Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win10 - Brocoiner (https://www.trojaner-board.de/187806-win10-brocoiner.html)

Froschmann 07.12.2017 18:01
Win10 - Brocoiner
 
Hi,
Mein Windows Defender hat mir mehrfach gemeldet das ich mit dem Brocoiner infiziert sei und wollte mal fragen wie schlimm es ist.
Meine Logs:

FRST.txt
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
durchgeführt von Marc (Administrator) auf LAPTOP-E5S4SKF9 (07-12-2017 17:58:54)
Gestartet von C:\Users\Marc\Downloads
Geladene Profile: Marc (Verfügbare Profile: Marc)
Platform: Windows 10 Home Version 1703 15063.729 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Intel Corporation) C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\AdminService.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-05-31] (Intel Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking15\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking15\Ereg.ini"
HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Ghost Control] => D:\Programme\Ghost Control\ghost.exe [1991616 2010-10-27] (N.R.S.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Steam] => D:\Programme\steam\steam.exe [3101984 2017-10-14] (Valve Corporation)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{36d57d14-9a4f-4202-9113-600e5b7ccd91}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5426d1b7-cf53-4fec-9408-bf5b39142afa}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{647575bc-0e78-4642-8dce-ba8815405b73}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-721633766-3456424319-3093112155-1001 -> DefaultScope {EC265DF2-9BA3-4FF9-96E8-B8F31C66DA7F} URL =
SearchScopes: HKU\S-1-5-21-721633766-3456424319-3093112155-1001 -> {EC265DF2-9BA3-4FF9-96E8-B8F31C66DA7F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\dgnriaie_x64.dll [2016-08-23] (Nuance Communications, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\dgnriaie.dll [2016-08-23] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-14] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-14] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)

Edge:
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.3.0.0_neutral__c1wakc4j0nefm [2017-10-04]

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534 [2017-12-07]
FF Extension: (Adblock Plus) - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-14]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\features\{72d67937-2f50-4308-9835-3eea8c60ade8}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-01] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\npDgnRia2_x64.dll [2016-08-23] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\npDgnRia2.dll [2016-08-23] (Nuance Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default [2017-12-07]
CHR Extension: (Präsentationen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-11]
CHR Extension: (YouTube) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-23]
CHR Extension: (Tabellen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Tampermonkey BETA) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]
CHR Extension: (Google Mail) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S4 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [166280 2016-08-23] (Nuance Communications, Inc.)
S3 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-05-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [476904 2015-02-03] (Acer Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) <==== ACHTUNG
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) <==== ACHTUNG

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 dcrypt; C:\WINDOWS\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [183896 2016-03-24] (ELAN Microelectronic Corp.)
S3 EverestDriver; C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [26752 2010-03-31] ()
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-06] (Malwarebytes)
R1 MpKsl1d4055b6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FA69DD7-FC1F-4737-8E05-5C823806861B}\MpKsl1d4055b6.sys [58120 2017-12-07] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-09-12] (Wellbia.com Co., Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-07 17:58 - 2017-12-07 17:59 - 000024679 _____ C:\Users\Marc\Downloads\FRST.txt
2017-12-07 17:58 - 2017-12-07 17:58 - 002390528 _____ (Farbar) C:\Users\Marc\Downloads\FRST64.exe
2017-12-07 17:58 - 2017-12-07 17:58 - 000000000 ____D C:\FRST
2017-12-07 10:39 - 2017-12-07 11:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-06 17:40 - 2017-12-06 17:43 - 038547522 _____ C:\Users\Marc\Downloads\299055_video.mp4
2017-12-06 16:55 - 2017-12-06 16:55 - 000020506 _____ C:\Users\Marc\Downloads\header_listing.php
2017-12-06 16:51 - 2017-12-06 16:51 - 000007819 _____ C:\Users\Marc\Downloads\listing.php
2017-12-06 14:19 - 2017-12-06 14:19 - 000007000 _____ C:\Users\Marc\Downloads\timthumb (1).php
2017-12-06 14:08 - 2017-12-06 14:08 - 043549625 _____ C:\Users\Marc\Downloads\cache.zip
2017-12-06 14:04 - 2017-12-06 14:04 - 000007000 _____ C:\Users\Marc\Downloads\timthumb.php
2017-12-06 13:30 - 2017-12-06 13:30 - 000151221 _____ C:\Users\Marc\Downloads\js_all.js
2017-12-06 12:54 - 2017-12-07 17:31 - 000000000 ____D C:\Users\Marc\AppData\Roaming\GitHub Desktop
2017-12-06 12:54 - 2017-12-06 12:54 - 000002461 _____ C:\Users\Marc\Desktop\GitHub Desktop.lnk
2017-12-06 12:54 - 2017-12-06 12:54 - 000000222 _____ C:\Users\Marc\.gitconfig
2017-12-06 12:54 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\Documents\GitHub
2017-12-06 12:54 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-12-06 12:53 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Local\SquirrelTemp
2017-12-06 12:53 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Local\GitHubDesktop
2017-12-06 12:53 - 2017-12-06 12:53 - 084123096 _____ (GitHub, Inc.) C:\Users\Marc\Downloads\GitHubDesktopSetup.exe
2017-12-05 17:04 - 2017-12-05 17:04 - 000127599 _____ C:\Users\Marc\Downloads\test (7).zip
2017-12-05 16:00 - 2017-12-05 18:59 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Opera Software
2017-12-05 16:00 - 2017-12-05 18:59 - 000000000 ____D C:\Users\Marc\AppData\Local\Opera Software
2017-12-05 15:59 - 2017-12-05 18:59 - 000000000 ____D C:\Program Files\Opera
2017-12-05 15:59 - 2017-12-05 15:59 - 001266888 _____ (Opera Software) C:\Users\Marc\Downloads\OperaSetup.exe
2017-12-05 15:00 - 2017-12-05 15:08 - 000000000 ____D C:\Users\Marc\AppData\Local\Apple Computer
2017-12-05 15:00 - 2017-12-05 15:00 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Apple Computer
2017-12-05 14:56 - 2017-12-05 14:56 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\Users\Marc\AppData\Local\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\ProgramData\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-04 15:33 - 2017-12-04 15:34 - 000105339 _____ C:\Users\Marc\Downloads\test (6).zip
2017-12-03 11:49 - 2017-12-03 11:49 - 007522302 _____ C:\Users\Marc\Downloads\test (5).zip
2017-12-03 09:46 - 2017-12-03 09:46 - 006631540 _____ C:\Users\Marc\Downloads\test (4).zip
2017-12-03 08:46 - 2017-12-03 08:46 - 002870984 _____ (ESET) C:\Users\Marc\Downloads\esetsmartinstaller_deu (1).exe
2017-12-02 14:25 - 2017-12-06 09:26 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-02 14:25 - 2017-12-02 14:25 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-02 14:25 - 2017-12-02 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 14:25 - 2017-12-02 14:25 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-02 14:25 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-02 14:10 - 2017-12-02 14:10 - 000457853 _____ C:\Users\Marc\Downloads\31170_4_D-de_VELIND Destilliertes Wasser.pdf
2017-12-02 13:14 - 2017-12-02 13:14 - 000000000 ____D C:\Windows.old
2017-12-02 12:30 - 2017-12-02 12:30 - 000000221 _____ C:\Users\Marc\Desktop\websitetodo.txt
2017-12-02 12:28 - 2017-12-02 12:28 - 008187336 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.5.0.exe
2017-12-02 12:26 - 2017-12-02 12:30 - 000000000 ____D C:\AdwCleaner
2017-12-02 12:26 - 2017-12-02 12:26 - 008261584 _____ (Malwarebytes) C:\Users\Marc\Downloads\AdwCleaner_7.0.4.0.exe
2017-12-01 11:03 - 2017-12-01 11:03 - 007916104 _____ (Tim Kosse) C:\Users\Marc\Downloads\FileZilla_3.29.0_win64-setup.exe
2017-12-01 10:46 - 2017-12-01 10:46 - 000016151 _____ C:\Users\Marc\Downloads\testbyclient.zip
2017-12-01 06:42 - 2017-12-01 06:42 - 000017930 _____ C:\Users\Marc\Downloads\test (3).zip
2017-11-30 18:13 - 2017-11-30 18:13 - 007520421 _____ C:\Users\Marc\Downloads\test (2).zip
2017-11-30 17:19 - 2017-11-30 17:19 - 000024615 _____ C:\Users\Marc\Downloads\DP0RXXKX0AAnGVV.jpg_large
2017-11-30 15:10 - 2017-11-30 15:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign4e254ec64a487acd
2017-11-30 15:06 - 2017-11-30 15:06 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign01cfc09067cf45d1
2017-11-30 12:45 - 2017-11-30 12:46 - 005264487 _____ C:\Users\Marc\Downloads\flippy_affilateplatform_4.0.0 (1).zip
2017-11-29 14:19 - 2017-11-29 14:20 - 007520366 _____ C:\Users\Marc\Downloads\test (1).zip
2017-11-29 14:11 - 2017-11-29 14:11 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign90c61549c9b91ef9
2017-11-29 14:11 - 2017-11-29 14:11 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign88f0b9f929e0794e
2017-11-29 14:10 - 2017-11-29 14:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignfcc1617660428c7e
2017-11-29 14:10 - 2017-11-29 14:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignf67f7c44adc50cbe
2017-11-29 13:35 - 2017-11-29 13:35 - 000019444 _____ C:\Users\Marc\Downloads\viewcart (1).php
2017-11-29 12:40 - 2017-11-29 12:40 - 000019440 _____ C:\Users\Marc\Downloads\viewcart.php
2017-11-29 12:37 - 2017-11-29 12:37 - 000014875 _____ C:\Users\Marc\Downloads\thanks-customer (1).php
2017-11-29 11:27 - 2017-11-29 11:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign7ff7ad44d0026d64
2017-11-29 11:26 - 2017-11-29 11:26 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign3564b2197b7b735a
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignab2de1246b92bd84
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign53b3fb958974dcb0
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign2579d0d7edb0e60c
2017-11-29 11:04 - 2017-11-29 11:05 - 000000000 ____D C:\Users\Marc\Downloads\likecoppersupdate
2017-11-29 11:04 - 2017-11-29 11:04 - 009739100 _____ C:\Users\Marc\Downloads\likecoppersupdate.zip
2017-11-29 07:45 - 2017-11-29 07:48 - 000013969 _____ C:\Users\Marc\Downloads\thanks-customer.php
2017-11-29 07:19 - 2017-11-29 07:19 - 009702659 _____ C:\Users\Marc\Downloads\likecoppers (2).zip
2017-11-29 07:01 - 2017-11-29 07:01 - 000012637 _____ C:\Users\Marc\Downloads\test.zip
2017-11-29 06:33 - 2017-11-29 06:33 - 000018915 _____ C:\Users\Marc\Downloads\checkout (2).php
2017-11-29 06:28 - 2017-11-29 06:28 - 000001138 _____ C:\Users\Marc\Documents\code.txt
2017-11-29 06:16 - 2017-11-29 06:16 - 000018922 _____ C:\Users\Marc\Downloads\checkout (1).php
2017-11-29 06:10 - 2017-11-29 06:10 - 000018910 _____ C:\Users\Marc\Downloads\checkout.php
2017-11-28 17:20 - 2017-11-28 17:20 - 014322210 _____ C:\Users\Marc\Downloads\httpd.www (4).zip
2017-11-28 17:17 - 2017-11-28 17:17 - 000000000 ____D C:\Users\Marc\Desktop\checkout
2017-11-28 17:12 - 2017-11-28 17:12 - 009702659 _____ C:\Users\Marc\Downloads\likecoppers (1).zip
2017-11-28 16:24 - 2017-11-28 16:24 - 002239726 _____ C:\Users\Marc\Downloads\Malucha.PDF
2017-11-28 14:25 - 2017-11-28 14:25 - 000069186 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (3).PDF
2017-11-28 14:25 - 2017-11-28 14:25 - 000069186 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (2).PDF
2017-11-28 14:16 - 2017-11-28 14:16 - 000069187 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (1).PDF
2017-11-28 14:16 - 2017-11-28 14:16 - 000067319 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Streichungsbestaetigung_fuer_CA17111W1095_CHROMEDX_CORP.PDF
2017-11-28 08:57 - 2017-11-28 08:57 - 000069187 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC.PDF
2017-11-28 07:23 - 2017-11-28 07:24 - 000012389 _____ C:\Users\Marc\Downloads\thanks-customer.html
2017-11-28 07:23 - 2017-11-28 07:23 - 000009262 _____ C:\Users\Marc\Downloads\cancel.html
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc2d52049e2bbbbda
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign5b279e107cee850d
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0738be919edb918f
2017-11-28 01:39 - 2017-11-28 01:39 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignafe76f04b7750bd5
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignb581bfe39342a53d
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign828b31903f5825fc
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign3f9b22f61f57bd8b
2017-11-26 07:14 - 2017-11-26 07:14 - 000521556 _____ C:\Users\Marc\Downloads\S GUIDE.pdf
2017-11-26 03:19 - 2017-11-26 03:19 - 000190274 _____ C:\Users\Marc\Downloads\Hesi Feeding Chart.pdf
2017-11-25 14:24 - 2017-11-25 14:24 - 000150111 _____ C:\Users\Marc\Downloads\2017_11rechnung_4771182973.pdf
2017-11-24 23:13 - 2017-11-24 23:13 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign08ffbdef97a63834
2017-11-24 23:07 - 2017-11-24 23:07 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign4460f6078019a9c2
2017-11-24 21:57 - 2017-11-24 21:57 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignde7620919abea5fb
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc405c8d130bef297
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign6b0ea284e03735e9
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign34283d6757bc31df
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign1cdab42237517bf6
2017-11-23 00:07 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-23 00:07 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-23 00:07 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-23 00:07 - 2017-11-17 10:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-23 00:07 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-23 00:07 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-23 00:07 - 2017-11-17 10:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-23 00:07 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-23 00:07 - 2017-11-17 10:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-23 00:07 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-23 00:07 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-23 00:07 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-23 00:07 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-23 00:07 - 2017-11-17 09:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-23 00:07 - 2017-11-17 09:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-23 00:07 - 2017-11-17 09:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-22 20:08 - 2017-11-22 20:08 - 000134138 _____ C:\Users\Marc\Downloads\11 Bevoelkerung mit Migrationshintergrund III.pdf
2017-11-22 20:07 - 2017-11-22 20:07 - 000129771 _____ C:\Users\Marc\Downloads\01 Auslaendische Bevoelkerung.pdf
2017-11-22 20:07 - 2017-11-22 20:07 - 000129771 _____ C:\Users\Marc\Downloads\01 Auslaendische Bevoelkerung (1).pdf
2017-11-22 16:25 - 2017-11-22 16:25 - 000010815 _____ C:\Users\Marc\Downloads\blanks.html
2017-11-21 23:49 - 2017-11-21 23:49 - 019222358 _____ C:\Users\Marc\Downloads\checkout.psd
2017-11-21 20:51 - 2017-11-21 20:51 - 009722584 _____ C:\Users\Marc\Downloads\likecoppers.zip
2017-11-21 20:36 - 2017-11-21 20:36 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign782df9d8c67ddbc0
2017-11-21 19:31 - 2017-11-21 19:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc54853ab2304e66c
2017-11-21 19:15 - 2017-11-21 19:15 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign98242f98bdd28717
2017-11-21 17:05 - 2017-11-21 17:05 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna1e1c20e8eeb4ca8
2017-11-21 16:54 - 2017-11-21 16:54 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0a635e0924cf4cc0
2017-11-21 16:53 - 2017-11-21 16:53 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbf1f52b31dc49489
2017-11-21 16:48 - 2017-11-21 16:48 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign9cb540e57ac80e68
2017-11-21 16:45 - 2017-11-21 16:45 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignac014509d31a7265
2017-11-21 16:45 - 2017-11-21 16:45 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign42b23aa879965569
2017-11-21 16:44 - 2017-11-21 16:44 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign26eba680525f6b8d
2017-11-21 16:31 - 2017-11-21 16:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign96f7ad49d4b160c2
2017-11-21 16:29 - 2017-11-21 16:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign406a7462ac246081
2017-11-21 16:28 - 2017-11-21 16:28 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigndee0cd3e619be88d
2017-11-21 16:28 - 2017-11-21 16:28 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignd685aa0eabd62b91
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna61870ff3d570abb
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign181edacc8e37cc75
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign1317b64d0549eaea
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc7e5ed78f862fe88
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign98cc1631eee7068a
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign29154994fa1fffbd
2017-11-19 17:36 - 2017-11-19 17:37 - 111053138 _____ C:\Users\Marc\Downloads\httpd.www (3).zip
2017-11-19 17:19 - 2017-11-19 17:19 - 110067043 _____ C:\Users\Marc\Downloads\httpd.www (2).zip
2017-11-19 13:30 - 2017-11-19 13:30 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign28e1009a6ebdf945
2017-11-19 11:00 - 2017-11-19 11:00 - 001542768 _____ C:\Users\Marc\Downloads\water-09-00454-v2.pdf
2017-11-19 09:43 - 2017-11-19 09:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna56a0e75e72d7768
2017-11-19 09:43 - 2017-11-19 09:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign9a54233f32072cfe
2017-11-19 09:42 - 2017-11-19 09:42 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbeb4eabb30acce51
2017-11-19 09:42 - 2017-11-19 09:42 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna99a02dc0c132469
2017-11-19 08:08 - 2017-11-19 08:08 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign59f9e11be32a8d34
2017-11-19 08:04 - 2017-11-19 08:04 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigncc984aaa89479f51
2017-11-19 07:53 - 2017-11-19 07:53 - 000050265 _____ C:\Users\Marc\Downloads\disposabledroid-bb.zip
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign80a99a65a892ca08
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign5f51e5912bba1101
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign191e079e6027eb82
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign16076731447ec462
2017-11-19 07:28 - 2017-11-19 07:28 - 000000823 _____ C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
2017-11-19 05:19 - 2017-11-19 05:19 - 001006100 _____ C:\Users\Marc\Downloads\tinified (18).zip
2017-11-19 05:18 - 2017-11-19 05:18 - 001322667 _____ C:\Users\Marc\Downloads\tinified (17).zip
2017-11-19 05:17 - 2017-11-19 05:17 - 001336719 _____ C:\Users\Marc\Downloads\tinified (16).zip
2017-11-19 05:14 - 2017-11-19 05:14 - 000166535 _____ C:\Users\Marc\Downloads\tinified (15).zip
2017-11-19 05:13 - 2017-11-19 05:14 - 000922288 _____ C:\Users\Marc\Downloads\tinified (14).zip
2017-11-19 05:12 - 2017-11-19 05:12 - 001044536 _____ C:\Users\Marc\Downloads\tinified (13).zip
2017-11-19 05:11 - 2017-11-19 05:11 - 000482131 _____ C:\Users\Marc\Downloads\tinified (12).zip
2017-11-19 05:10 - 2017-11-19 05:10 - 001172965 _____ C:\Users\Marc\Downloads\tinified (11).zip
2017-11-19 05:08 - 2017-11-19 05:08 - 001537196 _____ C:\Users\Marc\Downloads\tinified (10).zip
2017-11-19 04:57 - 2017-11-19 04:58 - 015235767 _____ C:\Users\Marc\Downloads\uploaded_images.zip
2017-11-19 04:47 - 2017-11-19 04:47 - 000150421 _____ C:\Users\Marc\Downloads\js (2).zip
2017-11-19 04:42 - 2017-11-19 04:42 - 000050346 _____ C:\Users\Marc\Downloads\css.zip
2017-11-19 00:29 - 2017-11-19 00:29 - 000059697 _____ C:\Users\Marc\Downloads\sitemap (2).xml
2017-11-18 23:50 - 2017-11-18 23:50 - 000007344 _____ C:\Users\Marc\Downloads\tinified (9).zip
2017-11-18 23:49 - 2017-11-18 23:49 - 000034261 _____ C:\Users\Marc\Downloads\images (1).zip
2017-11-18 23:26 - 2017-11-18 23:26 - 000000526 _____ C:\Users\Marc\Downloads\images.zip
2017-11-18 23:17 - 2017-11-18 23:18 - 000475920 _____ C:\Users\Marc\Documents\design3.psd
2017-11-18 23:17 - 2017-11-18 23:17 - 000482677 _____ C:\Users\Marc\Documents\design1.psd
2017-11-18 23:17 - 2017-11-18 23:17 - 000463971 _____ C:\Users\Marc\Documents\design2.psd
2017-11-18 22:31 - 2017-11-18 22:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign36b82f2f6ac79c93
2017-11-18 22:17 - 2017-11-18 22:17 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign479347ec3f3905f9
2017-11-18 22:05 - 2017-11-18 22:05 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignff9a510c1d92dd9f
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigne665661293406263
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbbdc7a1795033f36
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna07b7d2c82e2f043
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign7d3731bb37c55b5d
2017-11-18 20:46 - 2017-11-18 20:46 - 000085497 _____ C:\Users\Marc\Downloads\js-index2.js
2017-11-18 20:45 - 2017-11-18 20:45 - 000085498 _____ C:\Users\Marc\Downloads\js-index.js.000
2017-11-18 20:45 - 2017-11-18 20:45 - 000085498 _____ C:\Users\Marc\Downloads\js-index.js
2017-11-18 20:45 - 2017-11-18 20:45 - 000085497 _____ C:\Users\Marc\Downloads\js-index.js.001
2017-11-18 20:39 - 2017-11-18 20:39 - 000066005 _____ C:\Users\Marc\Downloads\js (1).zip
2017-11-18 20:27 - 2017-11-18 20:27 - 000084332 _____ C:\Users\Marc\Downloads\js.zip
2017-11-18 19:33 - 2017-11-18 19:34 - 039049333 _____ C:\Users\Marc\Downloads\httpd.www (1).zip
2017-11-18 19:21 - 2017-11-18 19:21 - 000059697 _____ C:\Users\Marc\Downloads\sitemap (1).xml
2017-11-18 19:09 - 2017-11-18 19:09 - 000077160 _____ C:\Users\Marc\Downloads\fontawesome-webfont.woff2
2017-11-18 17:37 - 2017-11-18 17:37 - 000007192 _____ C:\Users\Marc\Downloads\tinified (8).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000049952 _____ C:\Users\Marc\Downloads\tinified (5).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000026436 _____ C:\Users\Marc\Downloads\tinified (6).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000015407 _____ C:\Users\Marc\Downloads\tinified (7).zip
2017-11-18 17:33 - 2017-11-18 17:33 - 000311675 _____ C:\Users\Marc\Downloads\logo_a.zip
2017-11-18 17:32 - 2017-11-18 17:32 - 000003712 _____ C:\Users\Marc\Downloads\tinified (4).zip
2017-11-18 17:31 - 2017-11-18 17:31 - 000013077 _____ C:\Users\Marc\Downloads\img.zip
2017-11-18 17:27 - 2017-11-18 17:27 - 000007396 _____ C:\Users\Marc\Downloads\tinified (3).zip
2017-11-18 17:26 - 2017-11-18 17:26 - 000072414 _____ C:\Users\Marc\Downloads\logo (1).zip
2017-11-18 17:26 - 2017-11-18 17:26 - 000015380 _____ C:\Users\Marc\Downloads\tinified (2).zip
2017-11-18 17:21 - 2017-11-18 17:21 - 000027179 _____ C:\Users\Marc\Downloads\tinified (1).zip
2017-11-18 17:18 - 2017-11-18 17:18 - 000051382 _____ C:\Users\Marc\Downloads\tinified.zip
2017-11-18 17:13 - 2017-11-18 23:39 - 000000000 ____D C:\Users\Marc\Documents\resize images
2017-11-18 17:12 - 2017-11-18 17:13 - 000309274 _____ C:\Users\Marc\Downloads\logo.zip
2017-11-18 06:23 - 2017-12-07 11:42 - 000000000 ____D C:\Users\Marc\Documents\backup of every website
2017-11-18 06:23 - 2017-11-18 06:23 - 006889534 _____ C:\Users\Marc\Downloads\httpd.www.zip
2017-11-18 02:32 - 2017-11-18 02:32 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign009bb6b9f2398954
2017-11-18 02:31 - 2017-11-18 02:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0411acc87206ed09
2017-11-17 20:30 - 2017-11-17 20:30 - 000004096 _____ C:\Users\Marc\Downloads\_Thumbs.db
2017-11-17 03:53 - 2017-11-17 03:53 - 000000529 _____ C:\Users\Marc\Downloads\mail.php
2017-11-17 03:00 - 2017-11-17 03:00 - 000114466 _____ C:\Users\Marc\Downloads\PHPMailer-master.zip
2017-11-17 01:55 - 2017-11-17 01:55 - 000002971 _____ C:\Users\Marc\Downloads\contact_us.php
2017-11-17 01:53 - 2017-11-17 01:53 - 005264487 _____ C:\Users\Marc\Downloads\flippy_affilateplatform_4.0.0.zip
2017-11-17 00:03 - 2017-11-16 23:40 - 000040847 _____ C:\Users\Marc\Downloads\sitemap - Kopie.xml
2017-11-16 22:41 - 2017-11-16 23:14 - 000022801 _____ C:\Users\Marc\Downloads\sitemap2.xml
2017-11-16 22:39 - 2017-11-16 23:40 - 000040847 _____ C:\Users\Marc\Downloads\sitemap.xml
2017-11-16 22:24 - 2017-11-16 22:24 - 000001982 _____ C:\Users\Marc\Downloads\rss_all.php
2017-11-16 02:09 - 2017-11-16 02:15 - 000106077 _____ C:\Users\Marc\Downloads\listings.sql
2017-11-15 19:41 - 2017-11-15 20:01 - 001752244 _____ C:\Users\Marc\Downloads\jokes (2).sql
2017-11-15 19:32 - 2017-11-15 19:32 - 000011517 _____ C:\Users\Marc\Downloads\add.php
2017-11-15 19:08 - 2017-11-15 19:09 - 008824924 _____ C:\Users\Marc\Downloads\jokebrothers_com_mysql.sql
2017-11-15 19:05 - 2017-11-15 19:05 - 001751596 _____ C:\Users\Marc\Downloads\jokes (1).sql
2017-11-15 18:47 - 2017-11-15 18:47 - 001751596 _____ C:\Users\Marc\Downloads\jokes.sql
2017-11-15 17:40 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 17:40 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 17:40 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 17:40 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 17:40 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 17:40 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 17:40 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 17:40 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 17:40 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 17:40 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 17:40 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 17:40 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 17:40 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 17:40 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 17:40 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 17:40 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 17:40 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 17:40 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 17:40 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 17:39 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 17:39 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 17:39 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 17:39 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 17:39 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 17:39 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 17:39 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 17:39 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 17:39 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 17:39 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 17:39 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 17:39 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 17:39 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 17:39 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 17:39 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 17:39 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 17:39 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 17:39 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 17:39 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 17:39 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 17:39 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 17:39 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 17:39 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 17:39 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 17:39 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 17:39 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 17:36 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 17:36 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 17:36 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 17:36 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 17:36 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 17:36 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 17:35 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 17:35 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 17:35 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 17:35 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 17:35 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 17:35 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 17:35 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 17:35 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 17:35 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 17:35 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 17:35 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 17:35 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 17:35 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 17:35 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 17:35 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 17:35 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 17:35 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 17:35 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 17:35 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 17:35 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 17:35 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 17:35 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 17:35 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 17:35 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 17:35 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 17:35 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 17:35 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 17:34 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 17:34 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 17:34 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 17:34 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 17:34 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 17:34 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 17:34 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 17:34 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 17:34 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 17:34 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 17:34 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 17:34 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 17:34 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 17:34 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 17:34 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 17:34 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 17:34 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 17:34 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 17:34 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 17:34 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 17:34 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 17:34 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 17:34 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 17:34 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 17:34 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 17:34 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 17:34 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 17:34 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 17:34 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 17:34 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 17:34 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 17:34 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 17:33 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 17:33 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 17:33 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 17:33 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 17:33 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 17:33 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 17:33 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 17:33 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 17:33 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 17:33 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 17:33 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 17:33 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 17:33 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 17:33 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 17:33 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 17:33 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 17:33 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 17:33 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 17:33 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 23:42 - 2017-11-14 23:42 - 000005830 _____ C:\Users\Marc\AppData\Local\recently-used.xbel
2017-11-14 21:28 - 2017-11-14 21:29 - 072981771 _____ C:\Users\Marc\Desktop\httpd.www.zip
2017-11-14 21:15 - 2017-11-14 23:42 - 000000000 ____D C:\Users\Marc\AppData\Local\gtk-2.0
2017-11-14 21:06 - 2017-11-14 23:40 - 000000000 ____D C:\Users\Marc\.gimp-2.8
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\AppData\Local\gegl-0.2
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\AppData\Local\fontconfig
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\.thumbnails
2017-11-14 21:05 - 2017-11-14 21:05 - 000000683 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-11-14 16:26 - 2017-11-14 16:26 - 000041952 _____ C:\Users\Marc\Downloads\RG002469 (1).pdf
2017-11-14 13:50 - 2017-12-02 13:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-11-14 13:49 - 2017-12-02 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-14 13:49 - 2017-11-14 13:49 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Sun
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Sun
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\ProgramData\Oracle
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-14 13:48 - 2017-11-14 13:48 - 001852992 _____ (Oracle Corporation) C:\Users\Marc\Downloads\JavaSetup8u151.exe
2017-11-12 01:32 - 2017-11-12 01:32 - 001416592 _____ C:\Users\Marc\Downloads\bookmarks_12.11.17.html
2017-11-11 16:48 - 2017-11-11 16:48 - 000041952 _____ C:\Users\Marc\Downloads\RG002469.pdf
2017-11-07 19:55 - 2017-11-07 19:55 - 002875273 _____ C:\Users\Marc\Downloads\2ee8156f24657141.mp4
2017-11-07 18:08 - 2017-11-07 18:08 - 000428328 _____ C:\Users\Marc\Downloads\4798185_t201501069.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-07 17:34 - 2016-11-28 16:02 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2017-12-07 17:16 - 2017-08-12 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-07 15:33 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-07 11:55 - 2017-08-12 21:31 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{882D50A6-925B-4CF2-A990-2B3E317B6FFC}
2017-12-07 06:25 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-06 22:12 - 2017-10-11 13:18 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 22:12 - 2017-10-11 13:18 - 000002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-06 18:50 - 2016-12-07 07:32 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Mozilla
2017-12-06 12:54 - 2017-08-12 21:25 - 000000000 ____D C:\Users\Marc
2017-12-06 09:32 - 2017-08-12 21:35 - 003624024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-06 09:32 - 2017-03-20 05:35 - 001768032 _____ C:\WINDOWS\system32\perfh007.dat
2017-12-06 09:32 - 2017-03-20 05:35 - 000432086 _____ C:\WINDOWS\system32\perfc007.dat
2017-12-06 09:32 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-06 09:27 - 2016-11-28 16:00 - 000000000 __SHD C:\Users\Marc\IntelGraphicsProfiles
2017-12-06 09:26 - 2017-08-12 21:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-06 00:00 - 2017-01-16 14:43 - 000000000 ____D C:\Users\Marc\AppData\Local\PokerStars.EU
2017-12-05 18:59 - 2017-09-11 15:01 - 000000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-12-05 13:35 - 2017-04-19 09:19 - 000000000 ____D C:\Users\Marc\AppData\Roaming\FileZilla
2017-12-03 20:56 - 2017-08-11 09:14 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-03 20:45 - 2017-08-12 21:32 - 000060963 _____ C:\WINDOWS\diagwrn.xml
2017-12-03 20:45 - 2017-08-12 21:32 - 000060963 _____ C:\WINDOWS\diagerr.xml
2017-12-03 20:18 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-03 20:12 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Registration
2017-12-03 20:11 - 2017-09-30 16:00 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-03 09:43 - 2017-11-05 07:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator
2017-12-03 09:43 - 2017-11-05 07:25 - 000000000 ____D C:\Program Files (x86)\Holdem Indicator
2017-12-02 15:25 - 2016-12-06 21:09 - 000000000 ____D C:\Users\Marc\AppData\Local\ElevatedDiagnostics
2017-12-02 13:24 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 13:23 - 2016-08-23 17:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-02 13:05 - 2017-08-12 21:23 - 000380520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-02 13:05 - 2017-06-28 18:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 13:05 - 2016-05-05 17:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 13:04 - 2017-11-06 07:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tournament Indicator
2017-12-02 13:04 - 2017-10-12 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-02 13:04 - 2017-10-03 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-12-02 13:04 - 2017-09-17 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-12-02 13:04 - 2017-09-13 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon
2017-12-02 13:04 - 2017-09-11 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2017-12-02 13:04 - 2017-08-25 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-12-02 13:04 - 2017-08-12 21:25 - 000000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2017-12-02 13:04 - 2017-08-12 21:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-02 13:04 - 2017-08-12 21:24 - 000000000 ____D C:\Program Files\Intel
2017-12-02 13:04 - 2017-07-18 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCryptor
2017-12-02 13:04 - 2017-07-10 18:48 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-02 13:04 - 2017-06-01 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-02 13:04 - 2017-04-29 11:51 - 000000000 ____D C:\WINDOWS\ShellNew
2017-12-02 13:04 - 2017-04-29 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-12-02 13:04 - 2017-04-25 23:13 - 000000000 ____D C:\Program Files\UNP
2017-12-02 13:04 - 2017-04-19 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Help
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-02 13:04 - 2017-03-16 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-02 13:04 - 2017-01-24 01:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-02 13:04 - 2017-01-20 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 13:04 - 2016-12-04 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-02 13:04 - 2016-12-04 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-12-02 13:04 - 2016-11-29 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-12-02 13:04 - 2016-11-29 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-12-02 13:04 - 2016-11-28 15:53 - 000000000 ____D C:\WINDOWS\oem
2017-12-02 13:04 - 2016-08-23 19:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2017-12-02 13:04 - 2016-08-23 19:07 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2017-12-02 13:04 - 2016-08-23 18:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-12-02 13:04 - 2016-08-23 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-12-02 13:04 - 2016-05-05 17:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-02 13:04 - 2016-05-05 17:07 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-12-02 12:35 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-01 02:37 - 2016-11-28 19:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-01 02:33 - 2017-10-10 19:15 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-01 02:33 - 2016-11-28 19:36 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-30 08:41 - 2016-05-05 17:08 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-28 11:21 - 2017-09-13 17:54 - 000001315 _____ C:\Users\Marc\AppData\Roaming\SAS7_000.DAT
2017-11-27 14:50 - 2017-11-05 07:48 - 000000000 ____D C:\Users\Marc\Documents\888poker
2017-11-26 22:50 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-26 05:53 - 2017-10-24 11:37 - 000006286 _____ C:\Users\Marc\Desktop\züchtung.txt
2017-11-25 05:22 - 2016-02-13 14:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-23 00:09 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 15:36 - 2016-12-02 15:04 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-18 18:26 - 2016-11-30 16:20 - 000000000 ____D C:\ProgramData\Skype
2017-11-18 17:30 - 2017-02-06 12:42 - 001421312 ___SH C:\Users\Marc\Downloads\Thumbs.db
2017-11-18 17:27 - 2017-01-26 03:41 - 000094208 ___SH C:\Users\Marc\Desktop\Thumbs.db
2017-11-18 02:32 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Adobe
2017-11-18 02:31 - 2017-10-03 16:48 - 000000000 ____D C:\Users\Marc\AppData\Roaming\NVIDIA
2017-11-17 05:39 - 2017-11-05 07:48 - 000002026 _____ C:\Users\Marc\Desktop\888poker.lnk
2017-11-17 05:38 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Local\VirtualStore
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:06 - 2017-10-11 13:18 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 17:06 - 2017-10-11 13:18 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 01:33 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Local\Packages
2017-11-14 20:47 - 2016-11-28 16:04 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Mozilla
2017-11-14 13:48 - 2016-12-15 07:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Adobe
2017-11-14 13:47 - 2017-08-21 02:44 - 000004702 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 13:47 - 2017-08-12 21:31 - 000004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-12 00:23 - 2017-11-06 07:23 - 000000000 ____D C:\Program Files (x86)\Tournament Indicator

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-09-13 17:54 - 2017-11-28 11:21 - 000001315 _____ () C:\Users\Marc\AppData\Roaming\SAS7_000.DAT
2017-11-14 23:42 - 2017-11-14 23:42 - 000005830 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2016-12-06 18:25 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\Marc\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-12-02 15:25

==================== Ende von FRST.txt ============================

Froschmann 07.12.2017 18:01
Additional.txt
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-12-2017
durchgeführt von Marc (07-12-2017 18:00:07)
Gestartet von C:\Users\Marc\Downloads
Windows 10 Home Version 1703 15063.729 (X64) (2017-08-12 20:34:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-721633766-3456424319-3093112155-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-721633766-3456424319-3093112155-503 - Limited - Disabled)
Gast (S-1-5-21-721633766-3456424319-3093112155-501 - Limited - Disabled)
Marc (S-1-5-21-721633766-3456424319-3093112155-1001 - Administrator - Enabled) => C:\Users\Marc

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
888poker (HKLM-x32\...\{F78E5FB8-7856-4A2C-A81B-6EDA12F81B01}) (Version: 7.4.00037 - 888) Hidden
888poker (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\InstallShield_{F78E5FB8-7856-4A2C-A81B-6EDA12F81B01}) (Version: 7.4.00037 - 888)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3023 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.95 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dragon 15 (HKLM-x32\...\{768AC460-237E-45B6-99B8-1DE6D0F391E8}) (Version: 15.00.000 - Nuance Communications Inc.)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-2760 Series Printer Uninstall (HKLM\...\EPSON WF-2760 Series) (Version:  - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Ghost Control 3.0.6 (HKLM-x32\...\Ghost Control_is1) (Version:  - N.R.S.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.13.2 (HKLM\...\Git_is1) (Version: 2.13.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\GitHubDesktop) (Version: 1.0.10 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Holdem Indicator 2.9.6.0 (HKLM-x32\...\Holdem Indicator_is1) (Version:  - hxxp://www.HoldemIndicator.com)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.13.1 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 de) (HKLM\...\Mozilla Firefox 57.0.1 (x64 de)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tournament Indicator 2.6.0.0 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - hxxp://www.TournamentIndicator.com)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Winner Poker (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\winnerpoker) (Version: 1.1.1.35 - Winner Poker)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0481BC6E-5635-4CA5-9A47-AC5F661D507F} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()
Task: {1219C36E-B6F0-47AC-B8C1-D71B3F7457E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {171E2F16-7D52-4AFD-92B1-0869BF5D85A6} - System32\Tasks\EPSON WF-2760 Series Update {C8EC83F3-0518-4374-B434-D11713730F69} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {207DC15A-70EC-439B-89F8-9BA9F1C08A72} - System32\Tasks\EPSON WF-2760 Series Update {B6CFA1C1-110C-426C-80BD-40BB944004D8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {2F2090A3-917D-4EB2-8B3B-C25A373CEC79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {355F852A-7001-4393-A65A-7457F7E17AF9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {4207B2C7-9F0A-45DA-BF1B-0EF9A2356C0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {4B3A6DEF-7085-4318-8ECE-48E36EA5909D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {55B0F94A-287A-4D03-8B01-0FA86CEFE6F7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {5740D63E-86DA-4729-87CF-D6FC0B97FD60} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-03] (Acer Incorporated)
Task: {5A8C5CDE-3D27-4211-A3B4-D4A8D5FBB8DA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {619B4769-D920-45E3-A6E8-098C98ECE282} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {657100E4-F622-443A-964A-67B240ABF7B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {6A0E7275-3E1C-4D19-B27E-95710E785830} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {6D0FC957-707D-4278-9E3A-4A6203F68EC6} - System32\Tasks\EPSON WF-2760 Series Update {68E8254B-F612-4C41-8893-CD52FBAD49A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {70A687B9-01B1-4889-8921-9B4C54A0191C} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {785C730D-B10F-4F09-B654-90DDFBDA135A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {79448C01-7561-4BBF-9286-C8FB4851FDE4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {79A0CD66-2A3B-4C15-8D21-DC3C7EEB2981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {79D87E59-33B6-4EDA-96A9-EBE172939FCF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {7E8D8FCD-D903-42A6-BCA0-3117E6359021} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {84ECDB13-8E79-4CC6-A578-9DE428046846} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {8786A3CF-361F-4FC7-BF53-D7A7B3BFAC26} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-03] (Acer Incorporated)
Task: {88D688B3-6645-49BE-AEBC-8CAB1D5A53EB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {90264D9C-0E0D-41AC-BC70-B660A5026298} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {9914F2F5-49AD-4044-BBE1-F1E61CE7E735} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {AF2C6FB2-44F3-4700-A186-6D4BAC656D7D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {AFB7F9EB-7065-4DC2-913B-D8E7DDF6BD19} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CA105160-4ADE-451B-BBF2-81D45AD39E16} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {DA373233-071A-4568-B38E-078241CD5DD3} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-01-20] (Acer Incorporated)
Task: {E0285427-F9BF-4742-A3C6-181EC5D8AD97} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {E28D7D70-5F9A-4819-90B5-C2819368534A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {E6CA8CCB-F179-4D36-9E8A-03F274774B5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {E7C499CC-7566-46C3-9F93-CBDCCB29EBA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E819E1F4-DFDE-4EA8-AD43-751E0A9F439C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {EFF6E9E1-FAD1-4118-A917-6F4EDD3B4491} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {F51BBF49-4C3B-492A-9CD4-944361E4461B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {FFEB5D6D-7F8B-4346-8796-DC099B04930A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {68E8254B-F612-4C41-8893-CD52FBAD49A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{68E8254B-F612-4C41-8893-CD52FBAD49A1} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {B6CFA1C1-110C-426C-80BD-40BB944004D8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{B6CFA1C1-110C-426C-80BD-40BB944004D8} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {C8EC83F3-0518-4374-B434-D11713730F69}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{C8EC83F3-0518-4374-B434-D11713730F69} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-04 19:26 - 2016-03-04 19:26 - 005570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-12-02 14:25 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-12 21:24 - 2016-12-29 14:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-17 02:30 - 2017-01-17 02:30 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-03-20 16:44 - 2017-03-20 16:44 - 000052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-15 22:12 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 22:12 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-01-20 19:50 - 2016-01-20 19:50 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-12-06 09:31 - 2017-12-06 09:31 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-01 06:03 - 2017-12-01 06:03 - 026657792 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-01 06:03 - 2017-12-01 06:03 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-17 15:38 - 2017-11-17 15:38 - 035241472 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-11-17 15:38 - 2017-11-17 15:38 - 009218560 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 10:41 - 2017-08-23 10:41 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-17 15:38 - 2017-11-17 15:38 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-10-10 03:50 - 2017-10-10 03:50 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 08:27 - 2017-11-30 08:27 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-07-11 01:34 - 2017-07-11 01:34 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-07-11 01:34 - 2017-07-11 01:34 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2016-05-16 20:50 - 2016-05-16 20:50 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Classes\regfile: regedit.exe "%1" <==== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Ghost Control"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "OpenVPN-GUI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{6437DEB9-D84B-4F1E-809F-09F93F6FB254}D:\games\portal 2\portal2.exe] => (Block) D:\games\portal 2\portal2.exe
FirewallRules: [TCP Query User{EB301C9C-A55F-4D75-8BBA-1578AB94C65B}D:\games\portal 2\portal2.exe] => (Block) D:\games\portal 2\portal2.exe
FirewallRules: [UDP Query User{01D36499-B575-4FD4-ADFA-870537E201C2}D:\games\age of empires ii hd\game.dat] => (Block) D:\games\age of empires ii hd\game.dat
FirewallRules: [TCP Query User{72A22D15-9A1B-4B78-91D2-2B63DF9EC97B}D:\games\age of empires ii hd\game.dat] => (Block) D:\games\age of empires ii hd\game.dat
FirewallRules: [UDP Query User{6645C61E-717B-49F3-8124-8EA19121C07D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{6C980ED1-22EC-49E1-B5F9-CB934935ADFC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EE0D4713-8A0E-4C14-B49B-F60B918BEDAB}D:\programme\microsoft vs code\code.exe] => (Allow) D:\programme\microsoft vs code\code.exe
FirewallRules: [TCP Query User{06ED79E5-6DAD-44D9-813F-F388FEE3A883}D:\programme\microsoft vs code\code.exe] => (Allow) D:\programme\microsoft vs code\code.exe
FirewallRules: [{0A52A7B2-8F25-4B7A-9314-E0091894B3E3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{79E239C8-3498-41B1-8374-F4F8D0C6DD63}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A560B948-A40B-413E-A457-1C0A85D9B7F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E12A2E4B-AD3C-4D4F-BFD4-45CB5218AE2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{50CDA598-A61C-4EAD-9AD9-93C415164E2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7CFB66E-8BDA-495D-AA40-8C01969A7E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9C853F2-899B-42D7-BFCF-3BDC0C651DB8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6BE4FEA3-C238-44EB-A81F-8CB48177FBF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DA1DD0D-17DF-4D31-9398-B5C834877DE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B650E4E5-9DFC-45D0-A425-9FF0EF2350C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{D0D9C1B3-E5B7-47FF-9896-9569EAC5A2D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{3C1D22C0-D147-4E4F-98A0-55F97BDD3FF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{04C76429-84FC-439B-BD08-10E52EF2A219}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2F8651DE-859C-4A05-A19C-752E210DECA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F3A4DAC7-9C02-4220-9978-1C52EF4A8355}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{29CFB43A-B380-47C2-99DD-10D263E7B01B}] => (Allow) D:\Steamspiele\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{903ABAF8-A1D6-4213-927B-10D241C9FF9A}] => (Allow) D:\Steamspiele\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A17C384A-EA02-4F92-A1DB-0D6A9CAD365D}] => (Allow) D:\Steamspiele\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D809024A-ECEA-4914-8E15-FBA492403288}] => (Allow) D:\Steamspiele\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{CF71BBA6-31F1-4981-8713-1D8F811EAAB7}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7ED345D0-BE4E-4D07-9157-EEF854EB1599}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B7932758-F237-4797-AD0C-74629D8FAF72}] => (Allow) D:\Steamspiele\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{2BC7A53D-ACAE-4E13-9794-4E4A7DFB6E32}] => (Allow) D:\Steamspiele\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{3666437C-07E8-446B-88AE-54D11D265723}] => (Allow) D:\Steamspiele\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2F282997-0382-427F-8EF9-2D21673DDA8D}] => (Allow) D:\Steamspiele\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9E4E69E9-592F-4077-A8A8-D3EDA4CC8AC2}] => (Allow) D:\Steamspiele\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{DE8B01D8-14C8-4057-8ED1-25BAFADFBD86}] => (Allow) D:\Steamspiele\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{72042562-6185-4A7D-BE73-4B375E5672D8}] => (Allow) D:\Steamspiele\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{49D16CAA-1D4C-49D5-B1ED-0441A5307B36}] => (Allow) D:\Steamspiele\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{15153893-58E9-4C79-9A53-163BC773F770}] => (Allow) D:\Steamspiele\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{C24CF349-1B0E-43E7-97DB-84C4F9A03176}] => (Allow) D:\Steamspiele\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{81CE3A2A-63D7-403B-B581-C0DF8DDBCC73}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{CC500E97-B57F-4DF4-9A6E-E489E411025D}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{4D37F854-1189-4E7F-ACB5-9DB64690C8FF}] => (Allow) D:\Programme\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C2D26449-97F0-4056-AFD4-DEDEB7FBEE0F}] => (Allow) D:\Programme\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{57ABC4A2-AF21-429E-A522-BC7DE6118EF4}] => (Allow) D:\Programme\steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{354CB7E9-A9C5-433F-89D6-DB0F3A3C57FF}] => (Allow) D:\Programme\steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [TCP Query User{D1E20920-50FF-43E7-AD26-D6ADA28C6762}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{63C700BB-39C8-4C3D-814B-75DF39DB2A41}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [{650DFFEE-8C63-40CB-9881-CF71FF0E17CF}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{A89A55D1-76DC-4126-B9B9-C72BA480662F}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{054CEC16-4ED0-48D9-9933-4338A6A25490}] => (Allow) D:\Programme\steam\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{C89F7CEA-232D-4DF0-AB3F-C24A252BC320}] => (Allow) D:\Programme\steam\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{B0173163-EABC-49AE-B354-80CF409A9D95}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{1BFE85E9-D929-4759-870B-4C60EF614F18}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{18B28BFC-9CD1-445F-919C-2524DBE9C77D}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{7D729EAB-FD82-4219-8BAA-F8C5F4D2779C}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{8DB1C38E-D597-4280-BCBD-ADFD0ACE8EA5}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{1636DC0F-7CC9-463C-8303-BA197BA686BF}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{64BAD023-B621-412C-8E97-7CDD4D118AE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

02-12-2017 16:38:38 Geplanter Prüfpunkt
05-12-2017 14:56:18 Installed Safari

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2017 06:50:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:50:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 03:20:09 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{41FD88F7-F295-4D39-91AC-A85F3149A05B}" wurde abgelehnt.

Error: (12/06/2017 01:43:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Marc\Downloads\esetsmartinstaller_deu (1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/06/2017 09:54:00 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/06/2017 09:27:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/05/2017 10:04:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{41FD88F7-F295-4D39-91AC-A85F3149A05B}" wurde abgelehnt.

Error: (12/05/2017 03:59:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (12/06/2017 09:27:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/06/2017 09:27:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/06/2017 09:26:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (12/06/2017 09:26:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2017 um 01:29:48 unerwartet heruntergefahren.

Error: (12/03/2017 08:50:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys

Error: (12/03/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys

Error: (12/03/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-12-07 11:30:43.362
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-07 10:39:08.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-07 10:39:08.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-06 11:05:44.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 23:04:31.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.325
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:27.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.16299.15_none_6bf69ff6ccd5c66d\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:27.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.16299.15_none_6bf69ff6ccd5c66d\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 81%
Installierter physikalischer RAM: 8060.13 MB
Verfügbarer physikalischer RAM: 1520.56 MB
Summe virtueller Speicher: 18812.13 MB
Verfügbarer virtueller Speicher: 7580.19 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:118.13 GB) (Free:35.56 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:478.86 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A7C69406)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A7C694E3)

Partition: GPT.

==================== Ende von Addition.txt ============================

cosinus 07.12.2017 21:40
Die Info wo genau der Teil gefunden wirde. Bitte nachreichen. Steht im Verlauf des AV.

Froschmann 08.12.2017 02:05
Hier wurde es gefunden:
Code:
Trojan:HTML/Brocoiner!rfn
Warnstufe: Schwerwiegend Status: Unter Quarantäne Datum: 7.12.2017
Empfohlene Aktion: Bedrohung jetzt entfernen.
Kategorie: Trojaner Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus
Weitere Informationen
Betroffene Elemente: containerfile: C:\Users\Marc\AppData\Local\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\cache2\entries\CE94BF5164C04AE312403C4CA6A85F4F3B1133A2 file: C:\Users\Marc\AppData\Local\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\cache2\entries \CE94BF5164C04AE312403C4CA6A85F4F3B1133A2->(GZip)

cosinus 08.12.2017 09:07
Das Teil ist im Browsercache. Heißt du hast ne Website angesurft, die per JavaScript Bitcoins auf Besucherrechnern schürfen lässt siehe https://www.trojaner-board.de/186983...coin-hive.html

Froschmann 08.12.2017 11:46
Ja, das ist sehr wahrscheinlich. Habe an Besuchertausch für Webseiten teilgenommen.

cosinus 08.12.2017 12:07
Wenn du keine anderen Probleme hast wär die Sache auch damit erledigt.

Froschmann 08.12.2017 12:09
Super danke!

cosinus 08.12.2017 12:15
Kannst aber wenn du willst mal den adwCleaner laufen lassen:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



adwCleaner v7.x

Downloade Dir bitte http://deeprybka.trojaner-board.de/adwcleaner/adwc.pngAdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131