| |
| |||||||
Log-Analyse und Auswertung: Win 10: PC startet nicht bzw. erst nach minutenlanger PauseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.10.2017, 12:15
| #1 |
 |  Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Trojaner-Board Helfer, seit gestern tritt bei mir folgendes Phänomen auf: wenn ich mich für kurze Zeit vom PC entferne und wieder zurück komme, ist der PC aus und lässt sich minutenlang nicht mehr einschalten. Gestern ist das 2x passiert und heute schon wieder 1x. Alle Versuche, durch den Powerknopf den PC wieder anzumachen, scheitern. Nach vielen Fehlversuchen klappt es wie durch ein Wunder plötzlich doch. Ich weiß jetzt nicht, ob es an einem Hardware-Problem liegt oder an einer Schadsoftware. Daher frage ich hier mal nach, ob ihr mir helfen könnt. Ich habe schon mal Schritt 1 der Anleitung befolgt und mittels FRST einen Scan gemacht. Die entsprechenden Logfiles hänge ich unten dran. Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-10-2017
durchgeführt von mrado (31-10-2017 11:55:35)
Gestartet von C:\Users\mrado\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-19 05:42:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3509878254-1581680034-4090546777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509878254-1581680034-4090546777-503 - Limited - Disabled)
Gast (S-1-5-21-3509878254-1581680034-4090546777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3509878254-1581680034-4090546777-1004 - Limited - Enabled)
mrado (S-1-5-21-3509878254-1581680034-4090546777-1002 - Administrator - Enabled) => C:\Users\mrado
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apowersoft Bildschirmrekorder Pro V2.2.4 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Browser Extensions (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.9.9.5 - Spigot, Inc.) <==== ACHTUNG
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Digital Viewer (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19103.105 - Sonix)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.017 - DataViz, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Innkeeper (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Innkeeper) (Version: 0.4.3 - Curse Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
LINE (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\LINE) (Version: 5.3.3.1519 - LINE Corporation)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - ) <==== ACHTUNG
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ 8 (HKLM-x32\...\{24F8CB37-888B-41E6-B119-CDC3F5075F57}) (Version: 8.0.2483.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YTD Video Downloader 5.8.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.3 - GreenTree Applications SRL) <==== ACHTUNG
Zoom (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0523A3D1-47FF-4383-837D-BDA294CB33D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {057DEA9B-CDB8-421D-8408-457BA3979B5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {071A3197-5E92-43F2-A7A8-E67571C4A89E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo)
Task: {0E365BCA-ECFA-42B1-9111-EDE447A40272} - System32\Tasks\{219B5455-FCD0-4C93-A66B-6EF0BC2AF3F9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=de-de
Task: {12C7155E-F409-4B0A-BEE0-E814968BD48D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1525EA8F-6A47-4D75-BF2A-3ECE1520B276} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1CDE4868-6C3E-4C7C-952F-3371E5AD103B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1FFCB66C-5BCF-4655-ACE9-B3DF9EC2703A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3A2397-30C6-415D-A148-3AE3AD43D317} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3A9D1CA7-7688-47D5-9A5F-79B02A5E4B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {412F4D35-C7C9-4417-AEA6-7BA817AABC36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {468A331E-E707-4AEA-8D8E-97D194600D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5B36618D-AE0A-403A-BF0E-71813129F9E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6DC65838-CD18-413E-96E9-B40AE20F90DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8675D514-1E6F-48C6-A17B-F15C386013A0} - System32\Tasks\MPLClient => C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe [2017-08-17] ()
Task: {91FA4E0D-655C-4B1A-B193-9F43FD77E8A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {9F4A339F-49AC-4FDA-A731-FF6DA3E2FFD2} - System32\Tasks\{690A624A-DB40-40A2-8818-6C74D9C4A5E5} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {A496C06A-14CA-4230-962D-EBDA3C6C1BB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A912B7AA-7ABE-4CC4-90F7-EA13E15DEA64} - System32\Tasks\HPCeeScheduleFormrado => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B47CE98E-128A-433F-A7B5-C59CF298012B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BC4708AF-39E7-4868-A5CB-1358129F189E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {BF99E98E-3DCC-4C63-BFCC-0D9E763B7321} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {D89B7EF5-FAFC-4BE1-A8D6-3026ECA94AA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D9EDA806-9674-484F-92F7-BA2D4658F233} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {EBFF86B5-8470-4F17-B578-E74EF379E72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {F59C7E2C-9BAC-47A0-8E39-FAFA18196BE8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBF5A053-9DE2-40C2-BBB8-28ADC880335D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {FD40D52E-37D7-4D3B-AAFC-0BED2B0EDE6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 19:05 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-23 20:11 - 2015-06-23 20:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-17 21:21 - 2017-08-17 21:21 - 001546208 _____ () C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 07:16 - 2017-10-26 07:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 07:16 - 2017-10-26 07:19 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-25 17:46 - 2017-10-25 17:46 - 031229440 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_27_0_0_183.dll
2017-02-28 20:46 - 2017-02-28 20:46 - 001619240 _____ () C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe
2017-04-20 16:55 - 2017-04-20 16:55 - 001015840 _____ () C:\Program Files (x86)\MalwareProtectionLive\mplsettings.dll
2015-09-14 13:21 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 000137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-05-17 07:20 - 2017-06-21 15:13 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-09-28 07:06 - 000000869 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{B1E2CC30-FDF0-4D17-B442-8F5A2BF81701}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LineUpdater.exe
FirewallRules: [{19F23721-5FB4-44C4-832F-81846AF0034C}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LineUpdater.exe
FirewallRules: [{9D0E4F43-93A7-4D4C-BBCE-512D97FFD48D}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LINE.exe
FirewallRules: [{AEA14242-A73C-4AC0-908F-B7BA71573436}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LINE.exe
FirewallRules: [{DE8D3117-6417-4950-9C3F-AD05E2637300}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS0448\HPDiagnosticCoreUI.exe
FirewallRules: [{8973DC07-9FD4-428B-85C8-EEF977F8F48C}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS0448\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{BDCDCAC0-B472-4998-9AB9-362E40E1CE4F}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{14F0E316-2CA4-4EC4-9FF9-17D4695EDC56}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{5E18E7E7-2B0E-4C15-AF12-C4680E7EEE68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4481CFE8-E5ED-4643-BA72-5E81B73478DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757A961A-9F4B-4B20-BC1F-CC85DF18F3B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE27C445-5B0A-4EBE-B5AC-55052E744781}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D974965A-7475-469B-9BFE-4BE666588C68}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{76202D70-A55B-4FCF-9840-5B7E836219BF}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{2A3F803F-7B6C-4AAD-B572-766DF44A7B16}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{F5941FDB-B6FE-4B87-BD79-7C800BF19EE3}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{99244F9D-253B-491A-AEA0-C07B560629AD}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS65DF\HPDiagnosticCoreUI.exe
FirewallRules: [{BE25008D-8A9F-4E71-928C-9E78283F7371}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS65DF\HPDiagnosticCoreUI.exe
FirewallRules: [{12D97B9A-5659-4AF6-89DD-856C0C1D4143}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{901ADAF5-9CDC-4307-8C7E-988EE1729B75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{D0BD9BFF-958B-4A94-9ED4-E974F105E641}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E5589EF5-A444-497D-B807-D68A598675FB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{102344DC-ED9C-4899-97F2-2E1941CC217B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{44ABD3CC-72EB-4D0C-A42F-7C63B6A2C930}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6FDD4BCA-043F-435E-9627-BC6ED82B6840}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{DD9613C7-C93D-4F39-8E78-2A73947B5EC6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{78885430-2F7F-43B4-A6D4-944FBE0411E7}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{62286175-15CF-48ED-8C45-5DF3846EDDB2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{DC9CC6F0-6F76-44F8-B3F5-EE635ED55389}E:\1driver\sdi_r326\sdi_x64_r326.exe] => (Allow) E:\1driver\sdi_r326\sdi_x64_r326.exe
FirewallRules: [TCP Query User{0760722A-F1A0-4D30-8D5C-BBC15B54061B}E:\1driver\sdi_r326\sdi_x64_r326.exe] => (Allow) E:\1driver\sdi_r326\sdi_x64_r326.exe
FirewallRules: [{2F1BCE6E-E14D-472D-977F-F1B4C0E6187D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{193E83AB-7193-4E8E-BB8A-3C93306CAE7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49999C3F-FA9F-48CD-82C7-0A0A7789E38B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{156C4006-1B9E-478D-8FFA-0B18E372F0EC}] => (Allow) D:\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{3430210C-E998-4E34-A195-6199F866E7A3}] => (Allow) D:\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{83B3F830-BF60-4A8B-BE4F-312CB5EAA779}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{62FC5113-DCA0-4FBB-8587-832994FC9EE4}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{367794A0-44C8-4E55-A0C4-C497AFFE01D2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{16EBB7EA-689D-43D9-BCCF-E3E29C7C6FF5}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4C18B245-EFFD-429E-9E43-C23CFDBDDD07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5CF66C6-2BF5-42EB-89A8-04E6199A95CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{525E53A2-F6EF-46D5-800D-A0A4AD4BEBAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A1C810B-4FE9-4DF6-9A0C-18BC1BA65E17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97F4888D-8088-42C5-9375-0F7487757C8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{235CA01E-A507-4C45-80D8-4AABE0086D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F60246B8-2176-4F1E-A32B-E82CE33FAAB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{848CD785-F189-4F0E-BB1E-EA8FC8BAD77E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{6A6B12FF-468E-4C17-AF39-C41889BD129C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{FB82610A-489C-4D34-B6C0-D8641E79C81C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DEF1B19E-7124-4C88-BB1A-9F749A9050E9}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5D8FBCC2-2445-4A49-994A-35153C7CBB1D}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{90447EAE-B693-41AB-94EB-252CE754CB3A}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{221DC867-F7E7-4F4B-A66A-D8C5D04DD4A4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{963C209F-19AA-416A-8471-DDA2E2060A16}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{3F3BE456-6A2C-416A-A3A2-9D2E4DC49511}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EF22C976-F5CE-4A99-B7FE-EA844933C1B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5D4B0F73-5FEE-43F7-95BD-D9C5C8526C3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B15FFDD4-FA41-4F9E-9170-687622E6FA73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{53487A23-C354-4A2F-88D1-C78E7D5138C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3945F54F-6F4B-4FB5-8F00-510EBE498F48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93ACED74-26BC-4304-BBD7-441B254D02A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{936D46D7-C1AC-46D4-B973-2BB5E5470E82}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D02CE7C8-40AA-4941-853E-F56BC87DFF3B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C80510D2-ACAE-4A05-BE7C-CD55CF26C0C9}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS4A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{62CF9AD6-DF37-47C8-B5E2-829AFBD0D66F}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS4A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{ECA6E3AC-20E1-4841-A6DB-5CCB6638E967}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{717EA167-7FC2-4CCB-8773-E894780C4E5A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{BC381AE9-C65C-475C-94A2-396943721954}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{EF7B990F-9BD3-44EA-8325-E215542A4CB5}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{70DD4637-DDCA-49BE-BF7B-D4D79CD23E3D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Kreutti-LAN\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{B3974DE5-1C27-41EE-9044-D9947AC26A7B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Kreutti-LAN\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{118B7AF1-5AB0-4F5A-901B-6B839531E7FD}C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1FC75129-0E17-489E-8883-5E93ABEC2A5C}C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{00E1730B-3728-4650-BCA9-2A318E4B7771}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A27EFDDB-906C-4C5C-A5D1-62EF24E26CFB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{D3F90976-D48A-4794-AB93-FA0171B765CD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{1A18AA73-83BB-4C50-B02A-D56C90D17AEE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{434AF7FD-D2B9-4C52-A4A3-17CC49FAE69C}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\iOS Recorder.exe
FirewallRules: [{FEB570C9-0A4A-48AF-9C99-8BF0F7386DAE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\iOS Recorder.exe
FirewallRules: [{B3729FCF-6AF1-4AC5-899C-831416362532}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B1FEAF23-DB5D-4F45-A583-4AA50DE332D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (10/31/2017 11:31:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/31/2017 11:31:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/31/2017 11:31:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.10.2017 um 10:22:15 unerwartet heruntergefahren.
Error: (10/30/2017 07:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/30/2017 07:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/30/2017 07:40:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.10.2017 um 18:47:07 unerwartet heruntergefahren.
Error: (10/30/2017 06:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/30/2017 06:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/30/2017 06:47:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.10.2017 um 16:50:13 unerwartet heruntergefahren.
Error: (10/30/2017 04:10:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===================================
Date: 2017-10-31 11:54:45.283
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:45.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:40.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:40.688
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:31:42.637
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:31:42.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 08:25:07.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 08:25:07.060
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-30 20:35:31.123
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-30 20:35:31.121
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 4233.62 MB
Summe virtueller Speicher: 9423.88 MB
Verfügbarer virtueller Speicher: 4722.78 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:58.45 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:692.16 GB) NTFS
Drive e: (32_00_00) (Fixed) (Total:298.02 GB) (Free:21.34 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3E1EBD07)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
durchgeführt von mrado (Administrator) auf DESKTOP-A84CFPT (31-10-2017 11:54:59)
Gestartet von C:\Users\mrado\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Geladene Profile: mrado (Verfügbare Profile: mrado)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2007-08-31] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [TomTomHOME.exe] => D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Browser Extensions] => C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{72e801e1-0d70-478c-ab42-bac0ef611475}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ie
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> DefaultScope {A00A2EFA-700C-4184-A813-BAC983B19961} URL = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_inb_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st={searchTerms}
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> {A00A2EFA-700C-4184-A813-BAC983B19961} URL = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_inb_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\mrado\AppData\Roaming\BrowserExtensions\Coupons64.dll [2017-02-28] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\mrado\AppData\Roaming\BrowserExtensions\Coupons.dll [2017-02-28] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7xti9fl7.default
FF ProfilePath: C:\Users\mrado\AppData\Roaming\TomTom\HOME\Profiles\2f4az5v7.default [2015-12-03]
FF Extension: (Map status indicator) - D:\Programme\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-03] [ist nicht signiert]
FF ProfilePath: C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default [2017-10-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ff
FF Keyword.URL: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_adr_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dgreentree_ff1%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st=
FF Extension: (eBay Shopping Assistant) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{24d26487-6274-48b1-b500-22f24884f971} [2017-06-11]
FF Extension: (Start Page) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{7a526449-3a92-426f-8ca4-47439918f2b1} [2017-06-11]
FF Extension: (Slick Savings) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{90477448-b59c-48cd-98af-6a298cbc15d2} [2017-06-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509878254-1581680034-4090546777-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mrado\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-13] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default [2017-10-31]
CHR Extension: (Präsentationen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Adblock Plus) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabellen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R1 MpKsl07d560e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1130C9E5-8739-4989-856D-7BF9108172D3}\MpKsl07d560e5.sys [58120 2017-10-14] (Microsoft Corporation)
R1 MpKsl2690f037; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CF9C83B-732B-414B-B20B-4B240FF16B94}\MpKsl2690f037.sys [49392 2017-10-25] (Microsoft Corporation)
R1 MpKsl26d197c7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3E8CD1D-377C-4E1A-A947-4EFC075908C3}\MpKsl26d197c7.sys [58120 2017-10-19] (Microsoft Corporation)
R1 MpKsl2c2aefe3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C250363B-EF92-490C-84F2-FEDE80562BBF}\MpKsl2c2aefe3.sys [49392 2017-10-29] (Microsoft Corporation)
R1 MpKsl3791f0c4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CACAAF0F-0E2F-4BA7-9486-B7A5E7953796}\MpKsl3791f0c4.sys [49392 2017-10-28] (Microsoft Corporation)
R1 MpKsl6336f725; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF050026-20ED-4F7C-BDE5-1DD3F1F4B063}\MpKsl6336f725.sys [58120 2017-10-16] (Microsoft Corporation)
R1 MpKsl814def80; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DABFFC92-D39F-4E03-8892-69BB6C049E7B}\MpKsl814def80.sys [58120 2017-10-21] (Microsoft Corporation)
R1 MpKsla39999f5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1C7ABC4-FE4D-473D-A3EC-277DECEE91DD}\MpKsla39999f5.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKslc452dda0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9F1A42F5-5EBB-415F-BACF-666E8882A5BD}\MpKslc452dda0.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKslc8898986; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFB50B05-C85A-4A89-8BEF-CD2463421845}\MpKslc8898986.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKsld8833205; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACC0AD23-A46D-428A-9D56-3E849253F2AE}\MpKsld8833205.sys [58120 2017-10-15] (Microsoft Corporation)
R1 MpKslde14fa48; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3E8CD1D-377C-4E1A-A947-4EFC075908C3}\MpKslde14fa48.sys [58120 2017-10-20] (Microsoft Corporation)
R1 MpKsldfd4f48e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BC6F659-61C9-40B8-AB66-F8B2D76476AB}\MpKsldfd4f48e.sys [49392 2017-10-31] (Microsoft Corporation)
R1 MpKslf437d529; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC8453B6-4E03-4178-B268-7D94EB7B2066}\MpKslf437d529.sys [58120 2017-10-16] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11968 2000-07-29] () [Datei ist nicht signiert]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-31 11:54 - 2017-10-31 11:54 - 000000000 ____D C:\FRST
2017-10-26 16:56 - 2017-10-26 16:56 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iPod
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-18 15:59 - 2017-10-18 15:59 - 000032026 _____ C:\Users\mrado\Downloads\Buchstaben Aa Ll Mm Oo Ee trainieren.pdf
2017-10-11 18:31 - 2017-10-11 18:31 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:29 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:29 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:29 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:29 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 18:29 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:29 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:29 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:29 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:29 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:29 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:29 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:29 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:29 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:29 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:29 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:29 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:29 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:29 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:29 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:29 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:29 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:29 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:29 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 18:28 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 18:28 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 18:28 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 18:28 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 18:28 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 18:28 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 18:28 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 18:28 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 18:28 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 18:28 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 18:28 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 18:28 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 18:28 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 18:28 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 18:28 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 18:28 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 18:28 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 18:28 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 18:28 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 18:28 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 18:28 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 18:28 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 18:28 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 18:28 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 18:28 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 18:28 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 18:28 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 18:28 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 18:28 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 18:28 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-31 11:37 - 2017-05-19 06:43 - 003624026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-31 11:37 - 2017-03-20 05:35 - 001765950 _____ C:\WINDOWS\system32\perfh007.dat
2017-10-31 11:37 - 2017-03-20 05:35 - 000442810 _____ C:\WINDOWS\system32\perfc007.dat
2017-10-31 11:36 - 2015-12-09 16:19 - 000000000 ____D C:\Users\mrado\Documents\Outlook-Dateien
2017-10-31 11:31 - 2017-05-19 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-31 11:31 - 2017-05-19 06:35 - 000000000 ____D C:\Users\mrado
2017-10-31 11:31 - 2016-09-22 06:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-31 11:31 - 2015-09-23 20:20 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job
2017-10-31 10:28 - 2017-05-19 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-31 08:27 - 2017-05-19 06:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF5A1CA3-3649-4C6C-B496-C9FB546074B1}
2017-10-31 00:15 - 2016-09-28 19:32 - 000000000 ____D C:\Users\mrado\AppData\Local\Battle.net
2017-10-30 23:40 - 2017-05-19 06:40 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormrado
2017-10-30 22:48 - 2016-06-13 16:47 - 000000000 ____D C:\Users\mrado\AppData\Roaming\Telegram Desktop
2017-10-30 20:35 - 2017-01-12 22:50 - 000001723 _____ C:\Users\mrado\Desktop\Hearthstone Deck Tracker - Verknüpfung.lnk
2017-10-30 20:35 - 2016-09-28 19:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-29 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-29 09:17 - 2016-12-05 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-29 09:17 - 2015-09-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-28 11:07 - 2016-12-14 16:51 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Mozilla
2017-10-28 10:15 - 2017-07-25 15:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509878254-1581680034-4090546777-1002
2017-10-28 10:15 - 2015-09-17 20:00 - 000002432 _____ C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-28 10:15 - 2015-09-17 20:00 - 000000000 ___RD C:\Users\mrado\OneDrive
2017-10-26 16:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 16:55 - 2015-09-23 21:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-26 16:37 - 2017-02-20 17:27 - 000000000 ____D C:\Users\mrado\Downloads\Telegram Desktop
2017-10-25 17:46 - 2017-05-19 06:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-19 05:26 - 2015-09-17 19:58 - 000000000 ____D C:\Users\mrado\AppData\Local\Packages
2017-10-18 22:30 - 2016-04-01 21:31 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 14:37 - 2015-11-18 19:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-14 17:23 - 2015-09-30 19:48 - 000000000 ____D C:\Users\mrado\AppData\Local\Adobe
2017-10-14 12:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 05:08 - 2015-09-14 12:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 05:07 - 2017-05-19 06:33 - 000272688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 22:48 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-10-11 22:47 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:32 - 2015-09-21 06:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:31 - 2015-09-21 06:55 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:54 - 2015-10-07 17:03 - 000000000 ____D C:\Users\mrado\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-23 19:26 - 2015-09-23 19:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-05-19 06:34 - 2017-05-19 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
2017-09-26 19:57 - 2017-09-26 19:57 - 001575660 _____ ( ) C:\Users\mrado\AppData\Local\Temp\ICReinstall_VideoPlayerSetup_2318671983.exe
2017-08-08 16:56 - 2017-08-08 16:56 - 014456872 _____ (Microsoft Corporation) C:\Users\mrado\AppData\Local\Temp\vc_redist.x86.exe
2017-06-24 08:12 - 2017-07-21 13:31 - 000084216 _____ () C:\Users\mrado\AppData\Local\Temp\VirtualDJ New Version.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-24 04:56
==================== Ende von FRST.txt ============================
lg Don Camillo |
|
31.10.2017, 13:48
| #2 | |
| /// TB-Ausbilder   | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! bitte beachten: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. FRST bitte nochmal.  |
|
31.10.2017, 14:26
| #3 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Matthias,
__________________danke für Deine Hilfe. Sorry für den Fehler. Hier nochmals die Log-Files, diesmal vom Desktop: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-10-2017
durchgeführt von mrado (31-10-2017 14:22:34)
Gestartet von C:\Users\mrado\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-19 05:42:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3509878254-1581680034-4090546777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509878254-1581680034-4090546777-503 - Limited - Disabled)
Gast (S-1-5-21-3509878254-1581680034-4090546777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3509878254-1581680034-4090546777-1004 - Limited - Enabled)
mrado (S-1-5-21-3509878254-1581680034-4090546777-1002 - Administrator - Enabled) => C:\Users\mrado
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apowersoft Bildschirmrekorder Pro V2.2.4 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Browser Extensions (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.9.9.5 - Spigot, Inc.) <==== ACHTUNG
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Digital Viewer (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19103.105 - Sonix)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.017 - DataViz, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Innkeeper (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Innkeeper) (Version: 0.4.3 - Curse Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
LINE (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\LINE) (Version: 5.3.3.1519 - LINE Corporation)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - ) <==== ACHTUNG
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ 8 (HKLM-x32\...\{24F8CB37-888B-41E6-B119-CDC3F5075F57}) (Version: 8.0.2483.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YTD Video Downloader 5.8.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.8.3 - GreenTree Applications SRL) <==== ACHTUNG
Zoom (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0523A3D1-47FF-4383-837D-BDA294CB33D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {057DEA9B-CDB8-421D-8408-457BA3979B5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {071A3197-5E92-43F2-A7A8-E67571C4A89E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo)
Task: {0E365BCA-ECFA-42B1-9111-EDE447A40272} - System32\Tasks\{219B5455-FCD0-4C93-A66B-6EF0BC2AF3F9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=de-de
Task: {12C7155E-F409-4B0A-BEE0-E814968BD48D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1525EA8F-6A47-4D75-BF2A-3ECE1520B276} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1CDE4868-6C3E-4C7C-952F-3371E5AD103B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1FFCB66C-5BCF-4655-ACE9-B3DF9EC2703A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3A2397-30C6-415D-A148-3AE3AD43D317} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3A9D1CA7-7688-47D5-9A5F-79B02A5E4B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {412F4D35-C7C9-4417-AEA6-7BA817AABC36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {468A331E-E707-4AEA-8D8E-97D194600D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5B36618D-AE0A-403A-BF0E-71813129F9E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6DC65838-CD18-413E-96E9-B40AE20F90DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {8675D514-1E6F-48C6-A17B-F15C386013A0} - System32\Tasks\MPLClient => C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe [2017-08-17] ()
Task: {91FA4E0D-655C-4B1A-B193-9F43FD77E8A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {9F4A339F-49AC-4FDA-A731-FF6DA3E2FFD2} - System32\Tasks\{690A624A-DB40-40A2-8818-6C74D9C4A5E5} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {A496C06A-14CA-4230-962D-EBDA3C6C1BB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A912B7AA-7ABE-4CC4-90F7-EA13E15DEA64} - System32\Tasks\HPCeeScheduleFormrado => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B47CE98E-128A-433F-A7B5-C59CF298012B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BC4708AF-39E7-4868-A5CB-1358129F189E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {BF99E98E-3DCC-4C63-BFCC-0D9E763B7321} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {D89B7EF5-FAFC-4BE1-A8D6-3026ECA94AA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D9EDA806-9674-484F-92F7-BA2D4658F233} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {EBFF86B5-8470-4F17-B578-E74EF379E72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {F59C7E2C-9BAC-47A0-8E39-FAFA18196BE8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBF5A053-9DE2-40C2-BBB8-28ADC880335D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {FD40D52E-37D7-4D3B-AAFC-0BED2B0EDE6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 19:05 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-06-23 20:11 - 2015-06-23 20:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-17 21:21 - 2017-08-17 21:21 - 001546208 _____ () C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 07:16 - 2017-10-26 07:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 07:16 - 2017-10-26 07:19 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-25 17:46 - 2017-10-25 17:46 - 031229440 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_27_0_0_183.dll
2017-02-28 20:46 - 2017-02-28 20:46 - 001619240 _____ () C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe
2017-04-20 16:55 - 2017-04-20 16:55 - 001015840 _____ () C:\Program Files (x86)\MalwareProtectionLive\mplsettings.dll
2015-09-14 13:21 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 000137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-05-17 07:20 - 2017-06-21 15:13 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-09-28 07:06 - 000000869 _____ C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{B1E2CC30-FDF0-4D17-B442-8F5A2BF81701}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LineUpdater.exe
FirewallRules: [{19F23721-5FB4-44C4-832F-81846AF0034C}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LineUpdater.exe
FirewallRules: [{9D0E4F43-93A7-4D4C-BBCE-512D97FFD48D}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LINE.exe
FirewallRules: [{AEA14242-A73C-4AC0-908F-B7BA71573436}] => (Allow) C:\Users\mrado\AppData\Local\LINE\bin\5.1.1.1422\LINE.exe
FirewallRules: [{DE8D3117-6417-4950-9C3F-AD05E2637300}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS0448\HPDiagnosticCoreUI.exe
FirewallRules: [{8973DC07-9FD4-428B-85C8-EEF977F8F48C}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS0448\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{BDCDCAC0-B472-4998-9AB9-362E40E1CE4F}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{14F0E316-2CA4-4EC4-9FF9-17D4695EDC56}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [{5E18E7E7-2B0E-4C15-AF12-C4680E7EEE68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4481CFE8-E5ED-4643-BA72-5E81B73478DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{757A961A-9F4B-4B20-BC1F-CC85DF18F3B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BE27C445-5B0A-4EBE-B5AC-55052E744781}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D974965A-7475-469B-9BFE-4BE666588C68}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{76202D70-A55B-4FCF-9840-5B7E836219BF}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{2A3F803F-7B6C-4AAD-B572-766DF44A7B16}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{F5941FDB-B6FE-4B87-BD79-7C800BF19EE3}] => (Allow) C:\Program Files (x86)\Documents To Go Desktop\DocsToGoDesktop.exe
FirewallRules: [{99244F9D-253B-491A-AEA0-C07B560629AD}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS65DF\HPDiagnosticCoreUI.exe
FirewallRules: [{BE25008D-8A9F-4E71-928C-9E78283F7371}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS65DF\HPDiagnosticCoreUI.exe
FirewallRules: [{12D97B9A-5659-4AF6-89DD-856C0C1D4143}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{901ADAF5-9CDC-4307-8C7E-988EE1729B75}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{D0BD9BFF-958B-4A94-9ED4-E974F105E641}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E5589EF5-A444-497D-B807-D68A598675FB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{102344DC-ED9C-4899-97F2-2E1941CC217B}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{44ABD3CC-72EB-4D0C-A42F-7C63B6A2C930}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{6FDD4BCA-043F-435E-9627-BC6ED82B6840}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{DD9613C7-C93D-4F39-8E78-2A73947B5EC6}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{78885430-2F7F-43B4-A6D4-944FBE0411E7}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{62286175-15CF-48ED-8C45-5DF3846EDDB2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{DC9CC6F0-6F76-44F8-B3F5-EE635ED55389}E:\1driver\sdi_r326\sdi_x64_r326.exe] => (Allow) E:\1driver\sdi_r326\sdi_x64_r326.exe
FirewallRules: [TCP Query User{0760722A-F1A0-4D30-8D5C-BBC15B54061B}E:\1driver\sdi_r326\sdi_x64_r326.exe] => (Allow) E:\1driver\sdi_r326\sdi_x64_r326.exe
FirewallRules: [{2F1BCE6E-E14D-472D-977F-F1B4C0E6187D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{193E83AB-7193-4E8E-BB8A-3C93306CAE7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{49999C3F-FA9F-48CD-82C7-0A0A7789E38B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{156C4006-1B9E-478D-8FFA-0B18E372F0EC}] => (Allow) D:\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{3430210C-E998-4E34-A195-6199F866E7A3}] => (Allow) D:\Steam\steamapps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{83B3F830-BF60-4A8B-BE4F-312CB5EAA779}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{62FC5113-DCA0-4FBB-8587-832994FC9EE4}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{367794A0-44C8-4E55-A0C4-C497AFFE01D2}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{16EBB7EA-689D-43D9-BCCF-E3E29C7C6FF5}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4C18B245-EFFD-429E-9E43-C23CFDBDDD07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D5CF66C6-2BF5-42EB-89A8-04E6199A95CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{525E53A2-F6EF-46D5-800D-A0A4AD4BEBAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2A1C810B-4FE9-4DF6-9A0C-18BC1BA65E17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{97F4888D-8088-42C5-9375-0F7487757C8E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{235CA01E-A507-4C45-80D8-4AABE0086D74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F60246B8-2176-4F1E-A32B-E82CE33FAAB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{848CD785-F189-4F0E-BB1E-EA8FC8BAD77E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{6A6B12FF-468E-4C17-AF39-C41889BD129C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{FB82610A-489C-4D34-B6C0-D8641E79C81C}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DEF1B19E-7124-4C88-BB1A-9F749A9050E9}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5D8FBCC2-2445-4A49-994A-35153C7CBB1D}] => (Allow) C:\Program Files\HP\HP Officejet 6600\Bin\DeviceSetup.exe
FirewallRules: [{90447EAE-B693-41AB-94EB-252CE754CB3A}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\SendAFax.exe
FirewallRules: [{221DC867-F7E7-4F4B-A66A-D8C5D04DD4A4}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\DigitalWizards.exe
FirewallRules: [{963C209F-19AA-416A-8471-DDA2E2060A16}] => (Allow) C:\Program Files\HP\HP Officejet 6600\bin\FaxApplications.exe
FirewallRules: [{3F3BE456-6A2C-416A-A3A2-9D2E4DC49511}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EF22C976-F5CE-4A99-B7FE-EA844933C1B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5D4B0F73-5FEE-43F7-95BD-D9C5C8526C3B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B15FFDD4-FA41-4F9E-9170-687622E6FA73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{53487A23-C354-4A2F-88D1-C78E7D5138C2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3945F54F-6F4B-4FB5-8F00-510EBE498F48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93ACED74-26BC-4304-BBD7-441B254D02A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{936D46D7-C1AC-46D4-B973-2BB5E5470E82}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{D02CE7C8-40AA-4941-853E-F56BC87DFF3B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C80510D2-ACAE-4A05-BE7C-CD55CF26C0C9}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS4A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{62CF9AD6-DF37-47C8-B5E2-829AFBD0D66F}] => (Allow) C:\Users\mrado\AppData\Local\Temp\7zS4A1C\HPDiagnosticCoreUI.exe
FirewallRules: [{ECA6E3AC-20E1-4841-A6DB-5CCB6638E967}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{717EA167-7FC2-4CCB-8773-E894780C4E5A}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{BC381AE9-C65C-475C-94A2-396943721954}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{EF7B990F-9BD3-44EA-8325-E215542A4CB5}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{70DD4637-DDCA-49BE-BF7B-D4D79CD23E3D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Kreutti-LAN\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [{B3974DE5-1C27-41EE-9044-D9947AC26A7B}] => (Allow) C:\Program Files (x86)\Microsoft Games\Kreutti-LAN\Age of Empires II\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{118B7AF1-5AB0-4F5A-901B-6B839531E7FD}C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{1FC75129-0E17-489E-8883-5E93ABEC2A5C}C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\kreutti-lan\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{00E1730B-3728-4650-BCA9-2A318E4B7771}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{A27EFDDB-906C-4C5C-A5D1-62EF24E26CFB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{D3F90976-D48A-4794-AB93-FA0171B765CD}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{1A18AA73-83BB-4C50-B02A-D56C90D17AEE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\Apowersoft Screen Recorder Pro 2.exe
FirewallRules: [{434AF7FD-D2B9-4C52-A4A3-17CC49FAE69C}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\iOS Recorder.exe
FirewallRules: [{FEB570C9-0A4A-48AF-9C99-8BF0F7386DAE}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Screen Recorder Pro 2\iOS Recorder.exe
FirewallRules: [{B3729FCF-6AF1-4AC5-899C-831416362532}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B1FEAF23-DB5D-4F45-A583-4AA50DE332D0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 11:31:54 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (10/31/2017 08:25:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/31/2017 08:25:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (10/31/2017 11:31:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/31/2017 11:31:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/31/2017 11:31:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 31.10.2017 um 10:22:15 unerwartet heruntergefahren.
Error: (10/30/2017 07:40:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/30/2017 07:40:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/30/2017 07:40:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.10.2017 um 18:47:07 unerwartet heruntergefahren.
Error: (10/30/2017 06:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (10/30/2017 06:47:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (10/30/2017 06:47:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.10.2017 um 16:50:13 unerwartet heruntergefahren.
Error: (10/30/2017 04:10:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
CodeIntegrity:
===================================
Date: 2017-10-31 14:22:04.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 14:22:04.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 14:22:02.347
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 14:22:02.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:45.283
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:45.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:40.690
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:54:40.688
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:31:42.637
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-10-31 11:31:42.635
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 52%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 3872.97 MB
Summe virtueller Speicher: 9423.88 MB
Verfügbarer virtueller Speicher: 4141.78 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:58.28 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:692.16 GB) NTFS
Drive e: (32_00_00) (Fixed) (Total:298.02 GB) (Free:21.34 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3E1EBD07)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
durchgeführt von mrado (Administrator) auf DESKTOP-A84CFPT (31-10-2017 14:22:09)
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\MalwareProtectionLive\MalwareProtectionClient.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
() C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2007-08-31] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [TomTomHOME.exe] => D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Browser Extensions] => C:\Users\mrado\AppData\Roaming\BrowserExtensions\BEHelper.exe [1619240 2017-02-28] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{72e801e1-0d70-478c-ab42-bac0ef611475}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ie
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> DefaultScope {A00A2EFA-700C-4184-A813-BAC983B19961} URL = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_inb_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st={searchTerms}
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> {A00A2EFA-700C-4184-A813-BAC983B19961} URL = hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_inb_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dchr-greentree_ie%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\mrado\AppData\Roaming\BrowserExtensions\Coupons64.dll [2017-02-28] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO-x32: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\mrado\AppData\Roaming\BrowserExtensions\Coupons.dll [2017-02-28] ()
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7xti9fl7.default
FF ProfilePath: C:\Users\mrado\AppData\Roaming\TomTom\HOME\Profiles\2f4az5v7.default [2015-12-03]
FF Extension: (Map status indicator) - D:\Programme\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-03] [ist nicht signiert]
FF ProfilePath: C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default [2017-10-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ff
FF Keyword.URL: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxp://imp.ytdwld.com/impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_adr_search&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2Fsearch%3Ffr%3Dgreentree_ff1%26ei%3Dutf-8%26ilc%3D12%26type%3D395337%26p%3D&st=
FF Extension: (eBay Shopping Assistant) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{24d26487-6274-48b1-b500-22f24884f971} [2017-06-11]
FF Extension: (Start Page) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{7a526449-3a92-426f-8ca4-47439918f2b1} [2017-06-11]
FF Extension: (Slick Savings) - C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\Extensions\{90477448-b59c-48cd-98af-6a298cbc15d2} [2017-06-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509878254-1581680034-4090546777-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mrado\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-13] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default [2017-10-31]
CHR Extension: (Präsentationen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Adblock Plus) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabellen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R1 MpKsl07d560e5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1130C9E5-8739-4989-856D-7BF9108172D3}\MpKsl07d560e5.sys [58120 2017-10-14] (Microsoft Corporation)
R1 MpKsl2690f037; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6CF9C83B-732B-414B-B20B-4B240FF16B94}\MpKsl2690f037.sys [49392 2017-10-25] (Microsoft Corporation)
R1 MpKsl26d197c7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3E8CD1D-377C-4E1A-A947-4EFC075908C3}\MpKsl26d197c7.sys [58120 2017-10-19] (Microsoft Corporation)
R1 MpKsl2c2aefe3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C250363B-EF92-490C-84F2-FEDE80562BBF}\MpKsl2c2aefe3.sys [49392 2017-10-29] (Microsoft Corporation)
R1 MpKsl3791f0c4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CACAAF0F-0E2F-4BA7-9486-B7A5E7953796}\MpKsl3791f0c4.sys [49392 2017-10-28] (Microsoft Corporation)
R1 MpKsl6336f725; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF050026-20ED-4F7C-BDE5-1DD3F1F4B063}\MpKsl6336f725.sys [58120 2017-10-16] (Microsoft Corporation)
R1 MpKsl814def80; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DABFFC92-D39F-4E03-8892-69BB6C049E7B}\MpKsl814def80.sys [58120 2017-10-21] (Microsoft Corporation)
R1 MpKsla39999f5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1C7ABC4-FE4D-473D-A3EC-277DECEE91DD}\MpKsla39999f5.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKslc452dda0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9F1A42F5-5EBB-415F-BACF-666E8882A5BD}\MpKslc452dda0.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKslc8898986; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFB50B05-C85A-4A89-8BEF-CD2463421845}\MpKslc8898986.sys [49392 2017-10-30] (Microsoft Corporation)
R1 MpKsld8833205; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACC0AD23-A46D-428A-9D56-3E849253F2AE}\MpKsld8833205.sys [58120 2017-10-15] (Microsoft Corporation)
R1 MpKslde14fa48; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C3E8CD1D-377C-4E1A-A947-4EFC075908C3}\MpKslde14fa48.sys [58120 2017-10-20] (Microsoft Corporation)
R1 MpKsldfd4f48e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BC6F659-61C9-40B8-AB66-F8B2D76476AB}\MpKsldfd4f48e.sys [49392 2017-10-31] (Microsoft Corporation)
R1 MpKslf437d529; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC8453B6-4E03-4178-B268-7D94EB7B2066}\MpKslf437d529.sys [58120 2017-10-16] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11968 2000-07-29] () [Datei ist nicht signiert]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-31 14:22 - 2017-10-31 14:22 - 000022331 _____ C:\Users\mrado\Desktop\FRST.txt
2017-10-31 14:22 - 2017-10-31 14:22 - 000000000 ____D C:\FRST
2017-10-31 11:54 - 2017-10-31 11:55 - 000000000 ____D C:\Users\mrado\Desktop\FRST
2017-10-31 11:54 - 2017-10-31 11:54 - 002403328 _____ (Farbar) C:\Users\mrado\Desktop\FRST64.exe
2017-10-26 16:56 - 2017-10-26 16:56 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iPod
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-18 15:59 - 2017-10-18 15:59 - 000032026 _____ C:\Users\mrado\Downloads\Buchstaben Aa Ll Mm Oo Ee trainieren.pdf
2017-10-11 18:31 - 2017-10-11 18:31 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:29 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:29 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:29 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:29 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 18:29 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:29 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:29 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:29 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:29 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:29 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:29 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:29 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:29 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:29 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:29 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:29 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:29 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:29 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:29 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:29 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:29 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:29 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:29 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 18:28 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 18:28 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 18:28 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 18:28 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 18:28 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 18:28 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 18:28 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 18:28 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 18:28 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 18:28 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 18:28 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 18:28 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 18:28 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 18:28 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 18:28 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 18:28 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 18:28 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 18:28 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 18:28 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 18:28 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 18:28 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 18:28 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 18:28 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 18:28 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 18:28 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 18:28 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 18:28 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 18:28 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 18:28 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 18:28 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-10-31 14:07 - 2015-12-09 16:19 - 000000000 ____D C:\Users\mrado\Documents\Outlook-Dateien
2017-10-31 13:10 - 2015-09-17 19:58 - 000000000 ____D C:\Users\mrado\AppData\Local\Packages
2017-10-31 11:37 - 2017-05-19 06:43 - 003624026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-31 11:37 - 2017-03-20 05:35 - 001765950 _____ C:\WINDOWS\system32\perfh007.dat
2017-10-31 11:37 - 2017-03-20 05:35 - 000442810 _____ C:\WINDOWS\system32\perfc007.dat
2017-10-31 11:31 - 2017-05-19 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-31 11:31 - 2017-05-19 06:35 - 000000000 ____D C:\Users\mrado
2017-10-31 11:31 - 2016-09-22 06:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-31 11:31 - 2015-09-23 20:20 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job
2017-10-31 10:28 - 2017-05-19 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-31 08:27 - 2017-05-19 06:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF5A1CA3-3649-4C6C-B496-C9FB546074B1}
2017-10-31 00:15 - 2016-09-28 19:32 - 000000000 ____D C:\Users\mrado\AppData\Local\Battle.net
2017-10-30 23:40 - 2017-05-19 06:40 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormrado
2017-10-30 22:48 - 2016-06-13 16:47 - 000000000 ____D C:\Users\mrado\AppData\Roaming\Telegram Desktop
2017-10-30 20:35 - 2017-01-12 22:50 - 000001723 _____ C:\Users\mrado\Desktop\Hearthstone Deck Tracker - Verknüpfung.lnk
2017-10-30 20:35 - 2016-09-28 19:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-29 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-29 09:17 - 2016-12-05 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-29 09:17 - 2015-09-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-28 11:07 - 2016-12-14 16:51 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Mozilla
2017-10-28 10:15 - 2017-07-25 15:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509878254-1581680034-4090546777-1002
2017-10-28 10:15 - 2015-09-17 20:00 - 000002432 _____ C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-28 10:15 - 2015-09-17 20:00 - 000000000 ___RD C:\Users\mrado\OneDrive
2017-10-26 16:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 16:55 - 2015-09-23 21:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-26 16:37 - 2017-02-20 17:27 - 000000000 ____D C:\Users\mrado\Downloads\Telegram Desktop
2017-10-25 17:46 - 2017-05-19 06:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 22:30 - 2016-04-01 21:31 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 14:37 - 2015-11-18 19:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-14 17:23 - 2015-09-30 19:48 - 000000000 ____D C:\Users\mrado\AppData\Local\Adobe
2017-10-14 12:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 05:08 - 2015-09-14 12:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 05:07 - 2017-05-19 06:33 - 000272688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 22:48 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-10-11 22:47 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:32 - 2015-09-21 06:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:31 - 2015-09-21 06:55 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:54 - 2015-10-07 17:03 - 000000000 ____D C:\Users\mrado\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-23 19:26 - 2015-09-23 19:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-05-19 06:34 - 2017-05-19 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
2017-09-26 19:57 - 2017-09-26 19:57 - 001575660 _____ ( ) C:\Users\mrado\AppData\Local\Temp\ICReinstall_VideoPlayerSetup_2318671983.exe
2017-08-08 16:56 - 2017-08-08 16:56 - 014456872 _____ (Microsoft Corporation) C:\Users\mrado\AppData\Local\Temp\vc_redist.x86.exe
2017-06-24 08:12 - 2017-07-21 13:31 - 000084216 _____ () C:\Users\mrado\AppData\Local\Temp\VirtualDJ New Version.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-31 12:19
==================== Ende von FRST.txt ============================
Don Camillo |
|
31.10.2017, 20:44
| #4 |
| /// TB-Ausbilder | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
01.11.2017, 00:54
| #5 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Matthias, Schritt 1 ist abgeschlossen. Hier ist der Inhalt der Textdatei. Code:
ATTFilter # AdwCleaner 7.0.4.0 - Logfile created on Tue Oct 31 23:25:23 2017
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\mrado\AppData\Roaming\BrowserExtensions
Deleted: C:\Program Files (x86)\GreenTree Applications
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted: C:\ProgramData\ytd video downloader
Deleted: C:\Users\All Users\ytd video downloader
Deleted: C:\Program Files (x86)\MalwareProtectionLive
***** [ Files ] *****
Deleted: C:\Users\All Users\Desktop\YTD Video Downloader.lnk
Deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk
Deleted: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malware Protection Live.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted: MPLClient
***** [ Registry ] *****
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1r13r3o29j76z.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d3iz6lralvg77g.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d62mrph0xm5hi.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1r13r3o29j76z.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d3iz6lralvg77g.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d62mrph0xm5hi.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [http:\\imp.ytdwld.com\impression.do?source=395337&sub_id=20170611&user_id=e09ec992-a255-4774-8079-6fa9ef1d45b0&traffic_source=update&event=ro_homepage&implementation_id=ytdau&redir=https%3A%2F%2Fat.search.yahoo.com%2F%3Ftype%3D395337%26fr%3Dspigot-yhp-ie]
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Deleted: [Value] - HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Run|Browser Extensions
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Browser Extensions
Deleted: [Key] - HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\AppDataLow\Software\Browser Extensions
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Browser Extensions
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareProtectionLive
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Prefetch files deleted
::Proxy settings cleared
::Firewall rules cleared
::IE policies deleted
::Chrome policies deleted
::Hosts file cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [6702 B] - [2017/10/31 23:24:36]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Don Camillo Hallo Matthias, Schritt 2 ist abgeschlossen. Hier der Inhalt der mbam.txt Datei: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 01.11.17
Scan-Zeit: 00:34
Protokolldatei: 1129b024-be94-11e7-bfe5-448a5ba07b78.json
Administrator: Ja
-Softwaredaten-
Version: 3.2.2.2029
Komponentenversion: 1.0.212
Version des Aktualisierungspakets: 1.0.3144
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.674)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-A84CFPT\mrado
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 412174
Erkannte Bedrohungen: 64
In die Quarantäne verschobene Bedrohungen: 64
Abgelaufene Zeit: 5 Min., 4 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 6
PUP.Optional.Spigot, HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A00A2EFA-700C-4184-A813-BAC983B19961}, In Quarantäne, [648], [243431],1.0.3144
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [14055], [293877],1.0.3144
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [14055], [293877],1.0.3144
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [14055], [293877],1.0.3144
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [14055], [293877],1.0.3144
PUP.Optional.BrowserExtensions, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, In Quarantäne, [14055], [293877],1.0.3144
Registrierungswert: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A00A2EFA-700C-4184-A813-BAC983B19961}|URL, In Quarantäne, [648], [243431],1.0.3144
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 12
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\META-INF, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\USERS\MRADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XTI9FL7.DEFAULT\EXTENSIONS\{24D26487-6274-48B1-B500-22F24884F971}, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\META-INF, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\USERS\MRADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XTI9FL7.DEFAULT\EXTENSIONS\{7A526449-3A92-426F-8CA4-47439918F2B1}, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\META-INF, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\USERS\MRADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XTI9FL7.DEFAULT\EXTENSIONS\{90477448-B59C-48CD-98AF-6A298CBC15D2}, In Quarantäne, [648], [179797],1.0.3144
Datei: 45
Trojan.Kovter, C:\USERS\MRADO\DOWNLOADS\FLASHPLAYER.HTA, In Quarantäne, [47], [446162],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\config.json, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\ebay.png, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\ebay.xul, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\main.js, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\prefs.txt, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\saebay.js, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome\content\spigot.js, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\META-INF\manifest.mf, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\META-INF\mozilla.rsa, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\META-INF\mozilla.sf, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\chrome.manifest, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\icon.png, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{24d26487-6274-48b1-b500-22f24884f971}\install.rdf, In Quarantäne, [648], [179793],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\config.json, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\main.js, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\main.xul, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\newtab.xul, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\prefs.txt, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\redirects.js, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\spigot.js, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome\content\startpage.js, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\META-INF\manifest.mf, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\META-INF\mozilla.rsa, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\META-INF\mozilla.sf, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\chrome.manifest, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\icon.png, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{7a526449-3a92-426f-8ca4-47439918f2b1}\install.rdf, In Quarantäne, [648], [179796],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\config.json, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\main.js, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\prefs.txt, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\savingsslider.js, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\savingsslider.xul, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome\content\spigot.js, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\META-INF\manifest.mf, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\META-INF\mozilla.rsa, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\META-INF\mozilla.sf, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\chrome.manifest, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\icon.png, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default\extensions\{90477448-b59c-48cd-98af-6a298cbc15d2}\install.rdf, In Quarantäne, [648], [179797],1.0.3144
PUP.Optional.Spigot, C:\USERS\MRADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XTI9FL7.DEFAULT\PREFS.JS, Ersetzt, [648], [301667],1.0.3144
PUP.Optional.Spigot, C:\USERS\MRADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7XTI9FL7.DEFAULT\PREFS.JS, Ersetzt, [648], [303258],1.0.3144
PUP.Optional.DownloadAssistant, C:\$RECYCLE.BIN\S-1-5-21-3509878254-1581680034-4090546777-1002\$RG0BQ15.EXE, In Quarantäne, [379], [67115],1.0.3144
PUP.Optional.BundleInstaller, C:\USERS\MRADO\APPDATA\LOCAL\TEMP\ICREINSTALL_VIDEOPLAYERSETUP_2318671983.EXE, In Quarantäne, [20], [439791],1.0.3144
PUP.Optional.DownloadAssistant, C:\$RECYCLE.BIN\S-1-5-21-3509878254-1581680034-4090546777-1002\$RR9KKZ3.EXE, In Quarantäne, [379], [67115],1.0.3144
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Don Camillo Hallo Matthias, und hier noch Schritt 3, der Inhalt der beiden Dateien nach dem Start von FRST.exe. Zuerst der Inhalt der Datei 1: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2017
durchgeführt von mrado (Administrator) auf DESKTOP-A84CFPT (01-11-2017 00:50:13)
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2007-08-31] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [TomTomHOME.exe] => D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{72e801e1-0d70-478c-ab42-bac0ef611475}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> DefaultScope {A00A2EFA-700C-4184-A813-BAC983B19961} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7xti9fl7.default
FF ProfilePath: C:\Users\mrado\AppData\Roaming\TomTom\HOME\Profiles\2f4az5v7.default [2015-12-03]
FF Extension: (Map status indicator) - D:\Programme\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-03] [ist nicht signiert]
FF ProfilePath: C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default [2017-10-28]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509878254-1581680034-4090546777-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mrado\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-13] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Präsentationen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Adblock Plus) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabellen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-11-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-01] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11968 2000-07-29] () [Datei ist nicht signiert]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 00:43 - 2017-11-01 00:43 - 000013783 _____ C:\Users\mrado\Desktop\mbam.txt
2017-11-01 00:34 - 2017-11-01 00:42 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-01 00:34 - 2017-11-01 00:42 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-01 00:34 - 2017-11-01 00:34 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-01 00:33 - 2017-11-01 00:42 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-01 00:33 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-01 00:30 - 2017-11-01 00:33 - 071535032 _____ (Malwarebytes ) C:\Users\mrado\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-11-01 00:22 - 2017-11-01 00:25 - 000000000 ____D C:\AdwCleaner
2017-11-01 00:21 - 2017-11-01 00:21 - 008261584 _____ (Malwarebytes) C:\Users\mrado\Desktop\adwcleaner_7.0.4.0.exe
2017-11-01 00:03 - 2017-11-01 00:03 - 000000000 ____D C:\Users\mrado\Desktop\AdwCleaner
2017-10-31 14:22 - 2017-11-01 00:50 - 000016461 _____ C:\Users\mrado\Desktop\FRST.txt
2017-10-31 14:22 - 2017-11-01 00:50 - 000000000 ____D C:\FRST
2017-10-31 14:22 - 2017-10-31 14:22 - 000045428 _____ C:\Users\mrado\Desktop\Addition.txt
2017-10-31 11:54 - 2017-10-31 11:55 - 000000000 ____D C:\Users\mrado\Desktop\FRST
2017-10-31 11:54 - 2017-10-31 11:54 - 002403328 _____ (Farbar) C:\Users\mrado\Desktop\FRST64.exe
2017-10-26 16:56 - 2017-10-26 16:56 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iPod
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-18 15:59 - 2017-10-18 15:59 - 000032026 _____ C:\Users\mrado\Downloads\Buchstaben Aa Ll Mm Oo Ee trainieren.pdf
2017-10-11 18:31 - 2017-10-11 18:31 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:29 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:29 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:29 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:29 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 18:29 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:29 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:29 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:29 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:29 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:29 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:29 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:29 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:29 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:29 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:29 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:29 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:29 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:29 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:29 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:29 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:29 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:29 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:29 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 18:28 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 18:28 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 18:28 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 18:28 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 18:28 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 18:28 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 18:28 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 18:28 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 18:28 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 18:28 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 18:28 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 18:28 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 18:28 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 18:28 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 18:28 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 18:28 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 18:28 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 18:28 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 18:28 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 18:28 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 18:28 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 18:28 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 18:28 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 18:28 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 18:28 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 18:28 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 18:28 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 18:28 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 18:28 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 18:28 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 00:46 - 2017-05-19 06:43 - 003682406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 00:46 - 2017-03-20 05:35 - 001797326 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-01 00:46 - 2017-03-20 05:35 - 000451846 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-01 00:42 - 2017-05-19 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 00:42 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-01 00:42 - 2016-09-22 06:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-01 00:02 - 2015-12-09 16:19 - 000000000 ____D C:\Users\mrado\Documents\Outlook-Dateien
2017-11-01 00:01 - 2017-05-19 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-31 21:15 - 2017-05-19 06:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF5A1CA3-3649-4C6C-B496-C9FB546074B1}
2017-10-31 13:10 - 2015-09-17 19:58 - 000000000 ____D C:\Users\mrado\AppData\Local\Packages
2017-10-31 11:31 - 2017-05-19 06:35 - 000000000 ____D C:\Users\mrado
2017-10-31 11:31 - 2015-09-23 20:20 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-31 08:28 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-31 00:15 - 2016-09-28 19:32 - 000000000 ____D C:\Users\mrado\AppData\Local\Battle.net
2017-10-30 23:40 - 2017-05-19 06:40 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormrado
2017-10-30 22:48 - 2016-06-13 16:47 - 000000000 ____D C:\Users\mrado\AppData\Roaming\Telegram Desktop
2017-10-30 20:35 - 2017-01-12 22:50 - 000001723 _____ C:\Users\mrado\Desktop\Hearthstone Deck Tracker - Verknüpfung.lnk
2017-10-30 20:35 - 2016-09-28 19:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-29 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-29 09:17 - 2016-12-05 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-29 09:17 - 2015-09-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-28 11:07 - 2016-12-14 16:51 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Mozilla
2017-10-28 10:15 - 2017-07-25 15:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509878254-1581680034-4090546777-1002
2017-10-28 10:15 - 2015-09-17 20:00 - 000002432 _____ C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-28 10:15 - 2015-09-17 20:00 - 000000000 ___RD C:\Users\mrado\OneDrive
2017-10-26 16:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 16:55 - 2015-09-23 21:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-26 16:37 - 2017-02-20 17:27 - 000000000 ____D C:\Users\mrado\Downloads\Telegram Desktop
2017-10-25 17:46 - 2017-05-19 06:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 22:30 - 2016-04-01 21:31 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 14:37 - 2015-11-18 19:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-14 17:25 - 2015-09-30 19:48 - 000000000 ____D C:\Users\mrado\AppData\Local\Adobe
2017-10-14 12:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 05:08 - 2015-09-14 12:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 05:07 - 2017-05-19 06:33 - 000272688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 22:47 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:32 - 2015-09-21 06:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:31 - 2015-09-21 06:55 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:54 - 2015-10-07 17:03 - 000000000 ____D C:\Users\mrado\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-23 19:26 - 2015-09-23 19:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-05-19 06:34 - 2017-05-19 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
Einige Dateien in TEMP:
====================
2017-08-08 16:56 - 2017-08-08 16:56 - 014456872 _____ (Microsoft Corporation) C:\Users\mrado\AppData\Local\Temp\vc_redist.x86.exe
2017-06-24 08:12 - 2017-07-21 13:31 - 000084216 _____ () C:\Users\mrado\AppData\Local\Temp\VirtualDJ New Version.exe
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-31 12:19
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26-10-2017
durchgeführt von mrado (01-11-2017 00:50:45)
Gestartet von C:\Users\mrado\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-19 05:42:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3509878254-1581680034-4090546777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509878254-1581680034-4090546777-503 - Limited - Disabled)
Gast (S-1-5-21-3509878254-1581680034-4090546777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3509878254-1581680034-4090546777-1004 - Limited - Enabled)
mrado (S-1-5-21-3509878254-1581680034-4090546777-1002 - Administrator - Enabled) => C:\Users\mrado
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apowersoft Bildschirmrekorder Pro V2.2.4 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Digital Viewer (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19103.105 - Sonix)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.017 - DataViz, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Innkeeper (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Innkeeper) (Version: 0.4.3 - Curse Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
LINE (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\LINE) (Version: 5.3.3.1519 - LINE Corporation)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ 8 (HKLM-x32\...\{24F8CB37-888B-41E6-B119-CDC3F5075F57}) (Version: 8.0.2483.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0523A3D1-47FF-4383-837D-BDA294CB33D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {057DEA9B-CDB8-421D-8408-457BA3979B5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {071A3197-5E92-43F2-A7A8-E67571C4A89E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo)
Task: {0E365BCA-ECFA-42B1-9111-EDE447A40272} - System32\Tasks\{219B5455-FCD0-4C93-A66B-6EF0BC2AF3F9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=de-de
Task: {12C7155E-F409-4B0A-BEE0-E814968BD48D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1525EA8F-6A47-4D75-BF2A-3ECE1520B276} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1CDE4868-6C3E-4C7C-952F-3371E5AD103B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1FFCB66C-5BCF-4655-ACE9-B3DF9EC2703A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3A2397-30C6-415D-A148-3AE3AD43D317} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3A9D1CA7-7688-47D5-9A5F-79B02A5E4B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {412F4D35-C7C9-4417-AEA6-7BA817AABC36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {468A331E-E707-4AEA-8D8E-97D194600D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5B36618D-AE0A-403A-BF0E-71813129F9E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6DC65838-CD18-413E-96E9-B40AE20F90DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {91FA4E0D-655C-4B1A-B193-9F43FD77E8A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {9F4A339F-49AC-4FDA-A731-FF6DA3E2FFD2} - System32\Tasks\{690A624A-DB40-40A2-8818-6C74D9C4A5E5} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {A496C06A-14CA-4230-962D-EBDA3C6C1BB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A912B7AA-7ABE-4CC4-90F7-EA13E15DEA64} - System32\Tasks\HPCeeScheduleFormrado => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B47CE98E-128A-433F-A7B5-C59CF298012B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BC4708AF-39E7-4868-A5CB-1358129F189E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {BF99E98E-3DCC-4C63-BFCC-0D9E763B7321} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {D89B7EF5-FAFC-4BE1-A8D6-3026ECA94AA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D9EDA806-9674-484F-92F7-BA2D4658F233} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {EBFF86B5-8470-4F17-B578-E74EF379E72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {F59C7E2C-9BAC-47A0-8E39-FAFA18196BE8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBF5A053-9DE2-40C2-BBB8-28ADC880335D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {FD40D52E-37D7-4D3B-AAFC-0BED2B0EDE6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-11-01 00:33 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-01 00:33 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-23 20:11 - 2015-06-23 20:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-11-18 19:05 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 07:16 - 2017-10-26 07:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 07:16 - 2017-10-26 07:19 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2015-09-14 13:21 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 000137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-11-01 00:25 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{44B2B678-9ED7-49B2-93BE-E2CAB5AA595F}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{EC825C9E-5497-4051-BF82-590F68BB7E88}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/01/2017 12:42:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:42:55 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 12:42:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/01/2017 12:42:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:42:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:42:55 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:30:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:26:30 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:26:30 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 12:26:30 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Systemfehler:
=============
Error: (11/01/2017 12:42:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (11/01/2017 12:42:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (11/01/2017 12:41:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A84CFPT)
Description: Der Server "{0002DF02-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/01/2017 12:41:57 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-A84CFPT)
Description: Der Server "{0002DF02-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/01/2017 12:26:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (11/01/2017 12:25:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (11/01/2017 12:25:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:25:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/01/2017 12:25:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:25:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2017-11-01 00:50:00.083
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 00:50:00.081
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 00:49:57.518
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 00:49:57.515
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 00:44:10.773
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 00:44:06.546
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 00:44:06.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 00:34:01.853
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 00:34:01.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 00:34:01.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 5935.55 MB
Summe virtueller Speicher: 9423.88 MB
Verfügbarer virtueller Speicher: 7107.78 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:57.71 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:692.13 GB) NTFS
Drive e: (32_00_00) (Fixed) (Total:298.02 GB) (Free:21.34 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3E1EBD07)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Don Camillo |
|
01.11.2017, 10:37
| #6 |
| /// TB-Ausbilder | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Servus, gut gemacht. Schritt 1
Schritt 2
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
01.11.2017, 13:01
| #7 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Matthias, Schritt 1 ist erledigt. Hier ist der Inhalt der fixlog.txt Datei: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 12:29:20) Run:1
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Zoom] => [X]
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
*****************
Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => Wert erfolgreich entfernt
========= dir "%ProgramFiles%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Program Files
01.11.2017 00:33 <DIR> .
01.11.2017 00:33 <DIR> ..
23.09.2015 21:06 <DIR> Bonjour
23.11.2016 21:34 <DIR> Bonjour Print Services
08.08.2017 16:53 <DIR> Common Files
23.09.2015 19:26 <DIR> HP
19.05.2017 06:36 <DIR> Intel
12.09.2017 23:41 <DIR> Internet Explorer
26.10.2017 16:56 <DIR> iPod
26.10.2017 16:56 <DIR> iTunes
01.11.2017 00:33 <DIR> Malwarebytes
28.09.2017 07:06 <DIR> McAfee Security Scan
25.09.2015 18:52 <DIR> Microsoft Mouse and Keyboard Center
18.10.2017 14:37 <DIR> Microsoft Office 15
15.06.2017 08:07 <DIR> Microsoft Silverlight
31.05.2017 19:42 <DIR> NVIDIA Corporation
19.05.2017 06:34 <DIR> Realtek
16.05.2017 19:52 <DIR> TeamSpeak 3 Client
13.05.2017 10:02 <DIR> UNP
12.07.2017 23:14 <DIR> Windows Defender
12.09.2017 23:41 <DIR> Windows Mail
20.03.2017 05:36 <DIR> Windows Media Player
18.03.2017 22:03 <DIR> Windows Multimedia Platform
19.05.2017 06:42 <DIR> Windows NT
12.09.2017 23:41 <DIR> Windows Photo Viewer
18.03.2017 22:03 <DIR> Windows Portable Devices
18.03.2017 22:03 <DIR> Windows Security
18.03.2017 22:03 <DIR> WindowsPowerShell
08.03.2016 18:30 <DIR> WinRAR
0 Datei(en), 0 Bytes
29 Verzeichnis(se), 62.095.831.040 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Program Files (x86)
01.11.2017 00:25 <DIR> .
01.11.2017 00:25 <DIR> ..
30.09.2015 19:42 <DIR> Adobe
24.09.2017 13:38 <DIR> Apowersoft
26.10.2017 16:55 <DIR> Apple Software Update
30.10.2017 20:35 <DIR> Battle.net
21.05.2017 18:07 <DIR> BlueStacks
23.09.2015 21:06 <DIR> Bonjour
08.08.2017 16:56 <DIR> Common Files
23.12.2016 21:16 <DIR> Documents To Go Desktop
24.08.2017 08:42 <DIR> Google
18.10.2017 22:30 <DIR> Hearthstone
23.09.2015 19:06 <DIR> Hewlett-Packard
25.04.2016 17:12 <DIR> HP
14.09.2015 13:10 <DIR> Intel
12.09.2017 23:41 <DIR> Internet Explorer
01.10.2016 20:53 <DIR> Maxthon
06.03.2016 12:33 <DIR> Microsoft ASP.NET
09.09.2017 10:30 <DIR> Microsoft Games
18.11.2015 19:11 <DIR> Microsoft Office
15.06.2017 08:07 <DIR> Microsoft Silverlight
19.05.2017 06:36 <DIR> Microsoft.NET
29.10.2017 09:17 <DIR> Mozilla Firefox
29.10.2017 09:17 <DIR> Mozilla Maintenance Service
19.05.2017 06:36 <DIR> NVIDIA Corporation
10.09.2017 11:32 <DIR> Razer
14.09.2015 13:23 <DIR> Realtek
08.08.2017 16:56 <DIR> Skype
23.06.2017 17:19 <DIR> TeamViewer
03.12.2015 20:26 <DIR> TomTom International B.V
21.07.2017 13:31 <DIR> VirtualDJ
31.05.2017 19:42 <DIR> VulkanRT
12.07.2017 23:14 <DIR> Windows Defender
12.09.2017 23:41 <DIR> Windows Mail
20.03.2017 05:36 <DIR> Windows Media Player
18.03.2017 22:03 <DIR> Windows Multimedia Platform
18.03.2017 22:03 <DIR> Windows NT
12.09.2017 23:41 <DIR> Windows Photo Viewer
18.03.2017 22:03 <DIR> Windows Portable Devices
18.03.2017 22:03 <DIR> WindowsPowerShell
0 Datei(en), 0 Bytes
40 Verzeichnis(se), 62.095.790.080 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\ProgramData
01.04.2016 21:52 <DIR> .mono
30.09.2015 19:49 <DIR> Adobe
23.09.2015 19:26 57 Ament.ini
23.09.2015 21:06 <DIR> Apple
23.09.2015 21:06 <DIR> Apple Computer
01.04.2016 21:26 <DIR> Battle.net
01.04.2016 21:30 <DIR> Blizzard Entertainment
02.05.2017 08:44 <DIR> BlueStacks
24.05.2017 18:35 <DIR> BlueStacksSetup
22.06.2017 22:23 <DIR> Canneverbe Limited
16.07.2016 12:47 <DIR> Comms
23.09.2015 20:20 <DIR> Hewlett-Packard
25.04.2016 17:12 <DIR> HP
14.09.2015 13:10 <DIR> Intel
01.11.2017 00:33 <DIR> Malwarebytes
06.03.2017 07:56 <DIR> McAfee
07.09.2017 14:58 <DIR> McAfee Security Scan
19.05.2017 06:44 <DIR> Microsoft OneDrive
15.09.2015 13:41 <DIR> Microsoft SkyDrive
01.11.2017 12:29 <DIR> NVIDIA
31.05.2017 19:42 <DIR> NVIDIA Corporation
08.08.2017 16:56 <DIR> Package Cache
19.05.2017 06:36 <DIR> Razer
18.10.2017 14:39 <DIR> regid.1991-06.com.microsoft
30.08.2017 14:10 <DIR> Skype
18.03.2017 22:03 <DIR> SoftwareDistribution
03.12.2015 20:34 <DIR> TomTom
19.05.2017 06:43 <DIR> USOPrivate
19.05.2017 06:43 <DIR> USOShared
20.03.2017 05:37 <DIR> WindowsHolographicDevices
23.09.2015 19:05 <DIR> {ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5}
1 Datei(en), 57 Bytes
30 Verzeichnis(se), 62.095.728.640 Bytes frei
========= Ende von CMD: =========
========= dir "%Appdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Users\mrado\AppData\Roaming
01.11.2017 00:25 <DIR> .
01.11.2017 00:25 <DIR> ..
28.09.2016 20:39 <DIR> .mono
30.09.2015 19:48 <DIR> Adobe
24.09.2017 13:44 <DIR> Apowersoft
13.10.2015 13:42 <DIR> Apple Computer
02.04.2017 18:09 <DIR> Battle.net
22.06.2017 22:22 <DIR> Canneverbe Limited
23.12.2016 21:16 <DIR> DocumentsToGoDesktop
26.10.2015 18:00 <DIR> DVDVideoSoft
19.09.2017 18:39 <DIR> HearthstoneDeckTracker
23.09.2015 19:09 <DIR> Hewlett-Packard
13.04.2017 11:34 <DIR> HPPSDr
23.09.2015 19:05 <DIR> hpqLog
30.09.2015 20:31 <DIR> HpUpdate
15.04.2017 21:26 <DIR> InnkeeperUI
23.10.2015 22:01 <DIR> InstallShield
17.09.2015 20:01 <DIR> Intel Corporation
17.09.2015 20:01 <DIR> Macromedia
01.10.2016 20:53 <DIR> Maxthon3
23.09.2015 22:50 <DIR> Mozilla
16.05.2017 20:08 <DIR> NVIDIA
16.09.2017 14:17 <DIR> Skype
24.01.2017 07:34 <DIR> TeamViewer
30.10.2017 22:48 <DIR> Telegram Desktop
03.12.2015 20:26 <DIR> TomTom
25.05.2017 20:40 <DIR> TS3Client
08.03.2016 18:30 <DIR> WinRAR
13.07.2017 07:21 <DIR> Zoom
0 Datei(en), 0 Bytes
29 Verzeichnis(se), 62.095.671.296 Bytes frei
========= Ende von CMD: =========
========= dir "%LocalAppdata%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Users\mrado\AppData\Local
01.11.2017 00:26 <DIR> .
01.11.2017 00:26 <DIR> ..
14.10.2017 17:25 <DIR> Adobe
23.09.2015 21:06 <DIR> Apple
23.09.2015 21:07 <DIR> Apple Computer
31.10.2017 00:15 <DIR> Battle.net
01.04.2016 21:52 <DIR> Blizzard
01.04.2016 21:30 <DIR> Blizzard Entertainment
21.05.2017 18:06 <DIR> Bluestacks
30.09.2015 19:48 <DIR> CEF
17.09.2015 20:02 <DIR> Comms
19.05.2017 06:44 <DIR> ConnectedDevicesPlatform
13.04.2017 10:43 <DIR> CrashDumps
21.05.2017 19:45 <DIR> DBG
11.10.2017 07:54 <DIR> Diagnostics
03.12.2015 20:25 <DIR> Downloaded Installations
11.10.2017 07:54 <DIR> ElevatedDiagnostics
31.10.2016 17:02 <DIR> Google
02.02.2017 21:52 <DIR> HearthSim
23.09.2015 20:20 <DIR> Hewlett-Packard
23.09.2015 19:29 <DIR> HP
15.04.2017 21:29 <DIR> Innkeeper
29.04.2017 17:21 <DIR> LINE
24.09.2017 13:51 <DIR> Microsoft
05.02.2017 16:30 <DIR> Microsoft Help
17.09.2015 20:12 <DIR> MicrosoftEdge
23.09.2015 22:56 <DIR> Mozilla
24.12.2016 00:56 <DIR> NVIDIA
09.02.2017 19:45 <DIR> NVIDIA Corporation
31.10.2017 13:10 <DIR> Packages
26.10.2015 18:00 <DIR> Programs
04.10.2016 19:05 <DIR> Publishers
02.10.2015 17:52 <DIR> Razer
02.10.2015 18:05 <DIR> RzStats
20.02.2016 18:56 <DIR> Skype
20.08.2017 14:48 <DIR> speech
15.04.2017 21:26 <DIR> SquirrelTemp
03.10.2015 12:56 <DIR> Steam
23.01.2017 20:13 <DIR> TeamSpeak 3
01.11.2017 12:28 <DIR> Temp
17.09.2015 19:58 <DIR> TileDataLayer
03.12.2015 20:26 <DIR> TomTom
13.05.2017 11:18 <DIR> UNP
21.07.2017 13:32 <DIR> VirtualDJ
23.10.2015 22:04 <DIR> VirtualStore
11.06.2017 18:11 <DIR> {B5F70934-5E12-42d2-882D-62D42EA1FA67}
0 Datei(en), 0 Bytes
46 Verzeichnis(se), 62.095.609.856 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Program Files (x86)\Common Files
08.08.2017 16:56 <DIR> .
08.08.2017 16:56 <DIR> ..
30.09.2015 19:42 <DIR> Adobe
23.09.2015 21:06 <DIR> Apple
18.11.2015 19:23 <DIR> DESIGNER
14.09.2015 13:13 <DIR> Intel Corporation
08.08.2017 16:53 <DIR> logishrd
18.10.2017 14:39 <DIR> Microsoft Shared
18.03.2017 22:03 <DIR> Services
08.08.2017 16:56 <DIR> Skype
23.10.2015 22:01 <DIR> snp2std
05.05.2016 21:16 <DIR> Steam
20.03.2017 05:35 <DIR> System
0 Datei(en), 0 Bytes
13 Verzeichnis(se), 62.095.556.608 Bytes frei
========= Ende von CMD: =========
========= dir "%CommonProgramW6432%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Program Files\Common Files
08.08.2017 16:53 <DIR> .
08.08.2017 16:53 <DIR> ..
28.08.2016 14:21 <DIR> Apple
08.08.2017 16:53 <DIR> logishrd
19.05.2017 06:36 <DIR> microsoft shared
18.03.2017 22:03 <DIR> Services
20.03.2017 05:35 <DIR> System
0 Datei(en), 0 Bytes
7 Verzeichnis(se), 62.095.503.360 Bytes frei
========= Ende von CMD: =========
========= dir "%UserProfile%" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\Users\mrado
01.11.2017 00:25 <DIR> .
01.11.2017 00:25 <DIR> ..
29.04.2017 17:21 <DIR> .LINE
23.01.2017 20:13 <DIR> .QtWebEngineProcess
23.01.2017 20:13 <DIR> .TeamSpeak 3
25.09.2015 16:55 <DIR> Application Data
12.10.2017 05:08 <DIR> Contacts
01.11.2017 12:29 <DIR> Desktop
12.10.2017 05:08 <DIR> Documents
01.11.2017 00:41 <DIR> Downloads
12.10.2017 05:08 <DIR> Favorites
28.10.2017 10:15 <DIR> Links
12.10.2017 05:08 <DIR> Music
28.10.2017 10:15 <DIR> OneDrive
12.10.2017 05:08 <DIR> Pictures
12.10.2017 05:08 <DIR> Saved Games
12.10.2017 05:08 <DIR> Searches
24.09.2015 14:02 <DIR> Tracing
31.10.2017 13:57 <DIR> Videos
0 Datei(en), 0 Bytes
19 Verzeichnis(se), 62.095.437.824 Bytes frei
========= Ende von CMD: =========
========= dir "C:\" =========
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: CAB1-BAC9
Verzeichnis von C:\
01.11.2017 00:25 <DIR> AdwCleaner
18.02.2013 23:09 5.574.399 AoFE_Launcher.exe
01.11.2017 12:29 <DIR> FRST
14.09.2015 13:20 <DIR> Intel
14.09.2015 13:20 <DIR> NVIDIA
18.03.2017 22:03 <DIR> PerfLogs
01.11.2017 00:33 <DIR> Program Files
01.11.2017 00:25 <DIR> Program Files (x86)
23.09.2015 19:06 <DIR> System.sav
19.05.2017 06:36 <DIR> Users
01.11.2017 00:50 <DIR> Windows
1 Datei(en), 5.574.399 Bytes
10 Verzeichnis(se), 62.095.384.576 Bytes frei
========= Ende von CMD: =========
================== ExportKey: ===================
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]
=== Ende von ExportKey ===
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
========= Ende von RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 570061072 B
Java, Flash, Steam htmlcache => 72656684 B
Windows/system/drivers => 115953069 B
Edge => 692365798 B
Chrome => 181025060 B
Firefox => 373334193 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 1548364 B
mrado => 414306918 B
RecycleBin => 1698273168 B
EmptyTemp: => 3.8 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 12:45:14 ====
Don Camillo Hallo Matthias, hier ist das Ergebnis von Schritt 2: Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 12:51:09)
Gestartet von C:\Users\mrado\Desktop
Start-Modus: Normal
================== Datei-Suche: "SearchAll: Spigot;{24d26487-6274-48b1-b500-22f24884f971};{7a526449-3a92-426f-8ca4-47439918f2b1};{90477448-b59c-48cd-98af-6a298cbc15d2};BrowserExtensions;Browser Extensions;GreenTree;ytd video downloader;ytdvideodownloader;MalwareProtectionLive;Malware Protection Live;ytdwld" =============
Datei:
========
C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
[2017-11-01 00:25][2017-08-18 07:38] 000001276 _____ () C774271935263FECE4F9BEBC294C91DD [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
[2017-11-01 00:25][2017-06-11 18:10] 000001366 _____ () 15B2012CA57B27BA7E808B515A32359C [Datei ist nicht signiert]
Ordner:
========
2017-11-01 00:25 - 2017-11-01 00:25 _____ C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader
Registry:
========
===================== Suchergebnis für "Spigot" ==========
===================== Suchergebnis für "{24d26487-6274-48b1-b500-22f24884f971}" ==========
===================== Suchergebnis für "{7a526449-3a92-426f-8ca4-47439918f2b1}" ==========
===================== Suchergebnis für "{90477448-b59c-48cd-98af-6a298cbc15d2}" ==========
===================== Suchergebnis für "BrowserExtensions" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}]
"AppPath"="C:\Users\mrado\AppData\Roaming\BrowserExtensions"
===================== Suchergebnis für "Browser Extensions" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USEBHO]
"Text"="Enable third-party browser extensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USEBHO]
"ValueName"="Enable Browser Extensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USEBHO]
"Text"="Enable third-party browser extensions"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\USEBHO]
"ValueName"="Enable Browser Extensions"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main]
"Enable Browser Extensions"="yes"
===================== Suchergebnis für "GreenTree" ==========
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\GreenTree Applications]
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\GreenTree Applications\YTD]
""="C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1}]
"AppId"="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\GreenTree Applications\YTD Video Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1}]
"AppPath"="C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"41"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Uninstall.lnk
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe
"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"42"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"="0x5341435001000000000000000700000028000000006B1B00141B1C0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000040FF9F02000000000D0000000D000000"
===================== Suchergebnis für "ytd video downloader" ==========
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\GreenTree Applications\YTD]
""="C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1}]
"AppId"="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\GreenTree Applications\YTD Video Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1}]
"AppPath"="C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"41"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\Uninstall.lnk
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\Uninstall.exe
"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC]
"42"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader\YTD Video Downloader.lnk
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
"
[HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe"="0x5341435001000000000000000700000028000000006B1B00141B1C0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000040FF9F02000000000D0000000D000000"
===================== Suchergebnis für "ytdvideodownloader" ==========
===================== Suchergebnis für "MalwareProtectionLive" ==========
===================== Suchergebnis für "Malware Protection Live" ==========
===================== Suchergebnis für "ytdwld" ==========
====== Ende von Suche ======
Don Camillo Hallo Matthias, Schritt 3 ist abgeschlossen. Datei 1: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 12:58:49)
Gestartet von C:\Users\mrado\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-19 05:42:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3509878254-1581680034-4090546777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509878254-1581680034-4090546777-503 - Limited - Disabled)
Gast (S-1-5-21-3509878254-1581680034-4090546777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3509878254-1581680034-4090546777-1004 - Limited - Enabled)
mrado (S-1-5-21-3509878254-1581680034-4090546777-1002 - Administrator - Enabled) => C:\Users\mrado
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apowersoft Bildschirmrekorder Pro V2.2.4 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Digital Viewer (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19103.105 - Sonix)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.017 - DataViz, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Innkeeper (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Innkeeper) (Version: 0.4.3 - Curse Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
LINE (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\LINE) (Version: 5.3.3.1519 - LINE Corporation)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ 8 (HKLM-x32\...\{24F8CB37-888B-41E6-B119-CDC3F5075F57}) (Version: 8.0.2483.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0523A3D1-47FF-4383-837D-BDA294CB33D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {057DEA9B-CDB8-421D-8408-457BA3979B5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {071A3197-5E92-43F2-A7A8-E67571C4A89E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo)
Task: {0E365BCA-ECFA-42B1-9111-EDE447A40272} - System32\Tasks\{219B5455-FCD0-4C93-A66B-6EF0BC2AF3F9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=de-de
Task: {12C7155E-F409-4B0A-BEE0-E814968BD48D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1525EA8F-6A47-4D75-BF2A-3ECE1520B276} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1CDE4868-6C3E-4C7C-952F-3371E5AD103B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1FFCB66C-5BCF-4655-ACE9-B3DF9EC2703A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3A2397-30C6-415D-A148-3AE3AD43D317} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3A9D1CA7-7688-47D5-9A5F-79B02A5E4B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {412F4D35-C7C9-4417-AEA6-7BA817AABC36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {468A331E-E707-4AEA-8D8E-97D194600D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5B36618D-AE0A-403A-BF0E-71813129F9E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6DC65838-CD18-413E-96E9-B40AE20F90DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {91FA4E0D-655C-4B1A-B193-9F43FD77E8A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {9F4A339F-49AC-4FDA-A731-FF6DA3E2FFD2} - System32\Tasks\{690A624A-DB40-40A2-8818-6C74D9C4A5E5} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {A496C06A-14CA-4230-962D-EBDA3C6C1BB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A912B7AA-7ABE-4CC4-90F7-EA13E15DEA64} - System32\Tasks\HPCeeScheduleFormrado => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B47CE98E-128A-433F-A7B5-C59CF298012B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BC4708AF-39E7-4868-A5CB-1358129F189E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {BF99E98E-3DCC-4C63-BFCC-0D9E763B7321} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {D89B7EF5-FAFC-4BE1-A8D6-3026ECA94AA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D9EDA806-9674-484F-92F7-BA2D4658F233} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {EBFF86B5-8470-4F17-B578-E74EF379E72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {F59C7E2C-9BAC-47A0-8E39-FAFA18196BE8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBF5A053-9DE2-40C2-BBB8-28ADC880335D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {FD40D52E-37D7-4D3B-AAFC-0BED2B0EDE6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 19:05 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-11-01 00:33 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-01 00:33 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-06-23 20:11 - 2015-06-23 20:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 07:16 - 2017-10-26 07:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 07:16 - 2017-10-26 07:19 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2015-09-14 13:21 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 000137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-11-01 00:25 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{44B2B678-9ED7-49B2-93BE-E2CAB5AA595F}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{EC825C9E-5497-4051-BF82-590F68BB7E88}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{30CE8CFB-6695-4223-92FD-B430777D8843}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{29E0451C-CF2C-47FE-B16A-19727A67B0D6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 09:53:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 09:53:34 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 09:53:34 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/01/2017 09:53:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (11/01/2017 12:45:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MxService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (11/01/2017 12:45:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.
Error: (11/01/2017 12:29:50 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Support Solutions Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 12" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/01/2017 12:29:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Razer Game Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===================================
Date: 2017-11-01 12:48:10.866
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:48:05.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:48:04.988
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:48:04.836
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:46:27.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 12:46:27.006
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 12:27:01.769
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:26:59.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:26:58.399
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 12:26:58.224
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 5509.68 MB
Summe virtueller Speicher: 9423.88 MB
Verfügbarer virtueller Speicher: 6752.26 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:61.72 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:692.13 GB) NTFS
Drive e: (32_00_00) (Fixed) (Total:298.02 GB) (Free:21.34 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3E1EBD07)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017
durchgeführt von mrado (Administrator) auf DESKTOP-A84CFPT (01-11-2017 12:58:18)
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2007-08-31] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [TomTomHOME.exe] => D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{72e801e1-0d70-478c-ab42-bac0ef611475}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> DefaultScope {A00A2EFA-700C-4184-A813-BAC983B19961} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7xti9fl7.default
FF ProfilePath: C:\Users\mrado\AppData\Roaming\TomTom\HOME\Profiles\2f4az5v7.default [2015-12-03]
FF Extension: (Map status indicator) - D:\Programme\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-03] [ist nicht signiert]
FF ProfilePath: C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default [2017-11-01]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509878254-1581680034-4090546777-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mrado\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-13] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Präsentationen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Adblock Plus) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabellen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-11-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-01] (Malwarebytes)
R1 MpKslf9288dbd; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9A7EAE10-3777-4FE0-BDFC-7E6424A15EB7}\MpKslf9288dbd.sys [49392 2017-11-01] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11968 2000-07-29] () [Datei ist nicht signiert]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 12:51 - 2017-11-01 12:55 - 000007437 _____ C:\Users\mrado\Desktop\Search.txt
2017-11-01 12:29 - 2017-11-01 12:45 - 000017097 _____ C:\Users\mrado\Desktop\Fixlog.txt
2017-11-01 12:28 - 2017-11-01 12:28 - 000000000 ____D C:\Users\mrado\Desktop\FRST-OlderVersion
2017-11-01 00:43 - 2017-11-01 00:43 - 000013783 _____ C:\Users\mrado\Desktop\mbam.txt
2017-11-01 00:34 - 2017-11-01 12:46 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-01 00:34 - 2017-11-01 12:46 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-01 00:34 - 2017-11-01 00:34 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-01 00:33 - 2017-11-01 12:46 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-01 00:33 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-01 00:30 - 2017-11-01 00:33 - 071535032 _____ (Malwarebytes ) C:\Users\mrado\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-11-01 00:22 - 2017-11-01 00:25 - 000000000 ____D C:\AdwCleaner
2017-11-01 00:21 - 2017-11-01 00:21 - 008261584 _____ (Malwarebytes) C:\Users\mrado\Desktop\adwcleaner_7.0.4.0.exe
2017-11-01 00:03 - 2017-11-01 00:03 - 000000000 ____D C:\Users\mrado\Desktop\AdwCleaner
2017-10-31 14:22 - 2017-11-01 12:58 - 000017280 _____ C:\Users\mrado\Desktop\FRST.txt
2017-10-31 14:22 - 2017-11-01 12:58 - 000000000 ____D C:\FRST
2017-10-31 14:22 - 2017-11-01 00:50 - 000034420 _____ C:\Users\mrado\Desktop\Addition.txt
2017-10-31 11:54 - 2017-11-01 12:28 - 002403328 _____ (Farbar) C:\Users\mrado\Desktop\FRST64.exe
2017-10-31 11:54 - 2017-10-31 11:55 - 000000000 ____D C:\Users\mrado\Desktop\FRST
2017-10-26 16:56 - 2017-10-26 16:56 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iPod
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-18 15:59 - 2017-10-18 15:59 - 000032026 _____ C:\Users\mrado\Downloads\Buchstaben Aa Ll Mm Oo Ee trainieren.pdf
2017-10-11 18:31 - 2017-10-11 18:31 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:29 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:29 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:29 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:29 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 18:29 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:29 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:29 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:29 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:29 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:29 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:29 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:29 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:29 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:29 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:29 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:29 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:29 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:29 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:29 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:29 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:29 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:29 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:29 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 18:28 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 18:28 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 18:28 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 18:28 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 18:28 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 18:28 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 18:28 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 18:28 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 18:28 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 18:28 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 18:28 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 18:28 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 18:28 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 18:28 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 18:28 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 18:28 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 18:28 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 18:28 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 18:28 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 18:28 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 18:28 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 18:28 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 18:28 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 18:28 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 18:28 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 18:28 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 18:28 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 18:28 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 18:28 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 18:28 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 12:50 - 2017-05-19 06:43 - 003711596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 12:50 - 2017-03-20 05:35 - 001813014 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-01 12:50 - 2017-03-20 05:35 - 000456364 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-01 12:45 - 2017-05-19 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 12:45 - 2017-05-19 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-01 12:45 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-01 12:45 - 2016-09-22 06:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-01 12:39 - 2016-01-25 17:41 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Temp
2017-11-01 10:04 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-01 10:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-01 09:56 - 2017-05-19 06:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF5A1CA3-3649-4C6C-B496-C9FB546074B1}
2017-11-01 00:02 - 2015-12-09 16:19 - 000000000 ____D C:\Users\mrado\Documents\Outlook-Dateien
2017-10-31 13:10 - 2015-09-17 19:58 - 000000000 ____D C:\Users\mrado\AppData\Local\Packages
2017-10-31 11:31 - 2017-05-19 06:35 - 000000000 ____D C:\Users\mrado
2017-10-31 11:31 - 2015-09-23 20:20 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job
2017-10-31 00:15 - 2016-09-28 19:32 - 000000000 ____D C:\Users\mrado\AppData\Local\Battle.net
2017-10-30 23:40 - 2017-05-19 06:40 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormrado
2017-10-30 22:48 - 2016-06-13 16:47 - 000000000 ____D C:\Users\mrado\AppData\Roaming\Telegram Desktop
2017-10-30 20:35 - 2017-01-12 22:50 - 000001723 _____ C:\Users\mrado\Desktop\Hearthstone Deck Tracker - Verknüpfung.lnk
2017-10-30 20:35 - 2016-09-28 19:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-29 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-29 09:17 - 2016-12-05 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-29 09:17 - 2015-09-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-28 11:07 - 2016-12-14 16:51 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Mozilla
2017-10-28 10:15 - 2017-07-25 15:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509878254-1581680034-4090546777-1002
2017-10-28 10:15 - 2015-09-17 20:00 - 000002432 _____ C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-28 10:15 - 2015-09-17 20:00 - 000000000 ___RD C:\Users\mrado\OneDrive
2017-10-26 16:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 16:55 - 2015-09-23 21:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-26 16:37 - 2017-02-20 17:27 - 000000000 ____D C:\Users\mrado\Downloads\Telegram Desktop
2017-10-25 17:46 - 2017-05-19 06:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 22:30 - 2016-04-01 21:31 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 14:37 - 2015-11-18 19:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-14 17:25 - 2015-09-30 19:48 - 000000000 ____D C:\Users\mrado\AppData\Local\Adobe
2017-10-14 12:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 05:08 - 2015-09-14 12:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 05:07 - 2017-05-19 06:33 - 000272688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 22:47 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:32 - 2015-09-21 06:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:31 - 2015-09-21 06:55 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:54 - 2015-10-07 17:03 - 000000000 ____D C:\Users\mrado\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-23 19:26 - 2015-09-23 19:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-05-19 06:34 - 2017-05-19 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-31 12:19
==================== Ende von FRST.txt ============================
Don Camillo |
|
01.11.2017, 16:14
| #8 |
| /// TB-Ausbilder | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Servus, wir entfernen noch ein bisschen was und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1
Schritt 2 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 3 Downloade Dir bitte ESET Online Scanner (Bebilderte Anleitung)
Schritt 4
Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
01.11.2017, 17:40
| #9 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Matthias, Schritt 1 ist erledigt. Hier die Datei: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 17:26:06) Run:2
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B}
DeleteKey: HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\GreenTree Applications
DeleteKey: HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1}
DeleteValue: HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC|41
DeleteValue: HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe
Reboot:
*****************
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1672163f-8651-4c0d-9c05-4ba941123972} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61db39d5-034c-45c0-8bb2-daf857edcf3b} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90E4CD0C-426F-4207-805B-7885AB32D43F} => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAE9BEC8-4723-4347-AFC6-25EE3326BA5B} => Schlüssel erfolgreich entfernt
HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\GreenTree Applications => Schlüssel erfolgreich entfernt
HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\Search\RecentApps\{2A066FCF-723A-47F4-B6D6-C240E7161BF1} => Schlüssel erfolgreich entfernt
HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows\CurrentVersion\UFH\SHC\\41 => Wert erfolgreich entfernt
HKEY_USERS\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe => Wert erfolgreich entfernt
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:26:06 ====
Don Camillo Die Datei von Schritt 2 ist zu lang, ich muss daher aufteilen und mache hoffentlich alles richtig: Code:
ATTFilter HitmanPro 3.7.20.286
www.hitmanpro.com
Computer name . . . . : DESKTOP-A84CFPT
Windows . . . . . . . : 10.0.0.15063.X64/4
User name . . . . . . : DESKTOP-A84CFPT\mrado
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-11-01 17:32:26
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 56s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 10
Traces . . . . . . . : 12
Objects scanned . . . : 2.132.697
Files scanned . . . . : 64.248
Remnants scanned . . : 520.010 files / 1.548.439 keys
Malware _____________________________________________________________________
C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
Size . . . . . . . : 1.796.864 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:10)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 3947F0B045904955FBC3A5AA279BF9737200EE6A30D22BCD37773A7DDACD6065
Product . . . . . : YTD Video Downloader
Publisher . . . . : GreenTree Applications SRL
Description . . . : YTD Video Downloader
Version . . . . . : 5.8.3.3
Copyright . . . . : Copyright © 2007-2015 GreenTree Applications SRL
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Uloader.a
Fuzzy . . . . . . : 95.0
Forensic Cluster
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-2.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-2.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-2.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-2.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-1.3s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-1.3s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
-1.2s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
-1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
-1.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
-1.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
-0.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
-0.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
-0.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
-0.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
-0.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
-0.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
-0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
-0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
-0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
-0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
-0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
-0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
-0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
-0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
-0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
0.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
0.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
0.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
0.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
0.5s C:\AdwCleaner\Quarantine\RYwTiizs2t\
0.5s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
0.5s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
0.5s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
0.6s C:\AdwCleaner\Quarantine\rQF69AzBla\
0.6s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
0.6s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
0.6s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
1.6s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
1.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
1.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
1.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
1.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
1.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
1.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
1.8s C:\AdwCleaner\Quarantine\3soLBPh71Y\
1.8s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
1.8s C:\AdwCleaner\Quarantine\exuieaoEiI\
1.8s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
1.8s C:\AdwCleaner\Quarantine\bbSqWy6yhK
1.8s C:\AdwCleaner\Quarantine\IDCdJOyapn
1.8s C:\AdwCleaner\Quarantine\xrpMCARCr4
1.8s C:\AdwCleaner\Quarantine\zdGc81tBDK
1.8s C:\AdwCleaner\Quarantine\sMlaZTXC1O
1.8s C:\AdwCleaner\Quarantine\8YFOGKjxRr
1.8s C:\AdwCleaner\Quarantine\JBdT3hVOfo
1.8s C:\AdwCleaner\Quarantine\aMeAjSWfch
1.8s C:\AdwCleaner\Quarantine\zMCk8R6BEu
1.8s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
1.8s C:\AdwCleaner\Quarantine\8DYdD3ojxS
1.8s C:\AdwCleaner\Quarantine\nqPTGfRyil
1.8s C:\AdwCleaner\Quarantine\OYGxlSXPtL
1.8s C:\AdwCleaner\Quarantine\JboH8S4kwI
1.8s C:\AdwCleaner\Quarantine\gTxSl1C00G
1.8s C:\AdwCleaner\Quarantine\KUUTsGCoRb
1.9s C:\AdwCleaner\Quarantine\lsaqv6Updv
1.9s C:\AdwCleaner\Quarantine\NIsNrmwUlN
1.9s C:\AdwCleaner\Quarantine\usZBauFkrF
1.9s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
1.9s C:\AdwCleaner\Quarantine\DIIXJNZI95
1.9s C:\AdwCleaner\Quarantine\yct4Aj6PKn
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
3.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
3.8s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
3.8s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
3.8s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
7.2s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
8.1s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
8.6s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
Size . . . . . . . : 1.619.240 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:07)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 2872F0B44C433865B13497EC1637A9F673A0B431F3DB11FE7EEE0B4E0E755150
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.GenericKD.4757833
> Kaspersky . . . . : not-a-virus:WebToolbar.Win32.Agent.cbe
> HitmanPro . . . . : App/Spigot-X
Fuzzy . . . . . . : 101.0
Forensic Cluster
-0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
0.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
1.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
3.4s C:\AdwCleaner\Quarantine\RYwTiizs2t\
3.4s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
3.4s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
3.4s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
3.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
4.4s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
4.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
4.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
4.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
4.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
4.6s C:\AdwCleaner\Quarantine\3soLBPh71Y\
4.6s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
4.6s C:\AdwCleaner\Quarantine\exuieaoEiI\
4.6s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
4.6s C:\AdwCleaner\Quarantine\bbSqWy6yhK
4.6s C:\AdwCleaner\Quarantine\IDCdJOyapn
4.6s C:\AdwCleaner\Quarantine\xrpMCARCr4
4.6s C:\AdwCleaner\Quarantine\zdGc81tBDK
4.6s C:\AdwCleaner\Quarantine\sMlaZTXC1O
4.6s C:\AdwCleaner\Quarantine\8YFOGKjxRr
4.6s C:\AdwCleaner\Quarantine\JBdT3hVOfo
4.6s C:\AdwCleaner\Quarantine\aMeAjSWfch
4.6s C:\AdwCleaner\Quarantine\zMCk8R6BEu
4.6s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
4.6s C:\AdwCleaner\Quarantine\8DYdD3ojxS
4.6s C:\AdwCleaner\Quarantine\nqPTGfRyil
4.7s C:\AdwCleaner\Quarantine\OYGxlSXPtL
4.7s C:\AdwCleaner\Quarantine\JboH8S4kwI
4.7s C:\AdwCleaner\Quarantine\gTxSl1C00G
4.7s C:\AdwCleaner\Quarantine\KUUTsGCoRb
4.7s C:\AdwCleaner\Quarantine\lsaqv6Updv
4.7s C:\AdwCleaner\Quarantine\NIsNrmwUlN
4.7s C:\AdwCleaner\Quarantine\usZBauFkrF
4.7s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
4.7s C:\AdwCleaner\Quarantine\DIIXJNZI95
4.7s C:\AdwCleaner\Quarantine\yct4Aj6PKn
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
5.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
6.6s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
6.7s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
6.7s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
10.0s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
11.0s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
11.4s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
Size . . . . . . . : 183.080 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:07)
Entropy . . . . . : 4.9
SHA-256 . . . . . : 4A72A87EAB3A4EE834CDCE940FB70F05C2A2D24548139D4E37A92D1214AA1DE2
Version
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> HitmanPro . . . . : App/Generic-BN
Fuzzy . . . . . . : 101.0
Forensic Cluster
-0.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
0.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
1.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
1.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
1.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
2.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
2.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
2.9s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
3.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
3.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
3.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
3.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
3.3s C:\AdwCleaner\Quarantine\RYwTiizs2t\
3.3s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
3.3s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
3.3s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
3.4s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
3.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
3.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
4.4s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
4.4s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
4.5s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
4.5s C:\AdwCleaner\Quarantine\3soLBPh71Y\
4.5s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
4.5s C:\AdwCleaner\Quarantine\exuieaoEiI\
4.5s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
4.5s C:\AdwCleaner\Quarantine\bbSqWy6yhK
4.6s C:\AdwCleaner\Quarantine\IDCdJOyapn
4.6s C:\AdwCleaner\Quarantine\xrpMCARCr4
4.6s C:\AdwCleaner\Quarantine\zdGc81tBDK
4.6s C:\AdwCleaner\Quarantine\sMlaZTXC1O
4.6s C:\AdwCleaner\Quarantine\8YFOGKjxRr
4.6s C:\AdwCleaner\Quarantine\JBdT3hVOfo
4.6s C:\AdwCleaner\Quarantine\aMeAjSWfch
4.6s C:\AdwCleaner\Quarantine\zMCk8R6BEu
4.6s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
4.6s C:\AdwCleaner\Quarantine\8DYdD3ojxS
4.6s C:\AdwCleaner\Quarantine\nqPTGfRyil
4.6s C:\AdwCleaner\Quarantine\OYGxlSXPtL
4.6s C:\AdwCleaner\Quarantine\JboH8S4kwI
4.6s C:\AdwCleaner\Quarantine\gTxSl1C00G
4.6s C:\AdwCleaner\Quarantine\KUUTsGCoRb
4.6s C:\AdwCleaner\Quarantine\lsaqv6Updv
4.6s C:\AdwCleaner\Quarantine\NIsNrmwUlN
4.6s C:\AdwCleaner\Quarantine\usZBauFkrF
4.6s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
4.7s C:\AdwCleaner\Quarantine\DIIXJNZI95
4.7s C:\AdwCleaner\Quarantine\yct4Aj6PKn
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
4.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
4.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
5.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
5.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
5.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
6.6s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
6.6s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
6.6s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
9.9s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
10.9s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
11.4s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
Size . . . . . . . : 184.616 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:08)
Entropy . . . . . : 5.7
SHA-256 . . . . . : B63F1A42A28F5F250053BBDF1D194F8E607DFE9A6DBE78D13ED66DEE6D3E64CE
Version
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> HitmanPro . . . . : App/Generic-AP
Fuzzy . . . . . . : 101.0
Forensic Cluster
-0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-0.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-0.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
0.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
1.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
2.0s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
2.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
2.6s C:\AdwCleaner\Quarantine\RYwTiizs2t\
2.6s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
2.6s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
2.6s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
2.6s C:\AdwCleaner\Quarantine\rQF69AzBla\
2.6s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
2.6s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
2.6s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
3.6s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
3.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
3.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
3.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
3.6s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
3.7s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
3.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
3.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
3.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
3.8s C:\AdwCleaner\Quarantine\3soLBPh71Y\
3.8s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
3.8s C:\AdwCleaner\Quarantine\exuieaoEiI\
3.8s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
3.8s C:\AdwCleaner\Quarantine\bbSqWy6yhK
3.8s C:\AdwCleaner\Quarantine\IDCdJOyapn
3.8s C:\AdwCleaner\Quarantine\xrpMCARCr4
3.8s C:\AdwCleaner\Quarantine\zdGc81tBDK
3.8s C:\AdwCleaner\Quarantine\sMlaZTXC1O
3.8s C:\AdwCleaner\Quarantine\8YFOGKjxRr
3.8s C:\AdwCleaner\Quarantine\JBdT3hVOfo
3.8s C:\AdwCleaner\Quarantine\aMeAjSWfch
3.8s C:\AdwCleaner\Quarantine\zMCk8R6BEu
3.9s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
3.9s C:\AdwCleaner\Quarantine\8DYdD3ojxS
3.9s C:\AdwCleaner\Quarantine\nqPTGfRyil
3.9s C:\AdwCleaner\Quarantine\OYGxlSXPtL
3.9s C:\AdwCleaner\Quarantine\JboH8S4kwI
3.9s C:\AdwCleaner\Quarantine\gTxSl1C00G
3.9s C:\AdwCleaner\Quarantine\KUUTsGCoRb
3.9s C:\AdwCleaner\Quarantine\lsaqv6Updv
3.9s C:\AdwCleaner\Quarantine\NIsNrmwUlN
3.9s C:\AdwCleaner\Quarantine\usZBauFkrF
3.9s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
3.9s C:\AdwCleaner\Quarantine\DIIXJNZI95
3.9s C:\AdwCleaner\Quarantine\yct4Aj6PKn
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
4.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
4.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
4.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
5.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
5.9s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
5.9s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
5.9s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
9.2s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
10.2s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
10.6s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
Size . . . . . . . : 621.352 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:09)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 8C28AF4312387E460BA7C404F0744BC5B0CC3D4ED6C41777E42BD5672EEDE7DF
Version
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Widgi.E
> HitmanPro . . . . : App/Generic-OC
Fuzzy . . . . . . : 101.0
Forensic Cluster
-1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-0.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
0.3s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
0.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
0.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
0.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
0.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
0.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
1.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
1.9s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
1.9s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
2.8s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
3.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\
3.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
3.0s C:\AdwCleaner\Quarantine\exuieaoEiI\
3.0s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
3.0s C:\AdwCleaner\Quarantine\bbSqWy6yhK
3.0s C:\AdwCleaner\Quarantine\IDCdJOyapn
3.0s C:\AdwCleaner\Quarantine\xrpMCARCr4
3.0s C:\AdwCleaner\Quarantine\zdGc81tBDK
3.1s C:\AdwCleaner\Quarantine\sMlaZTXC1O
3.1s C:\AdwCleaner\Quarantine\8YFOGKjxRr
3.1s C:\AdwCleaner\Quarantine\JBdT3hVOfo
3.1s C:\AdwCleaner\Quarantine\aMeAjSWfch
3.1s C:\AdwCleaner\Quarantine\zMCk8R6BEu
3.1s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
3.1s C:\AdwCleaner\Quarantine\8DYdD3ojxS
3.1s C:\AdwCleaner\Quarantine\nqPTGfRyil
3.1s C:\AdwCleaner\Quarantine\OYGxlSXPtL
3.1s C:\AdwCleaner\Quarantine\JboH8S4kwI
3.1s C:\AdwCleaner\Quarantine\gTxSl1C00G
3.1s C:\AdwCleaner\Quarantine\KUUTsGCoRb
3.1s C:\AdwCleaner\Quarantine\lsaqv6Updv
3.1s C:\AdwCleaner\Quarantine\NIsNrmwUlN
3.1s C:\AdwCleaner\Quarantine\usZBauFkrF
3.1s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
3.1s C:\AdwCleaner\Quarantine\DIIXJNZI95
3.1s C:\AdwCleaner\Quarantine\yct4Aj6PKn
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
4.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
8.4s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
9.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
9.8s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
Don Camillo |
|
01.11.2017, 20:18
| #10 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Und hier Teil 2 der Hitman Datei: Code:
ATTFilter C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
Size . . . . . . . : 714.024 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:09)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 197E4A2325BCC6E4E24FEFA236C49AFC978B8BCEA9A97EBFF0C9E5FC7EA5803F
Version
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Bitdefender . . . : Adware.Widgi.E
Fuzzy . . . . . . : 101.0
Forensic Cluster
-1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-1.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-1.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-0.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-0.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
0.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
0.3s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
0.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
0.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
0.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
1.7s C:\AdwCleaner\Quarantine\RYwTiizs2t\
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
1.8s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
1.8s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
2.8s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
2.8s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
2.9s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
3.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
3.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\
3.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
3.0s C:\AdwCleaner\Quarantine\exuieaoEiI\
3.0s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
3.0s C:\AdwCleaner\Quarantine\bbSqWy6yhK
3.0s C:\AdwCleaner\Quarantine\IDCdJOyapn
3.0s C:\AdwCleaner\Quarantine\xrpMCARCr4
3.0s C:\AdwCleaner\Quarantine\zdGc81tBDK
3.0s C:\AdwCleaner\Quarantine\sMlaZTXC1O
3.0s C:\AdwCleaner\Quarantine\8YFOGKjxRr
3.0s C:\AdwCleaner\Quarantine\JBdT3hVOfo
3.0s C:\AdwCleaner\Quarantine\aMeAjSWfch
3.0s C:\AdwCleaner\Quarantine\zMCk8R6BEu
3.0s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
3.0s C:\AdwCleaner\Quarantine\8DYdD3ojxS
3.0s C:\AdwCleaner\Quarantine\nqPTGfRyil
3.1s C:\AdwCleaner\Quarantine\OYGxlSXPtL
3.1s C:\AdwCleaner\Quarantine\JboH8S4kwI
3.1s C:\AdwCleaner\Quarantine\gTxSl1C00G
3.1s C:\AdwCleaner\Quarantine\KUUTsGCoRb
3.1s C:\AdwCleaner\Quarantine\lsaqv6Updv
3.1s C:\AdwCleaner\Quarantine\NIsNrmwUlN
3.1s C:\AdwCleaner\Quarantine\usZBauFkrF
3.1s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
3.1s C:\AdwCleaner\Quarantine\DIIXJNZI95
3.1s C:\AdwCleaner\Quarantine\yct4Aj6PKn
3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
4.3s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
5.0s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
8.4s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
9.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
9.8s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
Size . . . . . . . : 10.351.064 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:12)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5E70476ACE4FEE8E0038795355AD90D217D7DC6E8ECE860A511809EEE0D805CF
Product . . . . . : YTD Video Downloader
Description . . . : YTD Video Downloader
Version . . . . . : 5.8.3
Copyright . . . . : Copyright © 2007-2015 GreenTree Applications SRL
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Uloader.a
Fuzzy . . . . . . : 100.0
Forensic Cluster
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-4.3s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-3.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-3.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-2.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
-2.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
-2.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
-2.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
-1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
-1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
-1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\
-1.0s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
-1.0s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
-1.0s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
0.0s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
0.2s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
0.2s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
0.2s C:\AdwCleaner\Quarantine\3soLBPh71Y\
0.2s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
0.2s C:\AdwCleaner\Quarantine\exuieaoEiI\
0.2s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
0.2s C:\AdwCleaner\Quarantine\bbSqWy6yhK
0.2s C:\AdwCleaner\Quarantine\IDCdJOyapn
0.2s C:\AdwCleaner\Quarantine\xrpMCARCr4
0.2s C:\AdwCleaner\Quarantine\zdGc81tBDK
0.2s C:\AdwCleaner\Quarantine\sMlaZTXC1O
0.2s C:\AdwCleaner\Quarantine\8YFOGKjxRr
0.2s C:\AdwCleaner\Quarantine\JBdT3hVOfo
0.2s C:\AdwCleaner\Quarantine\aMeAjSWfch
0.2s C:\AdwCleaner\Quarantine\zMCk8R6BEu
0.2s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
0.2s C:\AdwCleaner\Quarantine\8DYdD3ojxS
0.2s C:\AdwCleaner\Quarantine\nqPTGfRyil
0.3s C:\AdwCleaner\Quarantine\OYGxlSXPtL
0.3s C:\AdwCleaner\Quarantine\JboH8S4kwI
0.3s C:\AdwCleaner\Quarantine\gTxSl1C00G
0.3s C:\AdwCleaner\Quarantine\KUUTsGCoRb
0.3s C:\AdwCleaner\Quarantine\lsaqv6Updv
0.3s C:\AdwCleaner\Quarantine\NIsNrmwUlN
0.3s C:\AdwCleaner\Quarantine\usZBauFkrF
0.3s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
0.3s C:\AdwCleaner\Quarantine\DIIXJNZI95
0.3s C:\AdwCleaner\Quarantine\yct4Aj6PKn
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
1.5s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
5.6s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
6.6s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
7.0s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
Size . . . . . . . : 1.546.208 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:12)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 8B9E249D70F8E2168DD5CC75B107D376601D539B01D572A6E47A581B318B475A
Product . . . . . : MalwareProtectionClient
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.MPL.c
Fuzzy . . . . . . : 101.0
Forensic Cluster
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-3.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-3.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
-2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
-2.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
-2.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
-2.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
-2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
-1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
-1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
-1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
-1.1s C:\AdwCleaner\Quarantine\rQF69AzBla\
-1.1s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
-0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
-0.1s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
0.1s C:\AdwCleaner\Quarantine\3soLBPh71Y\
0.1s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
0.1s C:\AdwCleaner\Quarantine\exuieaoEiI\
0.1s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
0.1s C:\AdwCleaner\Quarantine\bbSqWy6yhK
0.1s C:\AdwCleaner\Quarantine\IDCdJOyapn
0.1s C:\AdwCleaner\Quarantine\xrpMCARCr4
0.1s C:\AdwCleaner\Quarantine\zdGc81tBDK
0.2s C:\AdwCleaner\Quarantine\sMlaZTXC1O
0.2s C:\AdwCleaner\Quarantine\8YFOGKjxRr
0.2s C:\AdwCleaner\Quarantine\JBdT3hVOfo
0.2s C:\AdwCleaner\Quarantine\aMeAjSWfch
0.2s C:\AdwCleaner\Quarantine\zMCk8R6BEu
0.2s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
0.2s C:\AdwCleaner\Quarantine\8DYdD3ojxS
0.2s C:\AdwCleaner\Quarantine\nqPTGfRyil
0.2s C:\AdwCleaner\Quarantine\OYGxlSXPtL
0.2s C:\AdwCleaner\Quarantine\JboH8S4kwI
0.2s C:\AdwCleaner\Quarantine\gTxSl1C00G
0.2s C:\AdwCleaner\Quarantine\KUUTsGCoRb
0.2s C:\AdwCleaner\Quarantine\lsaqv6Updv
0.2s C:\AdwCleaner\Quarantine\NIsNrmwUlN
0.2s C:\AdwCleaner\Quarantine\usZBauFkrF
0.2s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
0.2s C:\AdwCleaner\Quarantine\DIIXJNZI95
0.2s C:\AdwCleaner\Quarantine\yct4Aj6PKn
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
1.5s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
5.5s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
6.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
7.0s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
Size . . . . . . . : 1.015.840 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:12)
Entropy . . . . . : 6.6
SHA-256 . . . . . : F494DBB80D28DD8C3BE9B71A61BE18399608DD701CFA8C92A39C05B2B810D72F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Acon.bkh
> HitmanPro . . . . : App/Generic-CL
Fuzzy . . . . . . : 101.0
Forensic Cluster
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-4.4s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-3.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-3.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
-2.9s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
-2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
-2.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
-2.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
-2.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
-2.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
-2.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
-2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
-1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
-1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
-1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
-1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
-1.1s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
-1.1s C:\AdwCleaner\Quarantine\rQF69AzBla\
-1.1s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
-1.0s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
-0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
-0.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
-0.1s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
-0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
0.1s C:\AdwCleaner\Quarantine\3soLBPh71Y\
0.1s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
0.1s C:\AdwCleaner\Quarantine\exuieaoEiI\
0.1s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
0.1s C:\AdwCleaner\Quarantine\bbSqWy6yhK
0.1s C:\AdwCleaner\Quarantine\IDCdJOyapn
0.1s C:\AdwCleaner\Quarantine\xrpMCARCr4
0.1s C:\AdwCleaner\Quarantine\zdGc81tBDK
0.2s C:\AdwCleaner\Quarantine\sMlaZTXC1O
0.2s C:\AdwCleaner\Quarantine\8YFOGKjxRr
0.2s C:\AdwCleaner\Quarantine\JBdT3hVOfo
0.2s C:\AdwCleaner\Quarantine\aMeAjSWfch
0.2s C:\AdwCleaner\Quarantine\zMCk8R6BEu
0.2s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
0.2s C:\AdwCleaner\Quarantine\8DYdD3ojxS
0.2s C:\AdwCleaner\Quarantine\nqPTGfRyil
0.2s C:\AdwCleaner\Quarantine\OYGxlSXPtL
0.2s C:\AdwCleaner\Quarantine\JboH8S4kwI
0.2s C:\AdwCleaner\Quarantine\gTxSl1C00G
0.2s C:\AdwCleaner\Quarantine\KUUTsGCoRb
0.2s C:\AdwCleaner\Quarantine\lsaqv6Updv
0.2s C:\AdwCleaner\Quarantine\NIsNrmwUlN
0.2s C:\AdwCleaner\Quarantine\usZBauFkrF
0.2s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
0.2s C:\AdwCleaner\Quarantine\DIIXJNZI95
0.2s C:\AdwCleaner\Quarantine\yct4Aj6PKn
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
0.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
1.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
1.5s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
5.5s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
6.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
7.0s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
Size . . . . . . . : 112.672 bytes
Age . . . . . . . : 0.7 days (2017-11-01 00:25:12)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 4CB7C756ACFCAD07321D0154F6EB232E0FA09A367787CAA59A4578CB23E0293E
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Acon.bkh
Fuzzy . . . . . . : 101.0
Forensic Cluster
-4.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\
-4.6s C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe
-4.5s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe
-3.8s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll
-3.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\A23423CFBB75CEE1.dat
-3.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\22C69928749A2194.dat
-3.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\A7A3D117E735EDA1.dat
-3.1s C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll
-3.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll
-3.0s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll
-2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\CA79DCA51822069C.dat
-2.7s C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe
-2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\
-2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\
-2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.Apachev2
-2.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv2
-2.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\COPYING.LGPLv3
-2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\FFMPEG.EXE
-2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\librtmp.dll
-2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlc.dll
-2.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\libvlccore.dll
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\LICENSE
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\manual.bat
-2.2s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\scripts.yds
-2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\BD84A0CA3B8C840A.dat
-2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\31ABC73A9ECF66DF.dat
-1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2F0ED1388F486C57.dat
-1.8s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Uninstall.exe
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1025.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1026.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1029.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1030.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1031.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1032.ini
-1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\D2A35B559308C75E.dat
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1033.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1034.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1035.ini
-1.7s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1036.ini
-1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\99\0A9E9D6F5B5788C7.dat
-1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\5A6ECF80962B269C.dat
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1038.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1040.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1043.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1044.ini
-1.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\79\40C9C3E46C7D9D5B.dat
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1045.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1048.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1049.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1050.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1051.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1052.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1053.ini
-1.6s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1055.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1059.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1060.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res1061.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2052.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2070.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res2074.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\Lang\res9999.ini
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\plugins.dat
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\access\libfilesystem_plugin.dll
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\
-1.5s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libaudio_format_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_filter\libugly_resampler_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libfloat_mixer_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_mixer\libinteger_mixer_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\audio_output\libdirectsound_plugin.dll
-1.4s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\codec\libavcodec_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_filter\libswscale_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdirect3d_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libdrawable_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libvmem_plugin.dll
-1.3s C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\plugins\video_output\libwingdi_plugin.dll
-1.2s C:\AdwCleaner\Quarantine\RYwTiizs2t\
-1.2s C:\AdwCleaner\Quarantine\RYwTiizs2t\Uninstall.lnk
-1.2s C:\AdwCleaner\Quarantine\RYwTiizs2t\Web site.url
-1.2s C:\AdwCleaner\Quarantine\RYwTiizs2t\YTD Video Downloader.lnk
-1.2s C:\AdwCleaner\Quarantine\rQF69AzBla\
-1.2s C:\AdwCleaner\Quarantine\rQF69AzBla\savedItems.ysi
-1.2s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts0.yds
-1.2s C:\AdwCleaner\Quarantine\rQF69AzBla\scripts1.yds
-1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\9BF6487A502580D0.dat
-0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\E1843C70E816B1C2.dat
-0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\08\049ED704D285EB54.dat
-0.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\76\6D07D6C741658B20.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\522ADA4CE89A3501.dat
-0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\BD583EF4E46C89F6.dat
-0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5C1DD47049222CE.dat
-0.2s C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe
-0.2s C:\AdwCleaner\Quarantine\x3CF3EDNhm\
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\39502A09D944E2D8.dat
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\certificates_filter
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\domains
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\D4DBB6FF51854BBF.dat
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\13\C9B48943AB546A9D.dat
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\01920FEA388651B7.dat
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\7C7A98AD02B12771.dat
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\DotNetCheck.exe.config
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BDCD83691A5B7A6D.dat
-0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\7021B94645DE25E4.dat
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions_filter
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\extensions
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe.config
-0.1s C:\AdwCleaner\Quarantine\x3CF3EDNhm\MPLSettings.dll
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\uninstall.exe
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\userinfo.dat
-0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86helper.dll
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\x86inject.dll
0.0s C:\AdwCleaner\Quarantine\x3CF3EDNhm\quarantine\
0.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\
0.0s C:\AdwCleaner\Quarantine\3soLBPh71Y\YTD Video Downloader.lnk
0.0s C:\AdwCleaner\Quarantine\exuieaoEiI\
0.0s C:\AdwCleaner\Quarantine\exuieaoEiI\Malware Protection Live.lnk
0.0s C:\AdwCleaner\Quarantine\bbSqWy6yhK
0.0s C:\AdwCleaner\Quarantine\IDCdJOyapn
0.0s C:\AdwCleaner\Quarantine\xrpMCARCr4
0.0s C:\AdwCleaner\Quarantine\zdGc81tBDK
0.0s C:\AdwCleaner\Quarantine\sMlaZTXC1O
0.1s C:\AdwCleaner\Quarantine\8YFOGKjxRr
0.1s C:\AdwCleaner\Quarantine\JBdT3hVOfo
0.1s C:\AdwCleaner\Quarantine\aMeAjSWfch
0.1s C:\AdwCleaner\Quarantine\zMCk8R6BEu
0.1s C:\AdwCleaner\Quarantine\ZMrF6cI6NX
0.1s C:\AdwCleaner\Quarantine\8DYdD3ojxS
0.1s C:\AdwCleaner\Quarantine\nqPTGfRyil
0.1s C:\AdwCleaner\Quarantine\OYGxlSXPtL
0.1s C:\AdwCleaner\Quarantine\JboH8S4kwI
0.1s C:\AdwCleaner\Quarantine\gTxSl1C00G
0.1s C:\AdwCleaner\Quarantine\KUUTsGCoRb
0.1s C:\AdwCleaner\Quarantine\lsaqv6Updv
0.1s C:\AdwCleaner\Quarantine\NIsNrmwUlN
0.1s C:\AdwCleaner\Quarantine\usZBauFkrF
0.1s C:\AdwCleaner\Quarantine\CJCmZFOv1Q
0.1s C:\AdwCleaner\Quarantine\DIIXJNZI95
0.1s C:\AdwCleaner\Quarantine\yct4Aj6PKn
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\EA4A486097EB69D8.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\6A5507AEA7A63C3C.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\12\8E1140307C3DD800.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\A47EF6C2D8405754.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\EEC5542C8964D211.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\8D25A4927E3F2572.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\9A3D6D499E1695EE.dat
0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\ECD2CA18BA948DAF.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AB78509B8646E1DF.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\36\3F434F3933762568.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\70C6960C714D0F1D.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\75\31A67ACFBB51D0D7.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\82\685D7E91CDFE5FBE.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\0DCF9C80BD588C49.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\0ADF3CCC46B25B09.dat
1.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\45B858966E5E55E0.dat
1.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\e4987928717bad7a67068dceb5b91e290348db29
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\de0cea33de4c4b38b4408d116284634b69b06641
2.1s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\eda825b6c3ad60d9a82479f7fd510f4f50ef3414
5.4s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
6.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
6.8s C:\Windows\Prefetch\NVBACKEND.EXE-6C86381E.pf
Suspicious files ____________________________________________________________
C:\Users\mrado\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.403.328 bytes
Age . . . . . . . : 1.2 days (2017-10-31 11:54:39)
Entropy . . . . . : 7.6
SHA-256 . . . . . : BFEDDEF5ED4AD146B3670CE3002EE8D0AF4941047EB49E9BE9175448DC982810
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-1.0s C:\Users\mrado\AppData\Local\Microsoft\Windows\Safety\download\remote\script-2_293889384620552388913274900624584318270
0.0s C:\Users\mrado\Desktop\FRST-OlderVersion\FRST64.exe
0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\50\5BD0C9A45D2FB42E.dat
1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\68D5D813ADC8A254959BFABD9DADAC26
2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\50\5BD0C9A45D2FB42E.dat
2.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{63C49478-D643-4DCB-8FC6-EFA782C129D8}
4.1s C:\Users\mrado\AppData\Local\Microsoft\Windows\Safety\apprep\remote\script-2_321330635506751768007551404756863992078
5.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7977E5CA-CC15-4E46-8331-12A46771D0F7}
14.0s C:\Users\mrado\Desktop\FRST\
14.0s C:\Users\mrado\Desktop\FRST\Logs\
14.0s C:\Users\mrado\Desktop\FRST\Quarantine\
14.0s C:\Users\mrado\Desktop\FRST\Hives\
15.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\26\C5C8AB21D1057752.dat
15.7s C:\Users\mrado\Desktop\FRST\Hives\ERDNT.INF
15.7s C:\Users\mrado\Desktop\FRST\Hives\ERDNT.CON
15.7s C:\Users\mrado\Desktop\FRST\Hives\SAM
15.7s C:\Users\mrado\Desktop\FRST\Hives\SECURITY
15.7s C:\Users\mrado\Desktop\FRST\Hives\DEFAULT
15.7s C:\Users\mrado\Desktop\FRST\Hives\SYSTEM
15.8s C:\Users\mrado\Desktop\FRST\Hives\SOFTWARE
16.1s C:\Users\mrado\Desktop\FRST\Hives\BCD
16.1s C:\Users\mrado\Desktop\FRST\Hives\Users\
16.1s C:\Users\mrado\Desktop\FRST\Hives\Users\00000001\
16.1s C:\Users\mrado\Desktop\FRST\Hives\Users\00000001\NTUSER.DAT
16.2s C:\Users\mrado\Desktop\FRST\Hives\Users\00000002\
16.2s C:\Users\mrado\Desktop\FRST\Hives\Users\00000002\UsrClass.dat
16.3s C:\Users\mrado\Desktop\FRST\Hives\DRIVERS
16.4s C:\Users\mrado\Desktop\FRST\Hives\ERDNT.EXE
16.4s C:\Users\mrado\Desktop\FRST\Hives\ERDNTWIN.LOC
16.4s C:\Users\mrado\Desktop\FRST\Hives\ERDNTDOS.LOC
16.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\50\5BD0C9A45D2FB42E.dat
17.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\A47ACB0BE175EB29.dat
18.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A2569002-EB2A-4902-8713-4AE69E0668D6}
34.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{532C777A-763C-4092-B4CC-402AEE2BDEBC}
C:\Users\mrado\Desktop\FRST64.exe
Size . . . . . . . : 2.403.328 bytes
Age . . . . . . . : 0.2 days (2017-11-01 12:28:49)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 0AF9E15774EB98DE5E89662BC939177586FAA9138192B1C1EDD8228B95259A90
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.3s C:\Users\mrado\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
-0.3s C:\Users\mrado\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
0.0s C:\Users\mrado\Desktop\FRST64.exe
0.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\73\E3E5571A24836579.dat
1.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\22\18C4E6FD1BD8196A.dat
1.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\85\EF7E2EB4E060A351.dat
4.2s C:\Users\mrado\Desktop\FRST-OlderVersion\
5.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\4298A84B76D19FFB.dat
11.0s C:\Windows\Prefetch\SVCHOST.EXE-DFFD1BED.pf
30.2s C:\FRST\Logs\ct
30.2s C:\Users\mrado\Desktop\Fixlog.txt
32.5s C:\Windows\Prefetch\RUNDLL32.EXE-24EFAC77.pf
40.5s C:\Windows\Prefetch\DASHOST.EXE-38AAABF0.pf
41.0s C:\Windows\Prefetch\SVCHOST.EXE-FEA1FDBE.pf
Don Camillo Und hier das Ergebnis des ESET-Scans: Code:
ATTFilter C:\AdwCleaner\Quarantine\1xVPfvJcrg\YTD Video Downloader\ytd.exe Variante von Win32/YTDDownloader.A eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\BEHelper.exe Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button.exe Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Button64.exe Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap.dll Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\ButtonWrap64.dll Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons.dll Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Coupons64.dll Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\frAQBc8Wsa\Uninstall.exe Variante von Win32/Toolbar.Widgi.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\rQF69AzBla\ytd_installer.exe Variante von Win32/Spigot.D eventuell unerwünschte Anwendung,Variante von Win32/YTDDownloader.D eventuell unerwünschte Anwendung,Variante von Win32/YTDDownloader.A eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\x3CF3EDNhm\MalwareProtectionClient.exe Variante von MSIL/MalwareProtectionLive.A eventuell unerwünschte Anwendung
C:\Users\mrado\Downloads\YTDSetup.exe Variante von Generik.BPLZW eventuell unerwünschte Anwendung
D:\Dokumente\PC-Spiele\Premier manager 97 manual_10924_i106418811_il345.zip Variante von Win32/Amonetize.NZ eventuell unerwünschte Anwendung
E:\Markus\Dokumente\PC-Spiele\Civ4\No-CD\Civilization IV NO-CD v1.09 RELOADED _ TFT TEAM.zip Variante von Generik.EKBTXXZ Trojaner
Don Camillo |
|
01.11.2017, 20:23
| #11 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Und hier noch die beiden Dateien von Schritt 4: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 20:19:54)
Gestartet von C:\Users\mrado\Desktop
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-19 05:42:48)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3509878254-1581680034-4090546777-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509878254-1581680034-4090546777-503 - Limited - Disabled)
Gast (S-1-5-21-3509878254-1581680034-4090546777-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3509878254-1581680034-4090546777-1004 - Limited - Enabled)
mrado (S-1-5-21-3509878254-1581680034-4090546777-1002 - Administrator - Enabled) => C:\Users\mrado
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apowersoft Bildschirmrekorder Pro V2.2.4 (HKLM-x32\...\{dc9006db-6b05-4f0f-833b-79ef3f284c24}_is1) (Version: 2.2.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.315.8233 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6623 - CDBurnerXP)
Digital Viewer (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19103.105 - Sonix)
Documents To Go Desktop für iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.017 - DataViz, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.5.37.19 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{8F1A441E-AD6D-4732-BD6A-F38D5F1D1E47}) (Version: 12.8.37.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Innkeeper (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Innkeeper) (Version: 0.4.3 - Curse Inc.)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{1441974B-BB94-41EC-AC0F-30D5F5AC54F7}) (Version: 12.7.0.166 - Apple Inc.)
LINE (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\LINE) (Version: 5.3.3.1519 - LINE Corporation)
Malwarebytes Version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.599.11 - McAfee, Inc.)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\OneDriveSetup.exe) (Version: 17.3.7074.1023 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 56.0.2 (x64 de) (HKLM\...\Mozilla Firefox 56.0.2 (x64 de)) (Version: 56.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.2.6506 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27748 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7640 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Telegram Desktop version 1.1.23 (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.23 - Telegram Messenger LLP)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VirtualDJ 8 (HKLM-x32\...\{24F8CB37-888B-41E6-B119-CDC3F5075F57}) (Version: 8.0.2483.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0523A3D1-47FF-4383-837D-BDA294CB33D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {057DEA9B-CDB8-421D-8408-457BA3979B5F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {071A3197-5E92-43F2-A7A8-E67571C4A89E} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo)
Task: {0E365BCA-ECFA-42B1-9111-EDE447A40272} - System32\Tasks\{219B5455-FCD0-4C93-A66B-6EF0BC2AF3F9} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" -c scenario=Repair platform=x86 culture=de-de
Task: {12C7155E-F409-4B0A-BEE0-E814968BD48D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {1525EA8F-6A47-4D75-BF2A-3ECE1520B276} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1CDE4868-6C3E-4C7C-952F-3371E5AD103B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {1FFCB66C-5BCF-4655-ACE9-B3DF9EC2703A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3A2397-30C6-415D-A148-3AE3AD43D317} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {3A9D1CA7-7688-47D5-9A5F-79B02A5E4B14} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {412F4D35-C7C9-4417-AEA6-7BA817AABC36} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {468A331E-E707-4AEA-8D8E-97D194600D7B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {5B36618D-AE0A-403A-BF0E-71813129F9E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6DC65838-CD18-413E-96E9-B40AE20F90DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {91FA4E0D-655C-4B1A-B193-9F43FD77E8A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {9F4A339F-49AC-4FDA-A731-FF6DA3E2FFD2} - System32\Tasks\{690A624A-DB40-40A2-8818-6C74D9C4A5E5} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {A496C06A-14CA-4230-962D-EBDA3C6C1BB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-10-11] (Microsoft Corporation)
Task: {A912B7AA-7ABE-4CC4-90F7-EA13E15DEA64} - System32\Tasks\HPCeeScheduleFormrado => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B47CE98E-128A-433F-A7B5-C59CF298012B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BC4708AF-39E7-4868-A5CB-1358129F189E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {BF99E98E-3DCC-4C63-BFCC-0D9E763B7321} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {D89B7EF5-FAFC-4BE1-A8D6-3026ECA94AA4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D9EDA806-9674-484F-92F7-BA2D4658F233} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {EBFF86B5-8470-4F17-B578-E74EF379E72B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)
Task: {F59C7E2C-9BAC-47A0-8E39-FAFA18196BE8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBF5A053-9DE2-40C2-BBB8-28ADC880335D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_183_pepper.exe [2017-10-25] (Adobe Systems Incorporated)
Task: {FD40D52E-37D7-4D3B-AAFC-0BED2B0EDE6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2017-05-08 23:44 - 2017-05-08 23:44 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-18 19:05 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-11-01 00:33 - 2017-10-04 13:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-01 00:33 - 2017-10-04 13:15 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-06-23 20:11 - 2015-06-23 20:11 - 000187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-10-26 07:16 - 2017-10-26 07:18 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-10-26 07:16 - 2017-10-26 07:19 - 025446400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-10-26 07:16 - 2017-10-26 07:18 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-14 16:02 - 2017-09-14 16:03 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 06:34 - 2017-10-05 06:39 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-10-05 06:34 - 2017-10-05 06:39 - 048839168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 06:34 - 2017-10-05 06:40 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-10-05 06:34 - 2017-10-05 06:41 - 000164352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-10-05 06:34 - 2017-10-05 06:37 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-10-05 06:34 - 2017-10-05 06:37 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-10-05 06:34 - 2017-10-05 06:37 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-10-05 06:34 - 2017-10-05 06:40 - 020559872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-10-05 06:34 - 2017-10-05 06:37 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-10-05 06:34 - 2017-10-05 06:36 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-29 08:30 - 2017-08-29 08:30 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-05 06:34 - 2017-10-05 06:37 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-10-05 06:34 - 2017-10-05 06:39 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-10-05 06:34 - 2017-10-05 06:39 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-10-05 06:34 - 2017-10-05 06:34 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libglesv2.dll
2017-09-25 22:56 - 2017-09-21 08:29 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\libegl.dll
2017-10-25 17:46 - 2017-10-25 17:46 - 031229440 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_27_0_0_183.dll
2015-09-14 13:21 - 2016-06-15 02:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-01 07:28 - 2015-10-01 07:28 - 000137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2017-05-17 07:20 - 2017-06-21 15:13 - 000325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 12:04 - 2017-11-01 00:25 - 000000830 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "tsnp2std"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\StartupApproved\Run: => "Steam"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{44B2B678-9ED7-49B2-93BE-E2CAB5AA595F}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{EC825C9E-5497-4051-BF82-590F68BB7E88}C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{30CE8CFB-6695-4223-92FD-B430777D8843}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{29E0451C-CF2C-47FE-B16A-19727A67B0D6}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/01/2017 05:27:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 05:27:17 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 05:27:17 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/01/2017 05:27:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 05:27:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 05:27:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (11/01/2017 12:46:33 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (11/01/2017 12:46:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Systemfehler:
=============
Error: (11/01/2017 06:47:23 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:18 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:12 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:10 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
Error: (11/01/2017 06:47:07 PM) (Source: Disk) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1.
CodeIntegrity:
===================================
Date: 2017-11-01 19:03:58.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 19:03:58.549
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 19:00:30.943
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 19:00:26.854
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2017-11-01 18:52:40.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 18:52:40.622
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 18:52:10.645
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 18:52:10.642
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 18:52:09.667
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-11-01 18:52:09.664
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 59%
Installierter physikalischer RAM: 8143.88 MB
Verfügbarer physikalischer RAM: 3337.66 MB
Summe virtueller Speicher: 9423.88 MB
Verfügbarer virtueller Speicher: 3119.01 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.24 GB) (Free:61.44 GB) NTFS
Drive d: (Daten) (Fixed) (Total:931.51 GB) (Free:692.13 GB) NTFS
Drive e: (32_00_00) (Fixed) (Total:298.02 GB) (Free:21.34 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2A03BD70)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2A03BD6D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3E1EBD07)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017
durchgeführt von mrado (Administrator) auf DESKTOP-A84CFPT (01-11-2017 20:19:20)
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.7.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(TomTom) D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11709.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\excel.exe
(Telegram Messenger LLP) C:\Users\mrado\AppData\Roaming\Telegram Desktop\Telegram.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-23] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-09-29] (Razer Inc.)
HKLM-x32\...\Run: [tsnp2std] => C:\Windows\tsnp2std.exe [262144 2007-08-31] ()
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Steam] => D:\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [TomTomHOME.exe] => D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-02] (BlueStack Systems, Inc.)
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{72e801e1-0d70-478c-ab42-bac0ef611475}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKU\S-1-5-21-3509878254-1581680034-4090546777-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-3509878254-1581680034-4090546777-1002 -> DefaultScope {A00A2EFA-700C-4184-A813-BAC983B19961} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 7xti9fl7.default
FF ProfilePath: C:\Users\mrado\AppData\Roaming\TomTom\HOME\Profiles\2f4az5v7.default [2015-12-03]
FF Extension: (Map status indicator) - D:\Programme\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-12-03] [ist nicht signiert]
FF ProfilePath: C:\Users\mrado\AppData\Roaming\Mozilla\Firefox\Profiles\7xti9fl7.default [2017-11-01]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\7xti9fl7.default -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\7xti9fl7.default -> hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3509878254-1581680034-4090546777-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mrado\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-13] (Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default [2017-11-01]
CHR Extension: (Präsentationen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-01]
CHR Extension: (YouTube) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-01]
CHR Extension: (Adblock Plus) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-27]
CHR Extension: (Adobe Acrobat) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (Tabellen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Google Mail) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-01]
CHR Extension: (Chrome Media Router) - C:\Users\mrado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-26]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 MxService; C:\Program Files (x86)\Maxthon\Bin\MxService.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-04] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [192952 2017-11-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45504 2017-11-01] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [252232 2017-11-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-01] (Malwarebytes)
R1 MpKslf41327e3; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66512E42-DA02-4D1D-8E8A-B21C7A129D83}\MpKslf41327e3.sys [49392 2017-11-01] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11968 2000-07-29] () [Datei ist nicht signiert]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 20:14 - 2017-11-01 20:14 - 000003742 _____ C:\Users\mrado\Desktop\eset.txt
2017-11-01 17:42 - 2017-11-01 17:42 - 006760064 _____ (ESET spol. s r.o.) C:\Users\mrado\Desktop\esetonlinescanner_deu.exe
2017-11-01 17:42 - 2017-11-01 17:42 - 000000000 ____D C:\Users\mrado\AppData\Local\ESET
2017-11-01 17:31 - 2017-11-01 17:36 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-01 17:30 - 2017-11-01 17:30 - 011584088 _____ (SurfRight B.V.) C:\Users\mrado\Desktop\HitmanPro_x64.exe
2017-11-01 12:51 - 2017-11-01 12:55 - 000007437 _____ C:\Users\mrado\Desktop\Search.txt
2017-11-01 12:29 - 2017-11-01 17:26 - 000003637 _____ C:\Users\mrado\Desktop\Fixlog.txt
2017-11-01 12:28 - 2017-11-01 12:28 - 000000000 ____D C:\Users\mrado\Desktop\FRST-OlderVersion
2017-11-01 00:43 - 2017-11-01 00:43 - 000013783 _____ C:\Users\mrado\Desktop\mbam.txt
2017-11-01 00:34 - 2017-11-01 18:33 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-01 00:34 - 2017-11-01 17:26 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-01 00:34 - 2017-11-01 00:34 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-01 00:33 - 2017-11-01 17:26 - 000045504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000252232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-01 00:33 - 2017-11-01 00:33 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-01 00:33 - 2017-11-01 00:33 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-01 00:33 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-01 00:30 - 2017-11-01 00:33 - 071535032 _____ (Malwarebytes ) C:\Users\mrado\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-11-01 00:22 - 2017-11-01 00:25 - 000000000 ____D C:\AdwCleaner
2017-11-01 00:21 - 2017-11-01 00:21 - 008261584 _____ (Malwarebytes) C:\Users\mrado\Desktop\adwcleaner_7.0.4.0.exe
2017-11-01 00:03 - 2017-11-01 00:03 - 000000000 ____D C:\Users\mrado\Desktop\AdwCleaner
2017-10-31 14:22 - 2017-11-01 20:19 - 000018201 _____ C:\Users\mrado\Desktop\FRST.txt
2017-10-31 14:22 - 2017-11-01 20:19 - 000000000 ____D C:\FRST
2017-10-31 14:22 - 2017-11-01 12:59 - 000035022 _____ C:\Users\mrado\Desktop\Addition.txt
2017-10-31 11:54 - 2017-11-01 12:28 - 002403328 _____ (Farbar) C:\Users\mrado\Desktop\FRST64.exe
2017-10-31 11:54 - 2017-10-31 11:55 - 000000000 ____D C:\Users\mrado\Desktop\FRST
2017-10-26 16:56 - 2017-10-26 16:56 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iTunes
2017-10-26 16:56 - 2017-10-26 16:56 - 000000000 ____D C:\Program Files\iPod
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-10-26 16:55 - 2017-10-26 16:55 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-10-18 15:59 - 2017-10-18 15:59 - 000032026 _____ C:\Users\mrado\Downloads\Buchstaben Aa Ll Mm Oo Ee trainieren.pdf
2017-10-11 18:31 - 2017-10-11 18:31 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-11 18:29 - 2017-09-30 06:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-11 18:29 - 2017-09-30 06:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-11 18:29 - 2017-09-30 06:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-11 18:29 - 2017-09-30 06:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-11 18:29 - 2017-09-30 06:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-11 18:29 - 2017-09-30 03:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-11 18:29 - 2017-09-30 03:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-11 18:29 - 2017-09-30 03:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-11 18:29 - 2017-09-30 03:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-11 18:29 - 2017-09-30 03:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-11 18:29 - 2017-09-30 03:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-11 18:29 - 2017-09-30 03:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-11 18:29 - 2017-09-30 03:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-11 18:29 - 2017-09-30 03:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-11 18:29 - 2017-09-30 03:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:29 - 2017-09-30 03:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-11 18:29 - 2017-09-30 03:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-11 18:29 - 2017-09-30 03:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-11 18:29 - 2017-09-29 08:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-11 18:29 - 2017-09-29 08:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-11 18:29 - 2017-09-29 08:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-11 18:29 - 2017-09-29 08:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-11 18:29 - 2017-09-29 08:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-11 18:29 - 2017-09-29 08:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-11 18:29 - 2017-09-29 08:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-11 18:29 - 2017-09-29 08:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-11 18:29 - 2017-09-29 08:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-11 18:29 - 2017-09-29 08:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-11 18:29 - 2017-09-29 08:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-11 18:29 - 2017-09-29 08:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-11 18:29 - 2017-09-29 08:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-11 18:29 - 2017-09-29 08:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-11 18:29 - 2017-09-29 08:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-11 18:29 - 2017-09-29 08:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-11 18:29 - 2017-09-29 08:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-11 18:29 - 2017-09-29 08:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-11 18:29 - 2017-09-29 08:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-11 18:29 - 2017-09-29 08:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-11 18:29 - 2017-09-29 08:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-11 18:29 - 2017-09-29 08:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-11 18:29 - 2017-09-29 06:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-11 18:29 - 2017-09-20 16:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-11 18:29 - 2017-09-20 16:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-11 18:29 - 2017-09-19 00:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-11 18:29 - 2017-09-18 23:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-11 18:29 - 2017-09-18 23:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-11 18:28 - 2017-09-30 06:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-11 18:28 - 2017-09-30 06:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-11 18:28 - 2017-09-30 06:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-11 18:28 - 2017-09-30 06:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-11 18:28 - 2017-09-30 06:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-11 18:28 - 2017-09-30 06:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-11 18:28 - 2017-09-30 06:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-11 18:28 - 2017-09-30 06:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-11 18:28 - 2017-09-30 06:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-11 18:28 - 2017-09-30 06:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-11 18:28 - 2017-09-30 06:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-11 18:28 - 2017-09-30 06:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-11 18:28 - 2017-09-30 06:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-11 18:28 - 2017-09-30 06:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-11 18:28 - 2017-09-30 06:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-11 18:28 - 2017-09-30 06:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-11 18:28 - 2017-09-30 06:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-11 18:28 - 2017-09-30 06:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-11 18:28 - 2017-09-30 06:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-11 18:28 - 2017-09-30 06:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-11 18:28 - 2017-09-30 06:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-11 18:28 - 2017-09-30 06:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-11 18:28 - 2017-09-30 06:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-11 18:28 - 2017-09-30 03:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-11 18:28 - 2017-09-29 08:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-11 18:28 - 2017-09-29 08:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-11 18:28 - 2017-09-29 08:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-11 18:28 - 2017-09-29 08:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-11 18:28 - 2017-09-29 08:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-11 18:28 - 2017-09-29 08:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-11 18:28 - 2017-09-29 08:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-11 18:28 - 2017-09-29 08:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-11 18:28 - 2017-09-29 08:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-11 18:28 - 2017-09-29 08:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-11 18:28 - 2017-09-29 08:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-11 18:28 - 2017-09-29 08:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-11 18:28 - 2017-09-29 08:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-11 18:28 - 2017-09-29 08:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-11 18:28 - 2017-09-29 08:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-11 18:28 - 2017-09-29 08:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-11 18:28 - 2017-09-29 08:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-11 18:28 - 2017-09-29 08:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-11 18:28 - 2017-09-29 08:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-11 18:28 - 2017-09-29 08:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-11 18:28 - 2017-09-29 08:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-11 18:28 - 2017-09-29 08:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-11 18:28 - 2017-09-29 08:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-11 18:28 - 2017-09-29 08:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-11 18:28 - 2017-09-29 08:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-11 18:28 - 2017-09-29 08:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-11 18:28 - 2017-09-19 00:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-11 18:28 - 2017-09-19 00:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-11 18:28 - 2017-09-19 00:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-11 18:28 - 2017-09-19 00:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-11 18:28 - 2017-09-19 00:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-11 18:28 - 2017-09-19 00:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-11 18:28 - 2017-09-18 23:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-11 18:28 - 2017-09-18 23:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-11 18:28 - 2017-09-18 23:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-11 18:28 - 2017-09-18 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-11-01 20:07 - 2017-05-19 06:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-01 19:52 - 2016-06-13 16:47 - 000000000 ____D C:\Users\mrado\AppData\Roaming\Telegram Desktop
2017-11-01 18:19 - 2017-05-19 06:40 - 000004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF5A1CA3-3649-4C6C-B496-C9FB546074B1}
2017-11-01 17:31 - 2017-05-19 06:43 - 003740786 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 17:31 - 2017-03-20 05:35 - 001828702 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-01 17:31 - 2017-03-20 05:35 - 000460882 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-01 17:26 - 2017-05-19 06:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-01 17:26 - 2017-03-18 12:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-01 17:26 - 2016-09-22 06:18 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-01 12:39 - 2016-01-25 17:41 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Temp
2017-11-01 10:04 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-01 10:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-01 00:02 - 2015-12-09 16:19 - 000000000 ____D C:\Users\mrado\Documents\Outlook-Dateien
2017-10-31 13:10 - 2015-09-17 19:58 - 000000000 ____D C:\Users\mrado\AppData\Local\Packages
2017-10-31 11:31 - 2017-05-19 06:35 - 000000000 ____D C:\Users\mrado
2017-10-31 11:31 - 2015-09-23 20:20 - 000000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormrado.job
2017-10-31 00:15 - 2016-09-28 19:32 - 000000000 ____D C:\Users\mrado\AppData\Local\Battle.net
2017-10-30 23:40 - 2017-05-19 06:40 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormrado
2017-10-30 20:35 - 2017-01-12 22:50 - 000001723 _____ C:\Users\mrado\Desktop\Hearthstone Deck Tracker - Verknüpfung.lnk
2017-10-30 20:35 - 2016-09-28 19:27 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-10-29 13:47 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-29 09:17 - 2016-12-05 21:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-10-29 09:17 - 2015-09-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-28 11:07 - 2016-12-14 16:51 - 000000000 ____D C:\Users\mrado\AppData\LocalLow\Mozilla
2017-10-28 10:15 - 2017-07-25 15:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509878254-1581680034-4090546777-1002
2017-10-28 10:15 - 2015-09-17 20:00 - 000002432 _____ C:\Users\mrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-28 10:15 - 2015-09-17 20:00 - 000000000 ___RD C:\Users\mrado\OneDrive
2017-10-26 16:56 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-26 16:55 - 2015-09-23 21:06 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-10-26 16:37 - 2017-02-20 17:27 - 000000000 ____D C:\Users\mrado\Downloads\Telegram Desktop
2017-10-25 17:46 - 2017-05-19 06:40 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-10-25 17:46 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-18 22:30 - 2016-04-01 21:31 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-10-18 14:39 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-18 14:37 - 2015-11-18 19:05 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-10-14 17:25 - 2015-09-30 19:48 - 000000000 ____D C:\Users\mrado\AppData\Local\Adobe
2017-10-14 12:11 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-13 01:21 - 2017-03-18 22:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 01:21 - 2017-03-18 22:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 05:08 - 2015-09-14 12:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-12 05:07 - 2017-05-19 06:33 - 000272688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-11 22:47 - 2017-03-18 22:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-11 22:47 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-11 18:32 - 2015-09-21 06:55 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-11 18:31 - 2015-09-21 06:55 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-11 07:54 - 2015-10-07 17:03 - 000000000 ____D C:\Users\mrado\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-09-23 19:26 - 2015-09-23 19:26 - 000000057 _____ () C:\ProgramData\Ament.ini
2017-05-19 06:34 - 2017-05-19 06:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-10-31 12:19
==================== Ende von FRST.txt ============================
Don Camillo Zu der abschließenden Frage: heute lief der PC den ganzen Tag über einwandfrei, der PC ist nicht, so wie zuletzt, selbst heruntergefahren. Ich hoffe also, dass Du alles an Schadsoftware entfernen konntest... lg Don Camillo |
|
01.11.2017, 20:33
| #12 |
| /// TB-Ausbilder | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Servus, Reste entfernen
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Hinweise: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst du diese bedenkenlos löschen. Virenscanner + Firewall Vorab sei erwähnt, dass man niemals die Schutzwirkung eines Virenscanners überbewerten darf! Kein Antivirusprogramm erkennt 100% der Schadsoftware. Sofern du noch unentschieden bist, verwende MAXIMAL EIN EINZIGES der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Verwende immer nur reine Virenscanner (keine Produkte mit "Suite", "Internet Security", "Endpoint" oder "Total Security" in Namen, denn diese bringen kontraproduktive Firewalls mit - die Windows-Firewall ist alles was benötigt wird) Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware , AdwCleaner und mit dem ESET Online Scanner scannen. Diese Programme sind alle kostenlos und stören nicht den Betrieb deines Antivirenprogramms. Absicherungen Beim Betriebsystem Windows ist es wichtig, die automatischen Updates zu aktivieren. Auch sicherheitsrelevante Software sollte immer in aktueller Version vorliegen. Das zeitnahe Einspielen von Updates ist erforderlich, damit Sicherheitslücken geschlossen werden. Sicherheitslücken werden beispielsweise dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Besonders aufpassen bzgl. der Aktualität musst du insbesondere bei folgender Software - sofern diese überhaupt benötigt wird:
Optionale Browsererweiterungen
Grundsätzliches
Lesestoff:Backup-/Image-Tools IMHO sind Wiederherstellungspunkte nix weiter als eine Notlösung, wer sich auf was Funktionierendes verlassen will und muss, kommt um echte Backup/Imaging Software nicht herum. Ich nehme unter Windows immer Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64 Damit man sinnvolle Backups hat, muss man regelmäßig (z. B. wöchentlich) ein Image auf eine separate externe Festplatte erstellen. Diese externe Festplatte wird nur dann angeschlossen, wenn man das Backup erstellen will (oder etwas wiederherstellen muss), sonsten bleibt sie aus Sicherheitsgründen sicher im Schrank verwahrt - allein schon aus dem Grund, die Backups vor Krypto-Trojaner zu schützen. Option 1: Drivesnapshot Offizielle TB-Anleitung --> http://www.trojaner-board.de/186299-...esnapshot.html  Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64 Download (32-Bit) => http://www.drivesnapshot.de/download/snapshot.exe Download (64-Bit) => http://www.drivesnapshot.de/download/snapshot64.exe Es gibt da auch leicht abgespeckte Versionen von Acronis TrueImage gratis wenn man Platten von Seagate und/oder Western Digital hat. Vllt sagen diese Programme dir mehr zu. Mein Favorit aber ist das kleine o.g. Drivesnapshot. Option 2: Seagate DiscWizard Download => Seagate DiscWizard - Download - Filepony Screenshots: http://filepony.de/screenshot/seagate_discwizard5.jpg http://filepony.de/screenshot/seagate_discwizard4.png http://filepony.de/screenshot/seagate_discwizard3.jpg Option 3: Acronis TrueImage WD Edition Download => Acronis True Image WD Edition - Download - Filepony Screenshots: http://filepony.de/screenshot/acroni...d_edition1.jpg http://filepony.de/screenshot/acroni...d_edition2.jpg |
|
01.11.2017, 21:31
| #13 |
| | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Hallo Matthias, hier ist die Fixlog-Datei: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-11-2017
durchgeführt von mrado (01-11-2017 21:10:41) Run:3
Gestartet von C:\Users\mrado\Desktop
Geladene Profile: mrado (Verfügbare Profile: mrado)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
C:\Users\mrado\Downloads\YTDSetup.exe
D:\Dokumente\PC-Spiele\Premier manager 97 manual_10924_i106418811_il345.zip
E:\Markus\Dokumente\PC-Spiele\Civ4\No-CD\Civilization IV NO-CD v1.09 RELOADED _ TFT TEAM.zip
Reboot:
*****************
C:\Users\mrado\Downloads\YTDSetup.exe => erfolgreich verschoben
D:\Dokumente\PC-Spiele\Premier manager 97 manual_10924_i106418811_il345.zip => erfolgreich verschoben
E:\Markus\Dokumente\PC-Spiele\Civ4\No-CD\Civilization IV NO-CD v1.09 RELOADED _ TFT TEAM.zip => erfolgreich verschoben
Das System musste neu gestartet werden.
==== Ende von Fixlog 21:10:42 ====
Don Camillo Hallo Matthias, ich hab alles erledigt und bin auch durch. Danke für deine Hilfe. Hier kann geschlossen werden! lg Don Camillo |
|
01.11.2017, 22:39
| #14 |
| /// TB-Ausbilder | Win 10: PC startet nicht bzw. erst nach minutenlanger Pause Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM inklusive Link zum Thema. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Win 10: PC startet nicht bzw. erst nach minutenlanger Pause |
| coupons, cpu, defender, desktop, downloader, ebay, firefox, flash player, frage, helper, home, homepage, internet, internet explorer, monitor, prozesse, registry, rundll, scan, security, services.exe, svchost.exe, tcp, udp, updates, windows xp, windowsapps |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
