard Pro\PartitionWizard10Portable.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 7f128fd8-d310-4fae-9851-0ef3bb8eb09a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (09/29/2017 04:20:18 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
Error: (09/28/2017 07:21:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "EuGdiDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (09/28/2017 07:21:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\system32\EuGdiDrv.sys
Error: (09/28/2017 07:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "p" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2017 07:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "p" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2017 07:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "p" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2017 07:21:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "p" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (09/28/2017 06:46:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (09/28/2017 06:46:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Acer\AppData\Local\Temp\ehdrv.sys
Error: (09/28/2017 06:46:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
CodeIntegrity:
===================================
Date: 2017-09-26 20:04:04.592
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 20:00:25.539
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 20:00:06.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 18:21:26.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 14:15:53.389
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Microsoft signing level requirements.
Date: 2017-09-26 14:15:51.926
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:31:46.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:22:52.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:13:48.148
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
Date: 2017-09-26 13:01:39.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Emsisoft Anti-Malware\a2hooks64.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 71%
Installierter physikalischer RAM: 8107.32 MB
Verfügbarer physikalischer RAM: 2310.54 MB
Summe virtueller Speicher: 12459.32 MB
Verfügbarer virtueller Speicher: 5212.83 MB
==================== Laufwerke ================================
Drive c: (C - Acer) (Fixed) (Total:237.87 GB) (Free:30.25 GB) NTFS
Drive i: (I 5TB WD Elemen Haupt-Daten) (Fixed) (Total:4657.49 GB) (Free:110.16 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B7D59E20)
Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.
==================== Ende von Addition.txt ============================
Zitat:
Auffälliges, unüblichese Verhalten vielleicht: dieser Ordner - C:\Windows.old 2 - 2. Zurücksetzen - löschen, erledigt - läßt sich nach wie vor nicht löschen. Ich hatte ja auch vorher keine (außerhalb der vermuteten "Normalität" liegende) Probleme erkannt (außer, daß der Rechner zwei Male nicht mehr startete, als Ursache dafür zeigte Win wohl das Fehlen dieser autoshk-Dateien an). |
|
29.09.2017, 20:10
| #14 | ||
| /// TB-Ausbilder | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus, Zitat:
Zitat:
|
|
29.09.2017, 20:24
| #15 |
| | Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete Servus! Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 29-09-2017
durchgeführt von Acer (29-09-2017 21:20:40) Run:3
Gestartet von I:\Vorübergehend
Geladene Profile: Acer (Verfügbare Profile: Acer)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CMD: dir "C:\"
*****************
========= dir "C:\" =========
Datentr„ger in Laufwerk C: ist C - Acer
Volumeseriennummer: 301F-28F6
Verzeichnis von C:\
Di.26. Sep. 2017 23:18 <DIR> AdwCleaner
Sa.23. Sep. 2017 09:51 <DIR> boot
Di.26. Sep. 2017 15:31 <DIR> Boot
Mi.27. Sep. 2017 08:24 <DIR> CloneSpy - gel”schte Dateien
Fr.29. Sep. 2017 09:16 0 cookies.sqlite
Mi.27. Sep. 2017 17:41 <DIR> Lw C
Di.26. Sep. 2017 18:20 <DIR> ESD
Di.25. Jul. 2017 19:49 <DIR> FFOutput
Fr.29. Sep. 2017 21:20 <DIR> FRST
Fr.26. Mai. 2017 19:33 <DIR> Lyrics
Do.28. Sep. 2017 18:30 <DIR> N++RECOV
Do.28. Sep. 2017 09:29 <DIR> Program Files
Do.28. Sep. 2017 19:41 <DIR> Program Files (x86)
Mo.25. Sep. 2017 13:50 288.170 Reflect_Install.log
Mo.25. Sep. 2017 11:40 300 rescuepe.log
Mo.25. Sep. 2017 12:09 <DIR> Users
Fr.29. Sep. 2017 19:41 <DIR> Windows
Do.28. Sep. 2017 12:43 <DIR> Windows.old 2 - 2. Zurcksetzen - l”schen, erledigt
Mi.27. Sep. 2017 17:41 <DIR> xampp
Mi.27. Sep. 2017 17:41 <DIR> xampp-cz
3 Datei(en), 288.470 Bytes
17 Verzeichnis(se), 25.318.887.424 Bytes frei
========= Ende von CMD: =========
==== Ende von Fixlog 21:20:41 ====
|
|
| Themen zu Verdacht auf Schadsoftware - 2 mal Notebook zurückgesetzt nachdem es nicht startete |
| administrator, adobe, avast, crypt, dateien, defender, desktop, explorer, home, installation, malwarebytes, microsoft, mozilla, notebook, prozesse, realtek, registry, scan, security, services.exe, svchost.exe, system, tan, treiber, windows, windowsapps |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
