| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Drive Box wurde verschlüsselt - verdacht auf Kraken CryptorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.03.2019, 16:59
| #1 |
| |  Google Drive Box wurde verschlüsselt - verdacht auf Kraken Cryptor Hallo, leider sind mir gerade sehr komische Dateien auf meinem Google Drive aufgefallen. In jedem Ordner ist eine .txt Datei angelegt worden die #HOW TO DECRYPT FILES#.txt heißt und folgendes beinhält: Code:
ATTFilter #HOW TO DECRYPT FILES#.txt
#HOW TO DECRYPT FILES#.txt
!!! ATTENTION, YOUR FILES WERE ENCRYPTED !!!
Please follow few steps below:
1.Send us your ID.
2.Then you'll get payment instruction and after payment you will get your decryption tool!
Only we can decrypt all your data!
Contact us us:
metan19@mail2tor.com
And tell us your unique ID
dtplubSPatdgJb44oXR5FB75cZd9j4GWFe0RPg9odGlgdQPdDtLpwvA9yu8K6vyvRNwvSFHZt94BagQYVbZUtV3XwtkOfsnZy8wQtu9mcQvpPc1ysEyFRCEA5X65kPy2kZi6FxkEszd1eWdk5+/Kyi/wljv/TYycI1OBbN+Xgq0qOu+2aG+82f9Tj5JlmQbyN/hrsn9SRLyl5idNVuAG7fe9QzzgV+BXNf8EsWDaRlBFOpwB0WYuesBKiwXgRcuuWXuq/MksG3phpTpXXriL0IRvEmrQY55Zkc0C/jvne1cDHfjAL4++ah3o8160NZTPDethhiYWZbYV3XrjsK12TWEMFwa0hyRtLGs4wGX33v1TX56lluD3oDpOy+8/xw8pnVTu7uD3Khp3EbprlL5nhTbNGr5ZNyo6Kcun9WZOcIx2Pu6a4xgn4k/NsXsifXZRTjVq7Ew8AU1Tgxv4CNVSTWP8ABZTsdCgaymeq+0X5snHpcqT+diO6SvjvajPoFA+HsKdgSfbC5YQS83LR395Vw839ZXC090vw+NDDCMjkG8yRBUPOvhLxtDusPv3v3LokuxJX/D7gkf3V7+Fpfm3CzjT1D0RGl4X+w9/GkdIFP5PkHXlZfE8vhZwRjhmFANmL54l+Nw1mHKd+Vmv1gG0UigerpxVeNeKh2hT22mqsnk=
Die Dateien auf der Google Drive sind mit der Endung .metan gekenzeichnet. Die .txt Dateien und die unbennanten Dateien wurden angeblich mit meinem Google Drive Account erstellt.  Zu der Uhrzeit war bei PC eigentlich ausgeschalten, zumindest bin ich der Meinung. Weiss es nicht mehr genau.. Ich habe auch die Anmeldungen bei Google überprüft. Nur mein Computer und mein Handy ist dort eingetragen, alles bekannt. Ich nutze diesen Google Drive Account mit Google's Software "Drive File Stream". Ich habe einen weiteren Google Account, mit Gdrive. DIeser ist nicht betroffen. Mit dem nutze ich aber auch kein Drive File Stream. Auch meine ganzen Hardware Partitionen auf Windows sind nicht betroffen. Ich habe ein bisschen Angst, weil ich nicht genau weiss, wie es dazu kommen konnte. Jemand eine Idee? Sollte ich meinen PC überprüfen? Oder kam der "Hack" von außerhalb? Ich habe ein bisschen gegooglt und festgestellt, dass der Kraken Crypto solche .txt Dateien erstellt. Wie kann ich überprüfen, ob ich mir den eingefangen habe? Und müssten dann nicht alle Partitionen verschlüsselt sein? Ich gehe eher davon aus, dass sich jemand zutritt zu meinem Google Account verschafft hat. Aber normalerweise müsste ich das ja in den Logs von Google sehen... Gottseidank hat Google Drive eine Version History. Zumindest sind die Daten nicht weg. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09.03.2019 01
Ran by David (administrator) on DAVID-PC (11-03-2019 17:01:50)
Running from E:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Platform: Windows 10 Pro Version 1803 17134.523 (X64) Language: Englisch (Vereinigte Staaten)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.) C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(HP Inc. -> ) C:\Windows\SysWOW64\spdsvc.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Nitro Software, Inc. -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(HP Inc. -> ) C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems Incorporated -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\NisSrv.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\29.1.85.2056\crashpad_handler.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(16 Software -> 16 Software (www.16software.com)) C:\Program Files (x86)\Breevy\Breevy.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ROCCAT GmbH -> ROCCAT) C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe
(ROCCAT GmbH) [File not signed] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\hotkeyrtk.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\QtWebEngineProcess.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Cryptolayer -> ) C:\Program Files (x86)\VPN.AC Client\vpnac.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Screencast-O-Matic (Big Nerd Software, LLC) -> Screencast-O-Matic) C:\Program Files (x86)\Screencast-O-Matic\v2\Screencast-O-Matic.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1811.3241.0_x64__8wekyb3d8bbwe\Calculator.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Stefan Malzner -> Stefan Malzner) E:\Users\David\AppData\Local\Programs\franz\Franz.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\hkysound.exe
(CLEVO CO. -> CLEVO CO.) C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation -> Microsoft) C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\RDCMan.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteSubprocess.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Slack Technologies, Inc. -> Slack Technologies) E:\Users\David\AppData\Local\slack\app-3.3.7\slack.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe
(Spotify AB -> Spotify Ltd) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe
(Dirac Research AB -> Dirac Research AB) C:\Program Files\XTZ\Dirac Audio Processor\Dirac Audio Processor.exe
(Dirac Research AB -> ) C:\Program Files\XTZ\Dirac Audio Processor\diracapsrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3951280 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2675176 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16407296 2015-10-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3255376 2018-05-06] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [4426560 2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410968 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH) [File not signed]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [Franz] => E:\Users\David\AppData\Local\Programs\franz\Franz.exe [93981064 2019-02-14] (Stefan Malzner -> Stefan Malzner)
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [com.squirrel.slack.slack] => E:\Users\David\AppData\Local\slack\Update.exe [1559056 2019-02-03] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\29.1.85.2056\GoogleDriveFS.exe [33291560 2019-02-06] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3144480 2019-02-18] (Valve -> Valve Corporation)
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [Breevy] => C:\Program Files (x86)\Breevy\Breevy.exe [1170584 2016-10-13] (16 Software -> 16 Software (www.16software.com))
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-02-21] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Run: [7 Taskbar Tweaker] => E:\Users\David\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [462336 2019-02-24] (RaMMicHaeL) [File not signed]
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\RunOnce: [Application Restart #0] => C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe [26154216 2019-02-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "E:\Users\David\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "E:\Users\David\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\RunOnce: [Uninstall 19.002.0107.0008\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "E:\Users\David\AppData\Local\Microsoft\OneDrive\19.002.0107.0008\amd64"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\RunOnce: [Uninstall 19.002.0107.0008] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "E:\Users\David\AppData\Local\Microsoft\OneDrive\19.002.0107.0008"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\MountPoints2: {45f14507-fd9a-11e8-bb50-b808cff39999} - "H:\OnePlus_setup.exe" /s
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\MountPoints2: {9029f5b9-ffc7-11e8-bb51-b808cff39999} - "H:\SISetup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-06] (Google LLC -> Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2018-05-09]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2019-02-15]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (ROCCAT GmbH -> ROCCAT)
Startup: E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2018-05-10]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{1be550eb-ee9b-4c62-b2c1-aefef40f3bf1}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{56e7c80f-b70b-46e0-852b-f1a3cd07d12f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{82ac9bc1-3364-4479-b758-259b2df4d378}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{8625c043-6363-417b-a8f2-a868ff24544f}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d3e9791d-032c-40d9-8d97-060765d32f85}: [DhcpNameServer] 192.168.178.1
Internet Explorer:
==================
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-01-24] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: bcyzt6k5.default
FF ProfilePath: E:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\bcyzt6k5.default [2019-03-08]
FF Extension: (FoxyProxy Standard) - E:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\bcyzt6k5.default\Extensions\foxyproxy@eric.h.jung.xpi [2018-11-20]
FF Extension: (Nehmen Sie Screenshot der Webseite - FireShot) - E:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\bcyzt6k5.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2019-03-04]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc -> Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-09-13] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2455960667-3318087246-2055750665-1002: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2455960667-3318087246-2055750665-1002: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2455960667-3318087246-2055750665-1002: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2455960667-3318087246-2055750665-1002: @zoom.us/ZoomVideoPlugin -> E:\Users\David\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-08-20] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1426769397&from=wpm031932&uid=SamsungXSSDX840XEVOX250GB_S1DBNSCFA29580N
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Default [2019-03-11]
CHR Extension: (Redirect Path) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomidfkchockcldhbkggjokdkkebmdll [2018-08-11]
CHR Extension: (ColorZilla) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2018-05-11]
CHR Extension: (Signal Private Messenger) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2018-11-23]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2019-01-31]
CHR Extension: (uBlock Origin) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-02-18]
CHR Extension: (ClickUP) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhdadegpnihkfmpgcpilhkbnamifnld [2018-07-09]
CHR Extension: (Tampermonkey) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2019-02-22]
CHR Extension: (Facebook Pixel Helper) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2019-02-18]
CHR Extension: (EditThisCookie) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-11-30]
CHR Extension: (Cr!Box) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2018-05-11]
CHR Extension: (LastPass: Free Password Manager) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-03-05]
CHR Extension: (Auto Refresh) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2019-03-11]
CHR Extension: (Todobook) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbejplhkeifejcpijadinaicidddbde [2019-03-11]
CHR Extension: (Smile Always) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2018-05-11]
CHR Extension: (hxxps://trello.com/) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijnmpkkfkjaihbhffejemnpbbglahim [2018-05-11]
CHR Extension: (InstaG Downloader) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkdcmgmnegofdddphijckfagibepdlb [2018-07-12]
CHR Extension: (Tag Assistant (by Google)) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-11-23]
CHR Extension: (The Great Suspender) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2019-01-23]
CHR Extension: (Magic Enhancer für YouTube™) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2019-03-05]
CHR Extension: (Instapaper) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2019-01-04]
CHR Extension: (Application Launcher for Drive (by Google)) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-02-22]
CHR Extension: (AntiGameReborn) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfbpacbhjchkjeopjfgdhckepclcfll [2019-03-09]
CHR Extension: (Chrome Web Store-Zahlungen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Airtable - Flexible database and organizer) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnciefjclblnajjcmhobechdohojkbf [2018-05-11]
CHR Extension: (Wrike - Project Management) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omoeimidjjkpidknllkcbfckmpgakpcj [2018-05-11]
CHR Extension: (Evernote Web Clipper) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2019-01-31]
CHR Extension: (Chrome Media Router) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-12]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-11-23]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-03-05]
CHR Extension: (LoginMonitor) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abpapnfdogaihoalbjgkdedbaabdhbko [2018-07-12]
CHR Extension: (Clear Cache) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2018-05-11]
CHR Extension: (Login) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ecjeobopgicfkbdcnfameemfakaedngc [2018-07-12]
CHR Extension: (Application Launcher for Drive (by Google)) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-02-27]
CHR Extension: (Chrome Web Store-Zahlungen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Chrome Media Router) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-27]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-01-07]
CHR Extension: (LastPass: Free Password Manager) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2019-01-06]
CHR Extension: (MetaMask) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-01-06]
CHR Extension: (Chrome Web Store-Zahlungen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Chrome Media Router) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-06]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3 [2018-06-06]
CHR Extension: (Präsentationen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-24]
CHR Extension: (Docs) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-24]
CHR Extension: (Google Drive) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-24]
CHR Extension: (YouTube) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-24]
CHR Extension: (Tabellen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-24]
CHR Extension: (EditThisCookie) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-05-24]
CHR Extension: (Google Docs Offline) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-24]
CHR Extension: (Chrome Web Store-Zahlungen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-24]
CHR Extension: (Google Mail) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-24]
CHR Extension: (Chrome Media Router) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-24]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada [2018-05-11] <==== ATTENTION
CHR Extension: (Präsentationen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-11]
CHR Extension: (Docs) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-11]
CHR Extension: (Google Drive) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-11]
CHR Extension: (YouTube) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-11]
CHR Extension: (Tabellen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-11]
CHR Extension: (Google Docs Offline) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-11]
CHR Extension: (LastPass: Free Password Manager) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-05-11]
CHR Extension: (MetaMask) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2018-05-11]
CHR Extension: (Chrome Web Store-Zahlungen) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-11]
CHR Extension: (Google Mail) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-11]
CHR Extension: (Chrome Media Router) - E:\Users\David\AppData\Local\Google\Chrome\User Data\Profile 3asdsada\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-11]
CHR Profile: E:\Users\David\AppData\Local\Google\Chrome\User Data\System Profile [2018-11-30]
CHR HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818136 2018-09-13] (Adobe Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2917864 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2709480 2018-12-13] (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-05-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [707144 2019-01-05] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7172680 2019-01-05] (GOG Sp. z o.o. -> GOG.com)
R2 HKClipSvc; C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe [254960 2015-05-27] (Microsoft Windows Hardware Compatibility Publisher -> Insyde Software Corp.)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [126880 2012-09-27] (Hewlett-Packard Company -> HP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [541800 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353768 2018-05-03] (Intel Corporation -> Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-08-03] (Intel Corporation -> )
R2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [70752 2018-06-08] (Nitro Software, Inc. -> Nalpeiron Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [34264 2015-07-23] (CLEVO CO. -> CLEVO CO.)
R2 Samsung Printer Dianostics Service; C:\Windows\SysWOW64\\spdsvc.exe [493088 2019-01-29] (HP Inc. -> )
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [145952 2019-01-29] (HP Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246448 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
S3 wampapache64; c:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe [29696 2018-09-19] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp64\bin\mysql\mysql5.7.23\bin\mysqld.exe [39626752 2018-06-08] () [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\NisSrv.exe [4098064 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MsMpEng.exe [113992 2019-02-23] (Microsoft Corporation -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4060256 2018-08-03] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [37832 2017-07-03] (Insyde Software Corp. -> Insyde Corporation)
R3 DiracResearchProcessor_WDM; C:\Windows\system32\DRIVERS\diracap.sys [46728 2017-06-21] (Dirac Research AB -> Dirac Research AB)
R1 googledrivefs2622; C:\Windows\System32\DRIVERS\googledrivefs2622.sys [122920 2018-12-17] (Google LLC -> Google, Inc.)
R3 HKKbdFltr; C:\Windows\system32\DRIVERS\HKKbdFltr.sys [50392 2015-05-27] (Insyde Software Corp. -> Insyde Software Corp.)
R3 HKMouFltr; C:\Windows\system32\DRIVERS\HKMouFltr.sys [48856 2015-05-27] (Insyde Software Corp. -> Insyde Software Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [143288 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Microsoft Windows -> Intel Corporation)
R3 Netwtw06; C:\Windows\System32\drivers\Netwtw06.sys [8815128 2018-08-02] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_56e97d93d760592a\nvlddmkm.sys [17168744 2018-05-08] (NVIDIA Corporation -> NVIDIA Corporation)
S3 qcusbnet; C:\Windows\System32\drivers\qcusbnet.sys [428600 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (Microsoft Windows Hardware Compatibility Publisher -> QUALCOMM Incorporated)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Microsoft Windows -> Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2018-05-09] (Microsoft Windows Hardware Compatibility Publisher -> Realsil Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42664 2016-01-07] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Savitech Corp. -> Windows (R) Win 7 DDK provider)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2018-06-13] (TEFINCOM S.A. -> The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [828688 2018-05-10] (IDRIX -> IDRIX)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [52288 2018-01-08] (VMware, Inc. -> VMware, Inc.)
R0 VMSNPXY; C:\Windows\System32\drivers\VmsProxyHNic.sys [36768 2018-06-06] (Microsoft Windows -> Microsoft Corporation)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-02-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [333792 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [62432 2019-02-23] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-11 17:01 - 2019-03-11 17:02 - 000049330 _____ E:\Users\David\Desktop\FRST.txt
2019-03-11 17:01 - 2019-03-11 17:01 - 002434560 _____ (Farbar) E:\Users\David\Desktop\FRST64.exe
2019-03-11 17:01 - 2019-03-11 17:01 - 000000000 ____D C:\FRST
2019-03-11 15:52 - 2019-03-11 15:52 - 000029017 _____ E:\Users\David\Downloads\2018-06-12--2019-03-04_Invoice_Summary.pdf.metan (1).pdf
2019-03-11 15:52 - 2019-03-11 15:52 - 000028965 _____ E:\Users\David\Downloads\2018-06-12--2019-03-04_Invoice_Summary.pdf.metan.pdf
2019-03-09 19:34 - 2019-03-09 19:34 - 000002365 _____ E:\Users\Public\Desktop\Evernote.lnk
2019-03-09 19:34 - 2019-03-09 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2019-03-09 16:45 - 2019-03-09 16:45 - 000002388 _____ E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-09 13:20 - 2019-03-09 13:20 - 000369648 _____ E:\Users\David\Downloads\Aufenthaltsticket-276283544.pdf
2019-03-08 22:58 - 2019-03-08 23:02 - 1996488704 _____ E:\Users\David\Downloads\ubuntu-18.04.2-desktop-amd64.iso
2019-03-08 20:01 - 2019-03-08 20:01 - 000042323 _____ E:\Users\David\Downloads\Rechnung_R-00161_element_one_GmbH_2019-03-08.pdf
2019-03-08 20:01 - 2019-03-08 20:01 - 000042317 _____ E:\Users\David\Downloads\Rechnung_R-00162_element_one_GmbH_2019-03-08.pdf
2019-03-08 19:41 - 2019-03-08 19:41 - 007939824 _____ (Tim Kosse) E:\Users\David\Downloads\FileZilla_3.41.1_win64-setup.exe
2019-03-08 02:08 - 2019-03-08 02:09 - 000000000 ____D E:\Users\David\Desktop\fflux-move
2019-03-08 01:50 - 2019-03-08 21:08 - 000000815 _____ E:\Users\David\Desktop\news-clk.txt
2019-03-07 20:56 - 2019-03-07 20:56 - 000000000 ____D E:\Users\David\AppData\Roaming\HeidiSQL
2019-03-07 20:55 - 2019-03-08 02:21 - 000000000 ____D E:\Users\David\Desktop\heidi
2019-03-07 20:54 - 2019-03-07 20:54 - 011788236 _____ E:\Users\David\Downloads\HeidiSQL_10.1_64_Portable.zip
2019-03-07 09:47 - 2019-03-07 09:47 - 053726820 _____ E:\Users\David\Downloads\MullvadVPN-2019.1_amd64.deb
2019-03-06 23:29 - 2019-03-06 23:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-03-06 18:24 - 2019-03-06 18:24 - 000000000 ____D E:\Users\David\Desktop\b4b transactions
2019-03-06 17:39 - 2019-03-06 17:39 - 000070833 _____ E:\Users\David\Downloads\Umsaetze_KtoNr170334700_EUR_06-03-2019_1739.CSV
2019-03-06 17:11 - 2019-03-07 01:05 - 000111627 _____ E:\Users\David\Desktop\Company spend detail (2).csv
2019-03-06 16:59 - 2019-03-07 00:59 - 000016806 _____ E:\Users\David\Desktop\Company spend detail (1).csv
2019-03-06 15:23 - 2019-03-06 15:26 - 000000773 _____ E:\Users\David\Desktop\index.html
2019-03-06 12:35 - 2019-03-06 12:35 - 043565841 _____ E:\Users\David\Downloads\PVFacebookLeakRevisedEdition.pdf
2019-03-06 11:04 - 2019-03-06 11:04 - 000000000 ____D C:\HashiCorp
2019-03-06 10:49 - 2019-03-06 11:01 - 240357376 _____ E:\Users\David\Downloads\vagrant_2.2.4_x86_64.msi
2019-03-06 10:15 - 2019-03-06 10:17 - 016525553 _____ E:\Users\David\Downloads\statamic-2.11.9 (1).zip
2019-03-06 10:14 - 2019-03-06 10:18 - 000000000 ____D E:\Users\David\Documents\statamic
2019-03-05 17:55 - 2019-03-05 17:55 - 000000994 _____ E:\Users\Public\Desktop\Multilogin.lnk
2019-03-05 17:48 - 2019-03-05 17:51 - 115564304 _____ (Multilogin ) E:\Users\David\Downloads\multilogin-3.1.2-windows_x86_32_setup.exe
2019-03-05 09:42 - 2019-03-08 16:49 - 000001305 _____ E:\Users\David\Desktop\1.txt
2019-03-05 09:42 - 2019-03-05 09:42 - 000001699 _____ E:\Users\David\Desktop\2.txt
2019-03-05 09:27 - 2019-03-05 09:28 - 016525553 _____ E:\Users\David\Downloads\statamic-2.11.9.zip
2019-03-04 21:28 - 2019-03-04 21:29 - 874512384 _____ E:\Users\David\Downloads\ubuntu-18.04.2-live-server-amd64.iso
2019-03-04 20:35 - 2019-03-04 20:35 - 000011881 _____ E:\Users\David\Downloads\Koken_Installer.zip
2019-03-04 20:22 - 2019-03-04 20:23 - 035908163 _____ E:\Users\David\Downloads\hola.zip
2019-03-04 20:18 - 2019-03-04 20:18 - 001625025 _____ E:\Users\David\Downloads\perch_v3.1.4.zip
2019-03-04 20:15 - 2019-03-04 20:15 - 002499150 _____ E:\Users\David\Downloads\CouchCMS-2.1.zip
2019-03-04 20:11 - 2019-03-04 20:11 - 001332046 _____ E:\Users\David\Downloads\html5up-massively.zip
2019-03-04 18:15 - 2019-03-04 18:16 - 010233031 _____ E:\Users\David\Downloads\grav-admin-v1.5.8.zip
2019-03-04 14:18 - 2019-03-04 14:18 - 000001249 _____ E:\Users\Public\Desktop\Skype.lnk
2019-03-04 14:17 - 2019-03-04 14:17 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2019-03-04 14:17 - 2019-03-04 14:17 - 000047800 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2019-03-04 14:17 - 2019-03-04 14:17 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2019-03-04 11:32 - 2019-03-04 11:32 - 000031269 _____ E:\Users\David\Downloads\retour-for-kirby-master.zip
2019-03-04 10:52 - 2019-03-04 10:52 - 011294943 _____ E:\Users\David\Downloads\starterkit-master (4).zip
2019-03-04 00:20 - 2019-03-04 14:08 - 000000000 ____D E:\Users\David\Downloads\Invoices
2019-03-03 19:05 - 2019-03-03 19:05 - 002678518 _____ E:\Users\David\Downloads\keepassxc_2.3.4-1_amd64_stable_stretch.deb
2019-03-03 18:13 - 2019-03-03 18:13 - 003126386 _____ E:\Users\David\Downloads\macOS-master.zip
2019-03-03 17:30 - 2019-03-03 20:56 - 000000000 ____D E:\Users\David\Desktop\vm
2019-03-03 16:10 - 2019-03-08 20:04 - 000000000 ____D E:\Users\David\AppData\LocalLow\Mozilla
2019-03-03 16:09 - 2019-03-03 16:09 - 011294943 _____ E:\Users\David\Downloads\starterkit-master (3).zip
2019-03-03 16:08 - 2019-03-03 16:08 - 011294943 _____ E:\Users\David\Downloads\starterkit-master (2).zip
2019-03-03 16:07 - 2019-03-03 16:07 - 011294943 _____ E:\Users\David\Downloads\starterkit-master (1).zip
2019-03-02 17:36 - 2019-03-02 17:36 - 000019695 _____ E:\Users\David\Downloads\2019-02-01--2019-03-02_Invoice_Summary.pdf
2019-02-28 18:18 - 2019-02-28 18:24 - 2352574464 _____ E:\Users\David\Downloads\deepin-15.9-amd64.iso
2019-02-28 14:08 - 2019-02-28 17:04 - 000000000 ____D E:\Users\David\Desktop\Stepper
2019-02-28 10:15 - 2019-02-28 10:15 - 000130644 _____ E:\Users\David\Downloads\Emmarhee Contract 2019.pdf
2019-02-27 23:18 - 2019-02-27 23:18 - 000750054 _____ E:\Users\David\Downloads\ScoutGear.bmp
2019-02-27 21:46 - 2018-01-31 13:53 - 000000018 _____ E:\Users\David\Desktop\account_daten.txt
2019-02-27 21:36 - 2019-02-27 21:36 - 000000000 ____D E:\Users\David\AppData\Roaming\Celestial World
2019-02-27 21:33 - 2019-02-27 21:46 - 000000000 ____D E:\Users\David\Desktop\Celestial - World 2.0
2019-02-27 21:28 - 2019-02-27 21:32 - 1516089953 _____ E:\Users\David\Downloads\Celestial - World 2.0.rar
2019-02-27 09:52 - 2019-02-27 09:52 - 000389838 _____ E:\Users\David\Downloads\privacy_customer.pdf
2019-02-26 14:43 - 2019-02-26 14:43 - 008427214 _____ E:\Users\David\Downloads\DE06_Grabler_MANOVA.pdf
2019-02-26 14:33 - 2019-02-26 14:33 - 007954904 _____ (Tim Kosse) E:\Users\David\Downloads\FileZilla_3.40.0_win64-setup.exe
2019-02-26 12:14 - 2019-02-26 12:14 - 000116031 _____ E:\Users\David\Downloads\Audience Funnel Cheatsheet - FUNNEL AUDIENCES 2.pdf
2019-02-25 00:32 - 2019-03-06 18:58 - 000000585 _____ E:\Users\David\Desktop\clk-ueu--new.txt
2019-02-24 15:15 - 2019-02-24 15:15 - 123351951 _____ E:\Users\David\Downloads\7 Figure BPM System.rar
2019-02-23 10:43 - 2019-02-27 12:45 - 000000000 ____D E:\Users\David\Desktop\new-sb
2019-02-22 18:59 - 2019-02-22 19:23 - 000013064 _____ E:\Users\David\Desktop\pdf.pdf
2019-02-22 18:58 - 2019-02-22 18:58 - 000070144 _____ E:\Users\David\Downloads\Kuendigung_690456.msg
2019-02-22 17:02 - 2019-03-08 19:48 - 000000000 ____D E:\Users\David\Desktop\VPS
2019-02-22 11:24 - 2019-02-22 11:24 - 000121279 _____ E:\Users\David\Desktop\c332234a-e7d7-4f14-ad16-2fdfc2cc9cb8.jpeg
2019-02-21 17:36 - 2019-02-21 17:36 - 000000000 ____D E:\Users\David\AppData\Local\franz-updater
2019-02-19 13:30 - 2019-02-19 13:30 - 000103743 _____ E:\Users\David\Downloads\02_EN_02.2019.pdf
2019-02-19 13:30 - 2019-02-19 13:30 - 000103708 _____ E:\Users\David\Downloads\03_EN_02.2019.pdf
2019-02-19 13:30 - 2019-02-19 13:30 - 000103188 _____ E:\Users\David\Downloads\03_EN_02.2019 (1).pdf
2019-02-18 21:30 - 2019-02-18 21:30 - 000082768 _____ E:\Users\David\Downloads\pressemitteilung-deutsche-mittelstaendler-als-steuereintreiber-bei-google-und-co-100.pdf
2019-02-16 19:18 - 2019-02-16 19:18 - 002492333 _____ E:\Users\David\Downloads\thk2_m6.7z
2019-02-16 16:23 - 2019-02-16 16:23 - 009180985 _____ E:\Users\David\Downloads\proxmox_pfsense_port-redirect-2019-02-16_13.09.49.mp4
2019-02-16 16:06 - 2019-02-16 16:06 - 008941805 _____ E:\Users\David\Downloads\proxmox_pfsense_windows_ubuntu-2019-02-16_12.57.19.mp4
2019-02-16 16:03 - 2019-02-18 00:33 - 000001544 _____ E:\Users\David\Downloads\PROXMOX_pfSense_Windows_Ubuntu.txt
2019-02-15 20:34 - 2019-02-15 20:34 - 000003666 _____ C:\Windows\System32\Tasks\ROCCAT DEVICE SERVICE
2019-02-15 20:34 - 2019-02-15 20:34 - 000000000 ____D E:\Users\David\AppData\Roaming\ROCCAT
2019-02-15 20:23 - 2018-12-18 03:22 - 160226664 _____ (ROCCAT GmbH) E:\Users\David\Desktop\ROCCAT Swarm.exe
2019-02-15 20:18 - 2019-02-15 20:19 - 159372857 _____ E:\Users\David\Downloads\ROCCAT Swarm_v19333-v1-v2.zip
2019-02-14 20:37 - 2019-02-14 20:37 - 000000000 ____D C:\ProgramData\Mozilla
2019-02-13 15:13 - 2019-02-13 17:15 - 000000000 ____D E:\Users\David\Desktop\SoSo Agency
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-11 16:47 - 2018-10-30 12:48 - 000000000 ____D C:\Program Files (x86)\VPN.AC Client
2019-03-11 16:37 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-11 15:35 - 2018-05-09 13:49 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-03-11 09:48 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\AppReadiness
2019-03-09 21:48 - 2018-05-20 15:20 - 000000600 _____ E:\Users\David\AppData\Local\PUTTY.RND
2019-03-09 21:48 - 2018-05-10 19:44 - 000000000 ____D E:\Users\David\AppData\Roaming\FileZilla
2019-03-09 21:17 - 2019-01-08 17:56 - 000000000 ____D E:\Users\David\AppData\Roaming\Code
2019-03-09 21:17 - 2018-05-11 13:51 - 000000000 ____D E:\Users\David\AppData\Local\VMware
2019-03-09 20:57 - 2018-05-10 22:03 - 000000000 ____D C:\ProgramData\VMware
2019-03-09 19:37 - 2018-05-09 12:09 - 000000000 ____D E:\Users\David\AppData\Roaming\VMware
2019-03-09 16:45 - 2018-05-09 14:35 - 000003364 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2455960667-3318087246-2055750665-1002
2019-03-09 00:37 - 2018-05-11 13:44 - 000000000 ____D E:\Users\David\AppData\Local\Screencast-O-Matic-v2
2019-03-08 23:04 - 2018-05-11 08:58 - 000000000 ____D E:\Users\David\Documents\Virtual Machines
2019-03-08 19:52 - 2019-01-23 17:12 - 000000000 ____D E:\Users\David\AppData\Roaming\Postman
2019-03-08 16:57 - 2019-01-23 17:12 - 000000000 ____D E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Postman
2019-03-08 16:57 - 2019-01-23 17:12 - 000000000 ____D E:\Users\David\AppData\Local\Postman
2019-03-08 16:56 - 2018-05-10 22:14 - 000000000 ____D E:\Users\David\AppData\Local\SquirrelTemp
2019-03-08 16:09 - 2019-01-08 17:56 - 000000000 ____D E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2019-03-08 09:36 - 2018-05-13 10:02 - 000000000 ____D E:\Users\David\AppData\Local\JxBrowser
2019-03-08 09:09 - 2018-05-10 19:45 - 000000000 ____D E:\Users\David\AppData\Roaming\Franz
2019-03-07 23:52 - 2018-05-09 15:02 - 000000000 ____D E:\Users\David\AppData\Local\Mozilla
2019-03-07 23:27 - 2018-05-09 15:02 - 000000000 ____D E:\Users\David\AppData\Roaming\Mozilla
2019-03-07 19:51 - 2018-05-10 22:14 - 000000000 ____D E:\Users\David\AppData\Roaming\Slack
2019-03-07 17:23 - 2018-05-09 15:19 - 000744838 _____ C:\Windows\system32\perfh007.dat
2019-03-07 17:23 - 2018-05-09 15:19 - 000151326 _____ C:\Windows\system32\perfc007.dat
2019-03-07 17:23 - 2018-05-09 13:58 - 001730196 _____ C:\Windows\system32\PerfStringBackup.INI
2019-03-07 17:23 - 2018-04-12 00:36 - 000000000 ____D C:\Windows\INF
2019-03-07 17:20 - 2018-05-11 08:56 - 000000000 ___RD E:\Users\David\Dropbox
2019-03-07 17:19 - 2018-05-09 14:28 - 000000000 ____D C:\ProgramData\NVIDIA
2019-03-07 17:19 - 2018-05-09 14:19 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-03-07 17:19 - 2018-05-09 13:49 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-03-07 17:19 - 2018-04-11 22:04 - 000786432 _____ C:\Windows\system32\config\BBI
2019-03-07 17:18 - 2018-05-11 13:49 - 000000000 ____D E:\Users\David\AppData\Roaming\Breevy
2019-03-07 11:48 - 2018-05-11 09:03 - 000000000 ____D E:\Users\David\AppData\Roaming\Exodus
2019-03-06 23:39 - 2018-05-11 10:22 - 000000000 ____D E:\Users\David\AppData\Roaming\vlc
2019-03-06 23:29 - 2018-05-11 08:52 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-03-06 21:38 - 2018-05-11 09:02 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-06 18:58 - 2019-01-29 18:29 - 000000771 _____ E:\Users\David\Desktop\clk-us.txt
2019-03-05 19:02 - 2018-05-10 19:58 - 000000000 ____D E:\Users\David\AppData\Roaming\KeePass
2019-03-05 17:55 - 2018-05-13 10:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multilogin
2019-03-05 17:55 - 2018-05-13 10:01 - 000000000 ____D C:\Program Files (x86)\Multilogin
2019-03-05 16:19 - 2018-05-11 12:41 - 000000000 ____D E:\Users\David\AppData\Local\Adobe
2019-03-05 09:43 - 2018-05-11 10:24 - 000000000 ____D C:\Program Files (x86)\Steam
2019-03-05 09:43 - 2018-05-11 08:52 - 000000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2019-03-05 09:43 - 2018-05-11 08:52 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2019-03-05 09:43 - 2018-05-09 15:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-03-05 09:36 - 2018-05-10 16:47 - 000000000 ____D E:\Users\David\AppData\Local\CrashDumps
2019-03-05 09:29 - 2018-05-09 15:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-03-05 09:29 - 2018-05-09 15:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-03-04 14:18 - 2019-01-25 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-04 14:17 - 2018-07-13 03:01 - 000051024 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2019-03-03 17:26 - 2015-04-20 03:45 - 000000000 ____D E:\Users\David\Desktop\Archiv
2019-02-27 21:46 - 2018-01-10 14:05 - 000000000 ____D E:\Users\David\Desktop\Celestial World 2.0
2019-02-26 12:00 - 2019-01-28 15:41 - 000000000 ____D E:\Users\David\Desktop\processst
2019-02-26 10:27 - 2018-05-10 19:55 - 000000000 ____D E:\Users\David\AppData\Local\JDownloader 2.0
2019-02-25 20:52 - 2018-05-14 13:51 - 000001456 _____ E:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2019-02-23 10:02 - 2018-05-09 13:49 - 000000000 ____D C:\Windows\system32\Drivers\wd
2019-02-22 19:05 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2019-02-19 14:40 - 2018-05-11 14:23 - 000000000 ____D E:\Users\David\AppData\Local\ElevatedDiagnostics
2019-02-18 09:49 - 2018-04-12 00:38 - 000000000 ____D C:\Windows\LiveKernelReports
2019-02-18 00:33 - 2018-11-15 14:21 - 000000000 ____D E:\Users\David\AppData\Roaming\Basecamp 3
2019-02-15 20:33 - 2018-06-23 09:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2019-02-15 20:33 - 2018-06-23 09:22 - 000000000 ____D C:\Program Files (x86)\ROCCAT
2019-02-15 20:33 - 2018-05-09 14:42 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-02-15 20:25 - 2018-05-09 14:35 - 000000000 ____D C:\ProgramData\Package Cache
2019-02-14 19:55 - 2018-05-11 08:52 - 000003984 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2019-02-14 19:55 - 2018-05-11 08:52 - 000003752 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
==================== Files in the root of some directories =======
2019-01-31 15:28 - 2019-01-31 15:28 - 000000033 _____ () E:\Users\David\AppData\Roaming\AdobeWLCMCache.dat
2018-06-04 16:53 - 2018-11-27 13:18 - 000000600 _____ () E:\Users\David\AppData\Roaming\PUTTY.RND
2018-05-14 13:51 - 2019-02-25 20:52 - 000001456 _____ () E:\Users\David\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2018-10-23 11:19 - 2018-10-23 11:19 - 000000000 _____ () E:\Users\David\AppData\Local\oobelibMkey.log
2018-05-20 15:20 - 2019-03-09 21:48 - 000000600 _____ () E:\Users\David\AppData\Local\PUTTY.RND
Some files in TEMP:
====================
2018-12-16 13:15 - 2012-09-27 01:28 - 000608160 ____R (HP) E:\Users\David\AppData\Local\Temp\siinst.exe
2019-03-07 23:32 - 2019-03-07 23:32 - 000913408 ____N () E:\Users\David\AppData\Local\Temp\sqlite-3.23.1-4dd7995d-a3e6-4a70-ad46-223c7f7f33e6-sqlitejdbc.dll
2018-12-16 13:15 - 2012-09-26 06:57 - 000270336 ____R (HP) E:\Users\David\AppData\Local\Temp\strings.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-09 13:49
==================== End of FRST.txt ============================
Geändert von amster (11.03.2019 um 17:17 Uhr) |
|
11.03.2019, 18:08
| #2 |
| | Google Drive Box wurde verschlüsselt - verdacht auf Kraken Cryptor Ich habe gerade noch mit dem Google Drive Support telefoniert. Der konnte mir sagen, dass die Files mit "Google File Stream" übertragen worden sind.
__________________Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09.03.2019 01
Ran by David (11-03-2019 17:03:05)
Running from E:\Users\David\Desktop
Windows 10 Pro Version 1803 17134.523 (X64) (2018-05-09 13:02:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2455960667-3318087246-2055750665-500 - Administrator - Disabled)
David (S-1-5-21-2455960667-3318087246-2055750665-1002 - Administrator - Enabled) => E:\Users\David
DefaultAccount (S-1-5-21-2455960667-3318087246-2055750665-503 - Limited - Disabled)
Guest (S-1-5-21-2455960667-3318087246-2055750665-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2455960667-3318087246-2055750665-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7+ Taskbar Tweaker v5.6.1 (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\7 Taskbar Tweaker) (Version: 5.6.1 - RaMMicHaeL)
Adobe After Effects CC 2018 (HKLM-x32\...\AEFT_15_1_1) (Version: 15.1.1 - Adobe Systems Incorporated)
Adobe Audition CC 2018 (HKLM-x32\...\AUDT_11_1_1) (Version: 11.1.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.7.0.400 - Adobe Systems Incorporated)
Adobe Illustrator CC 2018 (HKLM-x32\...\ILST_22_1) (Version: 22.1 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_1_1) (Version: 12.1.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_1_3) (Version: 19.1.3 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_1_1) (Version: 12.1.1 - Adobe Systems Incorporated)
Adobe Premiere Rush CC (HKLM-x32\...\RUSH_1_0) (Version: 1.0 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 5.0.0.2 - )
Anno 1800 Closed Beta (HKLM-x32\...\Uplay Install 4555) (Version: - Ubisoft)
Basecamp 3 (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\basecamp3) (Version: 1.10.0 - Basecamp, LLC)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Breevy 3.37 (HKLM-x32\...\Breevy) (Version: 3.37 - 16 Software)
calibre 64bit (HKLM\...\{47DF5665-4C7E-46A0-8993-B147CE0E5A36}) (Version: 3.29.0 - Kovid Goyal)
Control Center 5.0000.0.8 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 5.0000.0.8 - )
Dirac Audio Processor (HKLM-x32\...\Dirac Audio Processor (XTZ)) (Version: 1.1.10.8571 - Dirac Research AB)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.64 - NVIDIA Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 68.4.102 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Empire Earth Gold (HKLM-x32\...\1207658777_is1) (Version: 2.0.0.3466 - GOG.com)
Evernote v. 6.17.6 (HKLM-x32\...\{A957B0DA-2045-11E9-B0CF-005056951CAD}) (Version: 6.17.6.8292 - Evernote Corp.)
Exodus (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\exodus) (Version: 18.12.6 - Exodus Movement Inc)
FileBot (HKLM\...\{1556C944-9FCA-4EB8-83A2-90A3C4D2683C}) (Version: 4.8.2 - Reinhard Pointner)
FileZilla Client 3.33.0 (HKLM-x32\...\FileZilla Client) (Version: 3.33.0 - Tim Kosse)
Franz 5.0.0 (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\41ea870c-e358-5c9f-80c2-feeb2c3c8132) (Version: 5.0.0 - Stefan Malzner)
GameRanger (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\GameRanger) (Version: - GameRanger Technologies)
GitKraken (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\gitkraken) (Version: 4.2.0 - Axosoft, LLC)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 72.0.3626.121 - Google Inc.)
Google Drive File Stream (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 29.1.85.2056 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
H05 Updater (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\h05_updater) (Version: 1.0.0 - AIAIAI ApS)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.4.0.7 - Insyde Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001090-0200-1031-84C8-B8D95FA3C8C3}) (Version: 20.90.1 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bb524cb9-b65f-4f06-97f4-48c851e87a57}) (Version: 20.80.0 - Intel Corporation)
Jarvee (HKLM-x32\...\{9D1EA30B-26FB-4FD9-BE37-0927E7E6F315}) (Version: 14.1.7 - Jarvee) Hidden
Jarvee (HKLM-x32\...\Jarvee 14.1.7) (Version: 14.1.7 - Jarvee)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KeePass Password Safe 2.39 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.39 - Dominik Reichl)
Laragon 3.2.3 (HKLM-x32\...\Laragon_is1) (Version: 3.2.3.180227 - leokhoa)
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Microsoft Office Language Pack 2016 - German/Deutsch (HKLM\...\Office16.OMUI.de-de) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{650c9b4a-60ec-4e4e-8d8e-32d85ce3b7c5}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.32.1 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version: - Mobirise.com)
Mozilla Firefox 65.0.2 (x64 de) (HKLM\...\Mozilla Firefox 65.0.2 (x64 de)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0 - Mozilla)
Multilogin version 3.1.2.214 (HKLM-x32\...\Multilogin_is1) (Version: 3.1.2.214 - Multilogin)
MuPDF (HKLM-x32\...\Artifex Software, Inc. MuPDF) (Version: - Artifex Software, Inc.)
NeoEE (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\NeoEE) (Version: 2.0.0.5 - NeoEE Devloper Team)
NeoEE Installer (HKLM-x32\...\{5D790DAD-55A5-4134-9976-70C561A9B155}) (Version: 2.0.0.5 - NeoEE) Hidden
NeoEE Installer (HKLM-x32\...\{D47F1213-9631-4CD7-9ECE-138489C278AE}) (Version: 2.0.0.5 - NeoEE) Hidden
Nitro Pro (HKLM\...\{18C34E51-25DA-479F-87CD-E4C56E640F48}) (Version: 12.0.0.112 - Nitro)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
Notion 0.3.0 (only current user) (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 0.3.0 - Notion Labs, Incorporated)
NVIDIA Graphics Driver 397.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.64 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenVPN 2.4.6-I602 (HKLM\...\OpenVPN) (Version: 2.4.6-I602 - OpenVPN Technologies, Inc.)
Outils de vérification linguistique 2016 de Microsoft Office*- Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
pdf2csv Convert 10.6.16 (HKLM-x32\...\9284-6880-5959-0198) (Version: 10.6.16 - MoneyThumb)
PDF-XChange Editor (HKLM\...\{F15CB44E-856E-4872-A767-5628971A761C}) (Version: 7.0.325.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{2be0fb67-0906-4428-ab19-02ae10c7e4bc}) (Version: 7.0.325.1 - Tracker Software Products (Canada) Ltd.)
Pharaoh Gold (HKLM-x32\...\1207659046_is1) (Version: 2.1.0.15 - GOG.com)
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 5.2.2.0002 - Pioneer DJ Corporation.)
Poppler (HKLM-x32\...\Copyright (C) 1989, 1991 Free Software Foundation, Inc. Poppler) (Version: - Copyright (C) 1989, 1991 Free Software Foundation, Inc.)
Postman-win64-6.7.3 (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\Postman) (Version: 6.7.3 - Postman)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21275 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
rekordbox 5.2.2 64bit (HKLM\...\Pioneer rekordbox 5.2.2) (Version: 5.2.2.0002 - Pioneer DJ)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
ROCCAT Kone Pure Mouse Driver (HKLM-x32\...\{4905245D-56E7-4176-BE68-962728B803D6}) (Version: - Roccat GmbH)
ROCCAT Swarm (HKLM-x32\...\{1594022A-AB87-4C5B-A12A-14E4B4D8EAFF}) (Version: 1.93.330 - ROCCAT GmbH) Hidden
ROCCAT Swarm (HKLM-x32\...\InstallShield_{1594022A-AB87-4C5B-A12A-14E4B4D8EAFF}) (Version: 1.93.330 - ROCCAT GmbH)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.7.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic)
Skype Version 8.40 (HKLM-x32\...\Skype_is1) (Version: 8.40 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\slack) (Version: 3.3.7 - Slack Technologies)
SmartShare (HKLM-x32\...\{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}) (Version: 2.3.1511.1201 - LG Electronics Inc.)
Star Wars™ Episode I - Racer™ (HKLM-x32\...\1288119483_is1) (Version: 1.0 hotfix3 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamlink (HKLM-x32\...\Streamlink) (Version: 0.14.2 - Streamlink)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
TAP-NordVPN 9.21.2 (HKLM\...\TAP-NordVPN) (Version: 9.21.2 - NordVPN.com)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TheBestSpinner3 (HKLM-x32\...\TheBestSpinner3) (Version: - )
TubeDigger 6.5.2 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 6.5.2 - TubeDigger)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.16 - Samsung Electronics CO., LTD.)
Update for Skype for Business 2016 (KB4461586) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{D3BC3593-9260-47AD-9EC8-8DEB8668956D}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4461586) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{D3BC3593-9260-47AD-9EC8-8DEB8668956D}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4461586) 64-Bit Edition (HKLM\...\{90160000-012B-0407-1000-0000000FF1CE}_Office16.OMUI.de-de_{D3BC3593-9260-47AD-9EC8-8DEB8668956D}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4461586) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{D3BC3593-9260-47AD-9EC8-8DEB8668956D}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 81.0 - Ubisoft)
Vagrant (HKLM-x32\...\{56BD544C-6113-42A4-B84C-1310DC50DFAF}) (Version: 2.2.4 - HashiCorp)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.22 - IDRIX)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
VMware Player (HKLM\...\{3932C891-5563-421D-B9C0-DEA6CB35F9F4}) (Version: 12.5.9 - VMware, Inc.)
VPN.AC Client version 4.0.7 (HKLM-x32\...\{0E1494BA-7D74-4E8E-9BD3-E6D8E55CC8AE}_is1) (Version: 4.0.7 - VPN.AC)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Wampserver64 3.1.4 (HKLM\...\{wampserver64}_is1) (Version: 3.1.4 - Dominique Ottello aka Otomatic)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass (07/14/2015 1.4.0.3) (HKLM\...\F6EE2AD6575789BFA9536FE4637A2E06B7F2DD0F) (Version: 07/14/2015 1.4.0.3 - Insyde)
WinRAR 5.50 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9C040A9B0639} -> [Creative Cloud Files] => E:\Users\David\Creative Cloud Files [2018-10-23 10:31]
CustomCLSID: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002_Classes\CLSID\{9EE0C242-8973-456D-B382-0752476703FD}\InprocServer32 -> C:\Program Files\Google\Drive File Stream\27.1.49.1806\drivefsext.dll => No File
CustomCLSID: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => E:\Users\David\Dropbox [2018-05-11 08:56]
CustomCLSID: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Nitro\Pro\12\NPShellExtension.dll [2018-06-08] (Nitro Software, Inc. -> Nitro Software, Inc.)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2018-04-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers2: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc. -> VMware, Inc.)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\29.1.85.2056\drivefsext.dll [2019-02-06] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2018-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03EE8A57-4702-483C-A067-2F7F7DC7B725} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe (ROCCAT GmbH -> ROCCAT)
Task: {16564D68-A7A5-4706-AE41-0EE1312F7040} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {3F9FC7E8-241E-431D-9AFD-2C69ED8C3FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {497B9BDA-DF11-4A60-A8DE-4E814E23C03E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {6E864973-B215-4595-AB44-410E975CAE66} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DCC5687-05CF-424E-A060-12FBA10A1BE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9562DF26-B3AB-4880-B40B-A54C81597B78} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.)
Task: {A66D700D-6A1E-4960-BE78-E6F978864A22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A7341E58-ECEE-417D-880B-EDD3185FDB24} - System32\Tasks\AdobeGCInvoker-1.0-DAVID-PC-David => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
Task: {B7B39E09-77AB-4AE6-9614-8E8B1367417B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B924A1DC-5E5E-4D3C-AAFF-244FC3113827} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {BBBC261C-70E7-460C-97FB-CF93DD47CC83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D4CFE236-ECC9-4644-8615-827730391ABC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D4E3882E-0CFF-46E9-901B-8E5BB91B3782} - System32\Tasks\AdobeAAMUpdater-1.0-DAVID-PC-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {DA387364-19A0-4908-89C8-271B45B7F0A5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E93A0A91-1B0A-40DB-B6D7-9D2DFA42AFD8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F7C26A07-8213-4396-92CA-323DF35857EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1902.2-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FC515654-0473-410B-BADE-65C92BF95849} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation -> NVIDIA Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\ClickUP.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cmhdadegpnihkfmpgcpilhkbnamifnld
ShortcutWithArgument: E:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Signal Private Messenger.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=bikioccmkafdpakkkcpdbppfkghcmihk
ShortcutWithArgument: E:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\93c034d76001d995\Airtable - Flexible database and organizer.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nmnciefjclblnajjcmhobechdohojkbf
ShortcutWithArgument: E:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Affcheap2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2018-05-09 14:57 - 2015-07-24 07:15 - 001128448 _____ (CLEVO CO.) [File not signed] C:\Program Files (x86)\Hotkey\HkeyTray.exe
2018-06-23 09:22 - 2014-01-20 09:46 - 000561152 _____ (ROCCAT GmbH) [File not signed] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
2019-02-21 17:35 - 2019-02-14 14:30 - 002126848 _____ () [File not signed] E:\Users\David\AppData\Local\Programs\franz\ffmpeg.dll
2019-02-21 17:36 - 2019-02-14 14:30 - 005103616 _____ () [File not signed] E:\Users\David\AppData\Local\Programs\franz\libglesv2.dll
2019-02-21 17:36 - 2019-02-14 14:30 - 000109056 _____ () [File not signed] E:\Users\David\AppData\Local\Programs\franz\libegl.dll
2019-03-08 09:09 - 2019-03-08 09:09 - 000090112 _____ () [File not signed] \\?\E:\Users\David\AppData\Local\Temp\c62f7a44-9960-4a16-a4cb-f26fd1cc5f60.tmp.node
2019-03-08 09:09 - 2019-03-08 09:09 - 000090112 _____ () [File not signed] \\?\E:\Users\David\AppData\Local\Temp\7adc5cba-f477-4a04-962d-18f31b37b40e.tmp.node
2019-03-08 09:09 - 2019-03-08 09:09 - 000092672 _____ () [File not signed] \\?\E:\Users\David\AppData\Local\Temp\56ea3e16-c20d-43cb-ba88-b0a87ccb9a98.tmp.node
2018-03-28 08:16 - 2018-03-28 08:16 - 000171008 _____ (Pioneer DJ Corporation.) [File not signed] c:\windows\system32\pioneer_mix_asio_x64.dll
2019-01-29 13:35 - 2018-01-09 18:06 - 002817536 ____N () [File not signed] C:\Windows\system32\DlgSearchEngine.dll
2019-01-25 13:38 - 2019-02-21 22:55 - 015257088 _____ (Node.js) [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2019-01-25 13:38 - 2019-02-21 22:55 - 002901504 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-01-25 13:38 - 2019-02-21 22:55 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2016-12-07 17:20 - 2016-12-07 17:20 - 005384704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Core.dll
2015-08-24 10:10 - 2015-08-24 10:10 - 000110207 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASS.dll
2016-06-13 03:29 - 2016-06-13 03:29 - 000853504 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Multimedia.dll
2016-06-10 15:23 - 2016-06-10 15:23 - 005283840 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Gui.dll
2016-06-10 15:17 - 2016-06-10 15:17 - 001610240 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Network.dll
2016-06-10 15:17 - 2016-06-10 15:17 - 000216064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Xml.dll
2014-10-23 18:27 - 2014-10-23 18:27 - 000119822 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libgcc_s_dw2-1.dll
2015-12-29 06:25 - 2015-12-29 06:25 - 001540622 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libstdc++-6.dll
2014-10-23 18:27 - 2014-10-23 18:27 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\libwinpthread-1.dll
2015-08-24 10:10 - 2015-08-24 10:10 - 000012166 _____ (Un4seen Developments) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\BASSWASAPI.dll
2016-06-10 15:29 - 2016-06-10 15:29 - 006358528 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Widgets.dll
2016-06-10 15:34 - 2016-06-10 15:34 - 001489920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\platforms\qwindows.dll
2016-06-10 15:33 - 2016-06-10 15:33 - 000036352 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qico.dll
2016-06-11 02:15 - 2016-06-11 02:15 - 000058880 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qdds.dll
2016-06-10 15:32 - 2016-06-10 15:32 - 000033792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qgif.dll
2016-06-11 02:15 - 2016-06-11 02:15 - 000046592 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qicns.dll
2016-06-10 15:32 - 2016-06-10 15:32 - 000258560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qjpeg.dll
2016-06-11 01:51 - 2016-06-11 01:51 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qsvg.dll
2016-06-11 01:51 - 2016-06-11 01:51 - 000348160 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\Qt5Svg.dll
2016-06-11 02:15 - 2016-06-11 02:15 - 000028672 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtga.dll
2016-06-11 02:15 - 2016-06-11 02:15 - 000495616 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qtiff.dll
2016-06-11 02:15 - 2016-06-11 02:15 - 000027648 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwbmp.dll
2016-06-11 02:16 - 2016-06-11 02:16 - 000416768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\imageformats\qwebp.dll
2016-08-11 18:26 - 2016-08-11 18:26 - 000019456 _____ (Roccat GmbH) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\UDPServer.dll
2018-12-10 18:30 - 2018-12-10 18:30 - 000572416 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\aimo.dll
2016-06-13 03:38 - 2016-06-13 03:38 - 000317440 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\mediaservice\dsengine.dll
2015-12-29 06:52 - 2015-12-29 06:52 - 000462336 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ssleay32.dll
2015-12-29 06:52 - 2015-12-29 06:52 - 002177536 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\LIBEAY32.dll
2018-06-23 09:22 - 2012-06-23 13:54 - 000061440 _____ () [File not signed] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000285696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2015-06-23 15:00 - 2015-06-23 15:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2018-10-30 12:48 - 2015-12-29 01:25 - 000079360 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Program Files (x86)\VPN.AC Client\libwinpthread-1.dll
2018-10-30 12:48 - 2015-12-29 01:25 - 000120334 _____ () [File not signed] C:\Program Files (x86)\VPN.AC Client\libgcc_s_dw2-1.dll
2018-10-30 12:48 - 2018-10-26 14:57 - 006212096 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Core.dll
2018-10-30 12:48 - 2015-12-29 01:25 - 001540622 _____ () [File not signed] C:\Program Files (x86)\VPN.AC Client\libstdc++-6.dll
2018-10-30 12:48 - 2018-05-15 06:37 - 006482432 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Gui.dll
2018-10-30 12:48 - 2018-05-15 06:35 - 001806848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Network.dll
2018-10-30 12:48 - 2018-05-15 07:03 - 004021248 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Qml.dll
2018-10-30 12:48 - 2018-05-15 07:09 - 004338688 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Quick.dll
2018-10-30 12:48 - 2018-05-15 06:39 - 006250496 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Widgets.dll
2018-10-30 12:48 - 2018-05-15 06:43 - 001905664 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\platforms\qwindows.dll
2018-10-30 12:48 - 2018-05-15 06:42 - 000196608 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\styles\qwindowsvistastyle.dll
2018-10-30 12:48 - 2018-05-15 06:41 - 000035840 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qico.dll
2018-10-30 12:48 - 2018-10-26 14:53 - 000573598 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN.AC Client\ssleay32.dll
2018-10-30 12:48 - 2018-10-26 14:53 - 002264579 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\VPN.AC Client\LIBEAY32.dll
2018-10-30 12:48 - 2018-05-15 06:41 - 000033792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qgif.dll
2018-10-30 12:48 - 2018-05-15 06:49 - 000046080 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qicns.dll
2018-10-30 12:48 - 2018-05-15 06:41 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qjpeg.dll
2018-10-30 12:48 - 2018-05-15 06:49 - 000027648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qsvg.dll
2018-10-30 12:48 - 2018-05-15 06:49 - 000358912 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\Qt5Svg.dll
2018-10-30 12:48 - 2018-05-15 06:48 - 000026624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qtga.dll
2018-10-30 12:48 - 2018-05-15 06:49 - 000507904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qtiff.dll
2018-10-30 12:48 - 2018-05-15 06:48 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qwbmp.dll
2018-10-30 12:48 - 2018-05-15 06:49 - 000454144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\imageformats\qwebp.dll
2018-10-30 12:48 - 2018-05-15 06:41 - 000089600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\bearer\qgenericbearer.dll
2018-10-30 12:48 - 2018-05-15 07:11 - 000020480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtQuick.2\qtquick2plugin.dll
2018-10-30 12:48 - 2018-05-15 07:20 - 000432640 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-10-30 12:48 - 2018-05-15 07:12 - 000105984 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-10-30 12:48 - 2018-05-15 07:20 - 000174592 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtQuick\Dialogs\dialogplugin.dll
2018-10-30 12:48 - 2018-05-15 07:12 - 000020480 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtQuick\Window.2\windowplugin.dll
2018-10-30 12:48 - 2018-05-15 07:16 - 000062464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-10-30 12:48 - 2018-05-15 07:17 - 000068096 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\VPN.AC Client\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-05-11 13:45 - 2016-03-14 12:57 - 000114688 _____ () [File not signed] E:\Users\David\AppData\Local\Screencast-O-Matic-v2\SOMNative-3.0.20.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\skype.com -> hxxps://apps.skype.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 00:38 - 2019-03-06 10:19 - 000006337 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 choice.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 choice.microsoft.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 diagnostics.support.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.microsoft-hohm.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.search.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 feedback.windows.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 oca.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-bn2.metron.live.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-cy2.metron.live.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-db5.metron.live.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 onesettings-hk2.metron.live.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 reports.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 services.wes.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 settings.data.glbdns2.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 settings-sandbox.data.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.df.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe1.ws.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe2.update.microsoft.com.akadns.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 statsfe2.ws.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 survey.watson.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com.nsat*c.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telemetry.appex.bing.net # Entry added with W10Privacy (www.winprivacy.de)!
0.0.0.0 telemetry.microsoft.com # Entry added with W10Privacy (www.winprivacy.de)!
2018-09-01 21:08 - 2018-11-19 18:44 - 000000507 _____ C:\Windows\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\PuTTY\;C:\Program Files\Calibre2\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Streamlink\bin;C:\Program Files\FileBot\;C:\Android;C:\HashiCorp\Vagrant\bin
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\Control Panel\Desktop\\Wallpaper -> E:\Users\David\Pictures\wallpaper\osman-rana-182134-unsplash.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "7 Taskbar Tweaker"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "Franz"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "OPENVPN-GUI"
HKU\S-1-5-21-2455960667-3318087246-2055750665-1002\...\StartupApproved\Run: => "GalaxyClient"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{859D34D6-1707-46B9-984F-425ED1C4F810}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{399EC2C8-2300-4CE5-A7FE-042661B16066}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{984CBC6D-C6E7-4B34-A37C-EAC9532B76FB}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [UDP Query User{0A02349E-A2FE-4EFB-B40C-330286C78CEE}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe No File
FirewallRules: [{F81016DF-44F8-48DA-8714-CEDF4AF7A9CB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{86FAF1DC-C490-463A-A312-746E4889BC25}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{AA7AA4EA-DEC9-42B2-8C00-8430C92BE1F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{53443479-34B9-4ECA-A0C2-B8974013AA43}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F57E8367-2703-42D2-A607-5F123229B8B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{CECCCA9B-A71F-42DC-B087-AC2EAE5BEACA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{B1B8C8F3-0FC0-43A6-84F6-ED79F77D6458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{3418BC29-5619-48DE-84B3-26B6B60C1C1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe (TODO: <Company name>) [File not signed]
FirewallRules: [{C9271751-4365-4605-9E0E-67D9D25EABC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe ( ) [File not signed]
FirewallRules: [{C54CE958-FC66-4C78-B31A-8D6C0848BB6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe ( ) [File not signed]
FirewallRules: [TCP Query User{C64F99FE-AC4A-4007-B392-BF5022149C4F}C:\program files\pioneer\rekordbox 5.2.2\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer Corporation.)
FirewallRules: [UDP Query User{9A9CA7D6-2F4A-4FB4-9D50-6AB80525241F}C:\program files\pioneer\rekordbox 5.2.2\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\psvnfsd.exe (Pioneer DJ Corporation -> Pioneer Corporation.)
FirewallRules: [TCP Query User{CD1827F8-6FCB-4AAC-ADA9-A3303292A9B4}C:\program files\pioneer\rekordbox 5.2.2\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [UDP Query User{A7468F2D-81CE-475A-82EC-C7D5F9072923}C:\program files\pioneer\rekordbox 5.2.2\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\psvlinksysmgr.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation.)
FirewallRules: [TCP Query User{5FCC4E34-61C3-4100-AE97-FF261EC925C1}C:\program files\pioneer\rekordbox 5.2.2\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [UDP Query User{49982394-9926-4B64-84E2-34D83F8B07F3}C:\program files\pioneer\rekordbox 5.2.2\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 5.2.2\rekordbox.exe (Pioneer DJ Corporation -> Pioneer DJ Corporation)
FirewallRules: [TCP Query User{F5B29A2F-F890-4F93-BBE8-92CE25C39234}D:\downloads\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) D:\downloads\googlechromeportable\app\chrome-bin\chrome.exe No File
FirewallRules: [UDP Query User{024EB82A-42EA-4404-8497-F0B8A24D0CF0}D:\downloads\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) D:\downloads\googlechromeportable\app\chrome-bin\chrome.exe No File
FirewallRules: [{1F8B2DB3-69BA-4FA2-A3BC-70533FFF8CD0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{EF29FB2D-2570-4E96-B055-171C6E6E648B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{92F0BDF5-B69D-4B42-88C7-87ADE964BCCD}C:\laragon\bin\mysql\mysql-5.1.72-win32\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mysql-5.1.72-win32\bin\mysqld.exe () [File not signed]
FirewallRules: [UDP Query User{DDCE67D6-A4B8-4445-998C-8310E97D688D}C:\laragon\bin\mysql\mysql-5.1.72-win32\bin\mysqld.exe] => (Allow) C:\laragon\bin\mysql\mysql-5.1.72-win32\bin\mysqld.exe () [File not signed]
FirewallRules: [TCP Query User{7228976D-16A9-4B74-9538-48E0340BAF20}C:\laragon\bin\nginx\nginx-1.10.1\nginx.exe] => (Allow) C:\laragon\bin\nginx\nginx-1.10.1\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{4086E184-643D-4E47-9EEE-BF849E57B8FC}C:\laragon\bin\nginx\nginx-1.10.1\nginx.exe] => (Allow) C:\laragon\bin\nginx\nginx-1.10.1\nginx.exe () [File not signed]
FirewallRules: [TCP Query User{42BBBF61-0F6C-4212-A55C-4C7FA897FF10}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [UDP Query User{EC7B8D76-FFF7-40CE-858A-1BC7A14B9B7E}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [TCP Query User{D857BC71-B889-4771-B0B0-479EF9284EEB}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-chrome-driver\2.27\browser-chrome-driver-2.27-win64.bin] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-chrome-driver\2.27\browser-chrome-driver-2.27-win64.bin () [File not signed]
FirewallRules: [UDP Query User{D27F13C8-280B-4193-8F60-2E99155CD34C}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-chrome-driver\2.27\browser-chrome-driver-2.27-win64.bin] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-chrome-driver\2.27\browser-chrome-driver-2.27-win64.bin () [File not signed]
FirewallRules: [TCP Query User{2AB0D53F-97FE-4E8A-9174-FC7049E553FA}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.165\browser-mimic-61.165-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.165\browser-mimic-61.165-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [UDP Query User{8B7405D1-7F1A-4EF2-95DD-CC447B240E06}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.165\browser-mimic-61.165-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.165\browser-mimic-61.165-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [TCP Query User{593481F2-10DF-4840-B5DB-69D1FF89AE5E}E:\users\david\downloads\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) E:\users\david\downloads\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [UDP Query User{4D4D7133-2704-464E-8FA4-CAE3C2A85827}E:\users\david\downloads\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) E:\users\david\downloads\googlechromeportable\app\chrome-bin\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [TCP Query User{B57305E6-D66A-42AF-AB74-A67CC76CFA7C}E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe] => (Allow) E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe No File
FirewallRules: [UDP Query User{A3C4FFC1-37AC-4864-A4C2-3E2A89D6302C}E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe] => (Allow) E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe No File
FirewallRules: [TCP Query User{8386EFB3-70DE-44D9-AA30-E04FF8FD6C5C}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [UDP Query User{287FD04B-F822-4B7C-AD4A-67CEC374FB28}C:\program files (x86)\multilogin\multilogin.exe] => (Allow) C:\program files (x86)\multilogin\multilogin.exe (Multilogin Ltd. -> Multilogin Ltd.)
FirewallRules: [TCP Query User{5A338246-8365-44FD-B25F-CEC141FE0BB2}E:\users\david\desktop\portable programme\mobaxterm\mobaxterm_personal_10.2.exe] => (Block) E:\users\david\desktop\portable programme\mobaxterm\mobaxterm_personal_10.2.exe (Mobatek -> Mobatek)
FirewallRules: [UDP Query User{AFB4567D-746F-4A87-94A6-CFBE655FA719}E:\users\david\desktop\portable programme\mobaxterm\mobaxterm_personal_10.2.exe] => (Block) E:\users\david\desktop\portable programme\mobaxterm\mobaxterm_personal_10.2.exe (Mobatek -> Mobatek)
FirewallRules: [{1BBC8D42-ACC5-4ED4-A931-ABBAD881A3D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{0E693AAD-4099-4905-9F39-2D4F9BCC5321}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe (Valve -> Valve)
FirewallRules: [{7B4DEC9D-C2C4-49FE-A473-84977AFDEA72}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{9CCCD6CA-1BC1-40F4-B022-930FA8ADB902}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{87336713-E0B4-41D0-835A-BA63FF57EA93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{7794EC0B-9FDD-4053-A4C7-4D6B2D0E5B59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe (Microsoft Corporation -> Ensemble Studios)
FirewallRules: [{362D27DB-E480-4CDE-AD87-27BD0772C49F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{122CB705-A434-4276-A5A0-145E526FC2C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D71098CF-35F1-457E-88D6-72D83E151522}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{9A02A664-8800-4236-B2F6-FE8FB3FB5ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grim Dawn\Grim Dawn.exe (Crate Entertainment, LLC) [File not signed]
FirewallRules: [{7F2F57E2-D28B-42AF-9DFC-F777A478E24C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{E7C34750-57E9-42AB-860C-E4347B39E38F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9C229F15-1E5B-4C4F-98CE-367196874CED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{46AE3010-FDA0-4D93-9DA4-5E7DBC1CCBEB}E:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) E:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd)
FirewallRules: [UDP Query User{CAEAA904-607B-433C-A49F-7AD0BF9A106B}E:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) E:\users\david\appdata\roaming\gameranger\gameranger\gameranger.exe (GameRanger Technologies -> GameRanger Pty Ltd)
FirewallRules: [TCP Query User{9F1C0061-8EAD-4D12-A256-3950CA58D0F0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{2157E0DF-0EE1-4B7E-B9CA-46B475F7284C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E30EC092-FECE-454D-AAF0-2D6A597B75BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe ( ) [File not signed]
FirewallRules: [{DD0060A0-0D1F-4BC9-BEDA-A0B4BC22C692}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe ( ) [File not signed]
FirewallRules: [{57FF7163-7845-4570-A0B6-FBD32EFDE553}] => (Allow) C:\Program Files (x86)\TubeDigger\TubeDigger.exe (TubeDigger) [File not signed]
FirewallRules: [{FD10E1B2-B1E4-4223-9513-4E0201BCC111}] => (Allow) C:\Program Files (x86)\TubeDigger\CEF3\TubeDgr3.exe (TubeDigger) [File not signed]
FirewallRules: [{AB3A4C14-47DC-4CEE-B285-D88AADBE4368}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{0C5724A6-2B06-44A8-9055-4764D16656D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Addon.exe (Related Designs Software -> Related Designs)
FirewallRules: [{B0EF15B0-653A-40EE-8460-82D4FD4A0710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [{329B9B34-D2ED-4562-BE65-7703D2EE2A0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 1404\Anno4.exe (Related Designs Software -> Related Designs)
FirewallRules: [TCP Query User{AD5D05F4-DFF0-4C9A-A13B-6F219BE7DCA8}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe () [File not signed]
FirewallRules: [UDP Query User{FA0CC58B-4059-4997-B986-33461F99AFF3}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe () [File not signed]
FirewallRules: [{13A48B6A-F3CE-409A-BBA9-ACB5B92F209E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [{EE57A911-ED47-4A14-8978-BBEEA665BDB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe (Valve -> )
FirewallRules: [{15F4D00F-0623-4428-9211-7E5DB39393F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe (Valve -> )
FirewallRules: [{BAAA657E-6D07-439C-A83A-134EAB70A291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe (Valve -> )
FirewallRules: [{8E52AD5C-AD1F-497C-ACBC-89CB53EDE6E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{5EBDB8C2-62A6-480C-B2AF-DC9665B2CDB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe (Valve -> )
FirewallRules: [{3711B08B-94EB-41EF-A1EE-493462EC8E87}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{2757C80E-3F75-4929-BFBE-AE2530659078}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe (LG Electronics Inc. -> LG Electronics Inc.)
FirewallRules: [{5E7F598B-79BC-4DBE-B9F6-0A05E23BF0EF}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [{68F36A52-7BC8-4467-B3B8-94B1D07EC17C}] => (Allow) C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe (LG Electronics Inc. -> )
FirewallRules: [TCP Query User{91DFA3E5-B452-4506-A16D-DA62D5E40182}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [UDP Query User{E926BE92-0199-4A82-8CD0-1E57A502715A}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [TCP Query User{B7AA1193-74C2-4B09-89C4-5B310EF87C3E}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{801B5590-6F2E-46E4-8119-2F81643D40B9}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{02E110C9-81A2-4B98-8C0A-2C5B881D8E64}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [UDP Query User{390419CE-103A-4B9F-97A3-5EA07B963063}E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe] => (Allow) E:\users\david\.multiloginapp.com\data\deps\com\multiloginapp\browser-mimic\61.180\browser-mimic-61.180-win64.tar.gz\chromedriver.exe (Multilogin Ltd. -> )
FirewallRules: [TCP Query User{2E7AE0FE-11F2-453C-99AC-9287E26EDC34}C:\program files (x86)\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{09C3CDBF-C5BD-4B89-B0D0-EB8420B1241A}C:\program files (x86)\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base71040\heroesofthestorm_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [TCP Query User{E736DBB8-A19B-4BA2-B446-CECFC5BC53D2}E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe] => (Allow) E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe No File
FirewallRules: [UDP Query User{39270FEF-FDB1-459A-B114-E2EE7F96DB2B}E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe] => (Allow) E:\users\david\appdata\local\temp\mxt102\bin\xwin_mobax.exe No File
FirewallRules: [TCP Query User{975D7ABD-A925-4C5A-8A90-E26A45A3476B}C:\program files (x86)\gog galaxy\games\empire earth gold\empire earth\empire earth.exe] => (Allow) C:\program files (x86)\gog galaxy\games\empire earth gold\empire earth\empire earth.exe () [File not signed]
FirewallRules: [UDP Query User{5D14B203-7A1A-499C-8E7C-A2C428B53DB3}C:\program files (x86)\gog galaxy\games\empire earth gold\empire earth\empire earth.exe] => (Allow) C:\program files (x86)\gog galaxy\games\empire earth gold\empire earth\empire earth.exe () [File not signed]
FirewallRules: [TCP Query User{BA962135-D63C-4D69-8E97-6E3D4AE3CD4F}C:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{69DD035C-2180-45D9-9D64-855D75513DA0}C:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe] => (Allow) C:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [{3378E88A-6D33-4865-8F2C-F655EC591D23}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe (HP Inc. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{D9EAA446-8D0C-426E-858B-E063B5C6BD9C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DEC35C50-E7FD-45AD-926B-AF81A35C8E79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E29F874C-2F1A-45FC-A2B6-48AA9E94E0F6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5D0C834E-AB7D-4AC6-B405-321B230FFCD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AF7DE2A2-E7D7-4997-8937-254765915A29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90FFCD7A-C60B-4949-8139-8A190EC21469}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1E894481-297D-47A7-8F33-623407FA91B5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9276B6A1-8B1C-475F-838E-D33384606D8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D2FBD360-09EE-4903-8757-EC1F18D48FCC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39F96F2F-2901-49EE-AE2C-BC445271E948}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9F110138-DE02-4D4D-B499-19B909D68E33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{01E9DB99-461D-453B-BA40-608727A3A1F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A2882754-C592-463F-9E94-226CC82B4DA0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0010F80F-F47D-4830-8DC8-5FA43BF17E61}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D36F8327-4A4F-409F-BFB4-8A58144E7DAE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7CDF990D-0F77-4226-BD6A-E933D33B2056}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{51D29632-81CD-45ED-B0C0-C54C89925CB7}C:\program files (x86)\ubisoft\ubisoft game launcher\games\anno 1800 closed beta\bin\win64\anno1800.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\anno 1800 closed beta\bin\win64\anno1800.exe (Blue Byte GmbH -> Ubisoft)
FirewallRules: [UDP Query User{61BD0C48-7A47-4D10-9F0E-1CD2D5A05419}C:\program files (x86)\ubisoft\ubisoft game launcher\games\anno 1800 closed beta\bin\win64\anno1800.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\anno 1800 closed beta\bin\win64\anno1800.exe (Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{45E09AB6-8639-4186-982D-17D5B0F1DEA8}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe () [File not signed]
FirewallRules: [UDP Query User{7D379E55-8B53-4EC4-9F59-6A1A543AE238}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\addonweb.exe () [File not signed]
FirewallRules: [TCP Query User{2FE084CF-0866-4DAE-8740-C85F9FD919A2}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Allow) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe (ROCCAT GmbH -> ROCCAT)
FirewallRules: [UDP Query User{9B1844E2-E141-420D-B1A3-5829539F00C0}C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe] => (Allow) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe (ROCCAT GmbH -> ROCCAT)
FirewallRules: [{EF052B61-5AE1-47B9-95EE-F0654CD7B28A}] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe (ROCCAT GmbH -> ROCCAT)
FirewallRules: [{DFB94C32-7484-4F22-AF93-48109591922C}] => (Block) C:\program files (x86)\roccat\roccat swarm\roccat_swarm_monitor.exe (ROCCAT GmbH -> ROCCAT)
FirewallRules: [{10E8E5C1-DDB1-4552-BB0C-B0737BF4479B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6937E80F-87F4-4252-9AB7-6DED487350D6}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C50EB1DC-6A0D-4D2E-8B29-FF22F3643597}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFF74EFF-59B5-4532-8638-9584906F1A68}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F417EE4D-312C-4C6E-80A1-04219BA61340}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{B201A8B3-706B-4377-AB28-C18099E7FD2F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Restore Points =========================
25-02-2019 00:27:44 Scheduled Checkpoint
06-03-2019 11:04:12 Installed Vagrant
09-03-2019 19:34:07 Installed Evernote v. 6.17.6
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/11/2019 09:48:36 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/09/2019 07:34:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (03/09/2019 07:34:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (03/09/2019 12:15:53 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/08/2019 12:50:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm notepad.exe, Version 10.0.17134.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 471c
Startzeit: 01d4d54066072d67
Beendigungszeit: 2
Anwendungspfad: C:\Windows\System32\notepad.exe
Berichts-ID: 88ec69bd-2d1a-4bb2-b5f6-5e815e8dd5e9
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (03/08/2019 12:31:07 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (03/07/2019 08:17:35 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (03/07/2019 08:17:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
System errors:
=============
Error: (03/11/2019 03:35:42 PM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "SpotifyAB.SpotifyMusic_1.99.250.0_x86__zpdnekdrzrea0" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/11/2019 01:45:57 PM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
und der APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/11/2019 09:46:18 AM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
und der APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/11/2019 09:45:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/09/2019 03:00:00 PM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
und der APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/09/2019 11:00:37 AM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
und der APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/09/2019 11:00:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\LOCAL SERVICE" (SID: S-1-5-19) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (03/08/2019 10:34:48 PM) (Source: DCOM) (EventID: 10016) (User: DAVID-PC)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DAVID-PC\David" (SID: S-1-5-21-2455960667-3318087246-2055750665-1002) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
und der APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
im Anwendungscontainer "Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Windows Defender:
===================================
Date: 2019-02-12 11:15:16.791
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A71B5FF4-3B15-4330-82CC-11B3CF05ECB2}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM
Date: 2019-02-12 10:57:03.260
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {090F1C3C-4AA2-4324-B92A-EB5B7C27289F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM
Date: 2019-02-05 10:17:34.999
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {2E738F9D-254A-4C86-A536-3828357CC4DE}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM
Date: 2019-02-05 10:06:20.941
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3F71CA9D-69BD-4042-B844-9B377CE97FE7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT AUTHORITY\SYSTEM
Date: 2019-03-11 16:52:53.752
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.289.864.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15700.9
Fehlercode: 0x80240022
Fehlerbeschreibung: The program can't check for definition updates.
Date: 2019-03-11 16:52:53.751
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.289.864.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15700.9
Fehlercode: 0x80240022
Fehlerbeschreibung: The program can't check for definition updates.
Date: 2019-03-11 09:55:35.208
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.289.651.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15700.9
Fehlercode: 0x80240022
Fehlerbeschreibung: The program can't check for definition updates.
Date: 2019-03-11 09:55:35.208
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.289.651.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15700.9
Fehlercode: 0x80240022
Fehlerbeschreibung: The program can't check for definition updates.
Date: 2019-03-09 11:10:19.419
Description:
Fehler von Windows Defender Antivirus beim Aktualisieren von Signaturen.
Neue Signaturversion:
Vorherige Signaturversion: 1.289.651.0
Updatequelle: Microsoft Update-Server
Signaturtyp: AntiVirus
Updatetyp: Voll
Benutzer: NT AUTHORITY\SYSTEM
Aktuelle Modulversion:
Vorherige Modulversion: 1.1.15700.9
Fehlercode: 0x80240022
Fehlerbeschreibung: The program can't check for definition updates.
CodeIntegrity:
===================================
Date: 2018-12-19 13:09:26.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-19 13:09:26.357
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-19 13:09:26.353
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-12-19 13:09:26.347
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files (x86)\Dropbox\Client\DropboxExt64.26.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 17:21:51.490
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 17:21:51.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 17:21:51.485
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
Date: 2018-06-04 17:21:51.481
Description:
Code Integrity determined that a process (\Device\HarddiskVolume9\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume9\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-5700HQ CPU @ 2.70GHz
Percentage of memory in use: 77%
Total physical RAM: 16275.67 MB
Available physical RAM: 3655.33 MB
Total Virtual: 28051.67 MB
Available Virtual: 6912.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.16 GB) (Free:200.26 GB) NTFS
Drive d: (Datengrab) (Fixed) (Total:931.51 GB) (Free:545.45 GB) NTFS
Drive e: (Users) (Fixed) (Total:400 GB) (Free:96.51 GB) NTFS
Drive g: (Google Drive File Stream) (Fixed) (Total:30 GB) (Free:23.67 GB) FAT32
\\?\Volume{782b37b5-a840-4b29-b9cf-3542d63597c2}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{b374e271-83e8-4303-b653-f7d7a6bac332}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{814e7809-e7cf-4d98-9752-db5e5bc6bbfe}\ () (Fixed) (Total:0 GB) (Free:0 GB)
\\?\Volume{dda9231c-bb71-4a86-b311-a3f124a1fc66}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
\\?\Volume{e4233557-6177-41d6-aa7e-f3e6ae014ae6}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{83ea9612-a237-11e8-bb2e-a434d9440e1b}\ () () (Total:0 GB) (Free:0 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: F563FD30)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Protective MBR) (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: F563FD48)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
| Themen zu Google Drive Box wurde verschlüsselt - verdacht auf Kraken Cryptor |
| askbar, code, computer, data, dateien, daten, eingefangen, festgestellt, files, folge, google, hack, handy, hardware, komische, mail, meldungen, nicht mehr, ordner, software, stream, tool, ublock origin, uhrzeit, verdacht, version, windows, windowsapps |
Linear-Darstellung
