Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win10 - Brocoiner (https://www.trojaner-board.de/187806-win10-brocoiner.html)

Froschmann 07.12.2017 18:01
Win10 - Brocoiner
 
Hi,
Mein Windows Defender hat mir mehrfach gemeldet das ich mit dem Brocoiner infiziert sei und wollte mal fragen wie schlimm es ist.
Meine Logs:

FRST.txt
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
durchgeführt von Marc (Administrator) auf LAPTOP-E5S4SKF9 (07-12-2017 17:58:54)
Gestartet von C:\Users\Marc\Downloads
Geladene Profile: Marc (Verfügbare Profile: Marc)
Platform: Windows 10 Home Version 1703 15063.729 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe
(Intel Corporation) C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Windows (R) Win 7 DDK provider) C:\WINDOWS\System32\AdminService.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-05-31] (Intel Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking15\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking15\Ereg.ini"
HKLM-x32\...\Run: [zenvpn] => C:\Program Files (x86)\ZenVPN OpenVPN bundle\bin\zenvpn.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Ghost Control] => D:\Programme\Ghost Control\ghost.exe [1991616 2010-10-27] (N.R.S.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIM1E.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Marc\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Steam] => D:\Programme\steam\steam.exe [3101984 2017-10-14] (Valve Corporation)
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{36d57d14-9a4f-4202-9113-600e5b7ccd91}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5426d1b7-cf53-4fec-9408-bf5b39142afa}: [DhcpNameServer] 172.18.13.1
Tcpip\..\Interfaces\{647575bc-0e78-4642-8dce-ba8815405b73}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-721633766-3456424319-3093112155-1001 -> DefaultScope {EC265DF2-9BA3-4FF9-96E8-B8F31C66DA7F} URL =
SearchScopes: HKU\S-1-5-21-721633766-3456424319-3093112155-1001 -> {EC265DF2-9BA3-4FF9-96E8-B8F31C66DA7F} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\dgnriaie_x64.dll [2016-08-23] (Nuance Communications, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\dgnriaie.dll [2016-08-23] (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-14] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-14] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-12-02] (Microsoft Corporation)

Edge:
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_2.3.0.0_neutral__c1wakc4j0nefm [2017-10-04]

FireFox:
========
FF ProfilePath: C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534 [2017-12-07]
FF Extension: (Adblock Plus) - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-14]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\features\{72d67937-2f50-4308-9835-3eea8c60ade8}\disable-media-wmf-nv12@mozilla.org.xpi [2017-12-01] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\x64\npDgnRia2_x64.dll [2016-08-23] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking15\Program\npDgnRia2.dll [2016-08-23] (Nuance Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default [2017-12-07]
CHR Extension: (Präsentationen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-11]
CHR Extension: (YouTube) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-11]
CHR Extension: (Adblock Plus) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-23]
CHR Extension: (Tabellen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Tampermonkey BETA) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcalenpjmijncebpfijmoaglllgpjagf [2017-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-11]
CHR Extension: (Google Mail) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-18]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063664 2017-11-22] (Microsoft Corporation)
S4 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [166280 2016-08-23] (Nuance Communications, Inc.)
S3 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-05-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [476904 2015-02-03] (Acer Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe [356176 2017-12-07] (Microsoft Corporation) <==== ACHTUNG
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe [105792 2017-12-07] (Microsoft Corporation) <==== ACHTUNG

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 dcrypt; C:\WINDOWS\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [183896 2016-03-24] (ELAN Microelectronic Corp.)
S3 EverestDriver; C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [26752 2010-03-31] ()
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-05-23] (Acer Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-06] (Malwarebytes)
R1 MpKsl1d4055b6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FA69DD7-FC1F-4737-8E05-5C823806861B}\MpKsl1d4055b6.sys [58120 2017-12-07] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-05-23] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2017-12-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2017-12-07] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2017-12-07] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-09-12] (Wellbia.com Co., Ltd.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-07 17:58 - 2017-12-07 17:59 - 000024679 _____ C:\Users\Marc\Downloads\FRST.txt
2017-12-07 17:58 - 2017-12-07 17:58 - 002390528 _____ (Farbar) C:\Users\Marc\Downloads\FRST64.exe
2017-12-07 17:58 - 2017-12-07 17:58 - 000000000 ____D C:\FRST
2017-12-07 10:39 - 2017-12-07 11:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2017-12-06 17:40 - 2017-12-06 17:43 - 038547522 _____ C:\Users\Marc\Downloads\299055_video.mp4
2017-12-06 16:55 - 2017-12-06 16:55 - 000020506 _____ C:\Users\Marc\Downloads\header_listing.php
2017-12-06 16:51 - 2017-12-06 16:51 - 000007819 _____ C:\Users\Marc\Downloads\listing.php
2017-12-06 14:19 - 2017-12-06 14:19 - 000007000 _____ C:\Users\Marc\Downloads\timthumb (1).php
2017-12-06 14:08 - 2017-12-06 14:08 - 043549625 _____ C:\Users\Marc\Downloads\cache.zip
2017-12-06 14:04 - 2017-12-06 14:04 - 000007000 _____ C:\Users\Marc\Downloads\timthumb.php
2017-12-06 13:30 - 2017-12-06 13:30 - 000151221 _____ C:\Users\Marc\Downloads\js_all.js
2017-12-06 12:54 - 2017-12-07 17:31 - 000000000 ____D C:\Users\Marc\AppData\Roaming\GitHub Desktop
2017-12-06 12:54 - 2017-12-06 12:54 - 000002461 _____ C:\Users\Marc\Desktop\GitHub Desktop.lnk
2017-12-06 12:54 - 2017-12-06 12:54 - 000000222 _____ C:\Users\Marc\.gitconfig
2017-12-06 12:54 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\Documents\GitHub
2017-12-06 12:54 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-12-06 12:53 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Local\SquirrelTemp
2017-12-06 12:53 - 2017-12-06 12:54 - 000000000 ____D C:\Users\Marc\AppData\Local\GitHubDesktop
2017-12-06 12:53 - 2017-12-06 12:53 - 084123096 _____ (GitHub, Inc.) C:\Users\Marc\Downloads\GitHubDesktopSetup.exe
2017-12-05 17:04 - 2017-12-05 17:04 - 000127599 _____ C:\Users\Marc\Downloads\test (7).zip
2017-12-05 16:00 - 2017-12-05 18:59 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Opera Software
2017-12-05 16:00 - 2017-12-05 18:59 - 000000000 ____D C:\Users\Marc\AppData\Local\Opera Software
2017-12-05 15:59 - 2017-12-05 18:59 - 000000000 ____D C:\Program Files\Opera
2017-12-05 15:59 - 2017-12-05 15:59 - 001266888 _____ (Opera Software) C:\Users\Marc\Downloads\OperaSetup.exe
2017-12-05 15:00 - 2017-12-05 15:08 - 000000000 ____D C:\Users\Marc\AppData\Local\Apple Computer
2017-12-05 15:00 - 2017-12-05 15:00 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Apple Computer
2017-12-05 14:56 - 2017-12-05 14:56 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\Users\Marc\AppData\Local\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\ProgramData\Apple
2017-12-05 14:56 - 2017-12-05 14:56 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-04 15:33 - 2017-12-04 15:34 - 000105339 _____ C:\Users\Marc\Downloads\test (6).zip
2017-12-03 11:49 - 2017-12-03 11:49 - 007522302 _____ C:\Users\Marc\Downloads\test (5).zip
2017-12-03 09:46 - 2017-12-03 09:46 - 006631540 _____ C:\Users\Marc\Downloads\test (4).zip
2017-12-03 08:46 - 2017-12-03 08:46 - 002870984 _____ (ESET) C:\Users\Marc\Downloads\esetsmartinstaller_deu (1).exe
2017-12-02 14:25 - 2017-12-06 09:26 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-02 14:25 - 2017-12-02 14:25 - 000001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-02 14:25 - 2017-12-02 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-02 14:25 - 2017-12-02 14:25 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-12-02 14:25 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-02 14:10 - 2017-12-02 14:10 - 000457853 _____ C:\Users\Marc\Downloads\31170_4_D-de_VELIND Destilliertes Wasser.pdf
2017-12-02 13:14 - 2017-12-02 13:14 - 000000000 ____D C:\Windows.old
2017-12-02 12:30 - 2017-12-02 12:30 - 000000221 _____ C:\Users\Marc\Desktop\websitetodo.txt
2017-12-02 12:28 - 2017-12-02 12:28 - 008187336 _____ (Malwarebytes) C:\Users\Marc\Downloads\adwcleaner_7.0.5.0.exe
2017-12-02 12:26 - 2017-12-02 12:30 - 000000000 ____D C:\AdwCleaner
2017-12-02 12:26 - 2017-12-02 12:26 - 008261584 _____ (Malwarebytes) C:\Users\Marc\Downloads\AdwCleaner_7.0.4.0.exe
2017-12-01 11:03 - 2017-12-01 11:03 - 007916104 _____ (Tim Kosse) C:\Users\Marc\Downloads\FileZilla_3.29.0_win64-setup.exe
2017-12-01 10:46 - 2017-12-01 10:46 - 000016151 _____ C:\Users\Marc\Downloads\testbyclient.zip
2017-12-01 06:42 - 2017-12-01 06:42 - 000017930 _____ C:\Users\Marc\Downloads\test (3).zip
2017-11-30 18:13 - 2017-11-30 18:13 - 007520421 _____ C:\Users\Marc\Downloads\test (2).zip
2017-11-30 17:19 - 2017-11-30 17:19 - 000024615 _____ C:\Users\Marc\Downloads\DP0RXXKX0AAnGVV.jpg_large
2017-11-30 15:10 - 2017-11-30 15:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign4e254ec64a487acd
2017-11-30 15:06 - 2017-11-30 15:06 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign01cfc09067cf45d1
2017-11-30 12:45 - 2017-11-30 12:46 - 005264487 _____ C:\Users\Marc\Downloads\flippy_affilateplatform_4.0.0 (1).zip
2017-11-29 14:19 - 2017-11-29 14:20 - 007520366 _____ C:\Users\Marc\Downloads\test (1).zip
2017-11-29 14:11 - 2017-11-29 14:11 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign90c61549c9b91ef9
2017-11-29 14:11 - 2017-11-29 14:11 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign88f0b9f929e0794e
2017-11-29 14:10 - 2017-11-29 14:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignfcc1617660428c7e
2017-11-29 14:10 - 2017-11-29 14:10 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignf67f7c44adc50cbe
2017-11-29 13:35 - 2017-11-29 13:35 - 000019444 _____ C:\Users\Marc\Downloads\viewcart (1).php
2017-11-29 12:40 - 2017-11-29 12:40 - 000019440 _____ C:\Users\Marc\Downloads\viewcart.php
2017-11-29 12:37 - 2017-11-29 12:37 - 000014875 _____ C:\Users\Marc\Downloads\thanks-customer (1).php
2017-11-29 11:27 - 2017-11-29 11:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign7ff7ad44d0026d64
2017-11-29 11:26 - 2017-11-29 11:26 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign3564b2197b7b735a
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignab2de1246b92bd84
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign53b3fb958974dcb0
2017-11-29 11:21 - 2017-11-29 11:21 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign2579d0d7edb0e60c
2017-11-29 11:04 - 2017-11-29 11:05 - 000000000 ____D C:\Users\Marc\Downloads\likecoppersupdate
2017-11-29 11:04 - 2017-11-29 11:04 - 009739100 _____ C:\Users\Marc\Downloads\likecoppersupdate.zip
2017-11-29 07:45 - 2017-11-29 07:48 - 000013969 _____ C:\Users\Marc\Downloads\thanks-customer.php
2017-11-29 07:19 - 2017-11-29 07:19 - 009702659 _____ C:\Users\Marc\Downloads\likecoppers (2).zip
2017-11-29 07:01 - 2017-11-29 07:01 - 000012637 _____ C:\Users\Marc\Downloads\test.zip
2017-11-29 06:33 - 2017-11-29 06:33 - 000018915 _____ C:\Users\Marc\Downloads\checkout (2).php
2017-11-29 06:28 - 2017-11-29 06:28 - 000001138 _____ C:\Users\Marc\Documents\code.txt
2017-11-29 06:16 - 2017-11-29 06:16 - 000018922 _____ C:\Users\Marc\Downloads\checkout (1).php
2017-11-29 06:10 - 2017-11-29 06:10 - 000018910 _____ C:\Users\Marc\Downloads\checkout.php
2017-11-28 17:20 - 2017-11-28 17:20 - 014322210 _____ C:\Users\Marc\Downloads\httpd.www (4).zip
2017-11-28 17:17 - 2017-11-28 17:17 - 000000000 ____D C:\Users\Marc\Desktop\checkout
2017-11-28 17:12 - 2017-11-28 17:12 - 009702659 _____ C:\Users\Marc\Downloads\likecoppers (1).zip
2017-11-28 16:24 - 2017-11-28 16:24 - 002239726 _____ C:\Users\Marc\Downloads\Malucha.PDF
2017-11-28 14:25 - 2017-11-28 14:25 - 000069186 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (3).PDF
2017-11-28 14:25 - 2017-11-28 14:25 - 000069186 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (2).PDF
2017-11-28 14:16 - 2017-11-28 14:16 - 000069187 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC (1).PDF
2017-11-28 14:16 - 2017-11-28 14:16 - 000067319 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Streichungsbestaetigung_fuer_CA17111W1095_CHROMEDX_CORP.PDF
2017-11-28 08:57 - 2017-11-28 08:57 - 000069187 _____ C:\Users\Marc\Downloads\20171128_Wertpapier_Abrechnung_fuer_CA56575M1086_MARAPHARM_VENTURES_INC.PDF
2017-11-28 07:23 - 2017-11-28 07:24 - 000012389 _____ C:\Users\Marc\Downloads\thanks-customer.html
2017-11-28 07:23 - 2017-11-28 07:23 - 000009262 _____ C:\Users\Marc\Downloads\cancel.html
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc2d52049e2bbbbda
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign5b279e107cee850d
2017-11-28 01:43 - 2017-11-28 01:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0738be919edb918f
2017-11-28 01:39 - 2017-11-28 01:39 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignafe76f04b7750bd5
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignb581bfe39342a53d
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign828b31903f5825fc
2017-11-28 01:38 - 2017-11-28 01:38 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign3f9b22f61f57bd8b
2017-11-26 07:14 - 2017-11-26 07:14 - 000521556 _____ C:\Users\Marc\Downloads\S GUIDE.pdf
2017-11-26 03:19 - 2017-11-26 03:19 - 000190274 _____ C:\Users\Marc\Downloads\Hesi Feeding Chart.pdf
2017-11-25 14:24 - 2017-11-25 14:24 - 000150111 _____ C:\Users\Marc\Downloads\2017_11rechnung_4771182973.pdf
2017-11-24 23:13 - 2017-11-24 23:13 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign08ffbdef97a63834
2017-11-24 23:07 - 2017-11-24 23:07 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign4460f6078019a9c2
2017-11-24 21:57 - 2017-11-24 21:57 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignde7620919abea5fb
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc405c8d130bef297
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign6b0ea284e03735e9
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign34283d6757bc31df
2017-11-24 21:55 - 2017-11-24 21:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign1cdab42237517bf6
2017-11-23 00:07 - 2017-11-17 10:46 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-23 00:07 - 2017-11-17 10:46 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-23 00:07 - 2017-11-17 10:46 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-23 00:07 - 2017-11-17 10:41 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-23 00:07 - 2017-11-17 10:39 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-23 00:07 - 2017-11-17 10:39 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-23 00:07 - 2017-11-17 10:39 - 000643200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-23 00:07 - 2017-11-17 10:37 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-23 00:07 - 2017-11-17 10:36 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-23 00:07 - 2017-11-17 10:31 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-23 00:07 - 2017-11-17 10:11 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-23 00:07 - 2017-11-17 10:03 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-23 00:07 - 2017-11-17 10:00 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-23 00:07 - 2017-11-17 09:59 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-23 00:07 - 2017-11-17 09:56 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-23 00:07 - 2017-11-17 09:54 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-23 00:07 - 2017-11-17 09:52 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-23 00:07 - 2017-11-17 09:51 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-22 20:08 - 2017-11-22 20:08 - 000134138 _____ C:\Users\Marc\Downloads\11 Bevoelkerung mit Migrationshintergrund III.pdf
2017-11-22 20:07 - 2017-11-22 20:07 - 000129771 _____ C:\Users\Marc\Downloads\01 Auslaendische Bevoelkerung.pdf
2017-11-22 20:07 - 2017-11-22 20:07 - 000129771 _____ C:\Users\Marc\Downloads\01 Auslaendische Bevoelkerung (1).pdf
2017-11-22 16:25 - 2017-11-22 16:25 - 000010815 _____ C:\Users\Marc\Downloads\blanks.html
2017-11-21 23:49 - 2017-11-21 23:49 - 019222358 _____ C:\Users\Marc\Downloads\checkout.psd
2017-11-21 20:51 - 2017-11-21 20:51 - 009722584 _____ C:\Users\Marc\Downloads\likecoppers.zip
2017-11-21 20:36 - 2017-11-21 20:36 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign782df9d8c67ddbc0
2017-11-21 19:31 - 2017-11-21 19:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc54853ab2304e66c
2017-11-21 19:15 - 2017-11-21 19:15 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign98242f98bdd28717
2017-11-21 17:05 - 2017-11-21 17:05 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna1e1c20e8eeb4ca8
2017-11-21 16:54 - 2017-11-21 16:54 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0a635e0924cf4cc0
2017-11-21 16:53 - 2017-11-21 16:53 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbf1f52b31dc49489
2017-11-21 16:48 - 2017-11-21 16:48 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign9cb540e57ac80e68
2017-11-21 16:45 - 2017-11-21 16:45 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignac014509d31a7265
2017-11-21 16:45 - 2017-11-21 16:45 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign42b23aa879965569
2017-11-21 16:44 - 2017-11-21 16:44 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign26eba680525f6b8d
2017-11-21 16:31 - 2017-11-21 16:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign96f7ad49d4b160c2
2017-11-21 16:29 - 2017-11-21 16:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign406a7462ac246081
2017-11-21 16:28 - 2017-11-21 16:28 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigndee0cd3e619be88d
2017-11-21 16:28 - 2017-11-21 16:28 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignd685aa0eabd62b91
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna61870ff3d570abb
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign181edacc8e37cc75
2017-11-21 16:27 - 2017-11-21 16:27 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign1317b64d0549eaea
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignc7e5ed78f862fe88
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign98cc1631eee7068a
2017-11-19 18:35 - 2017-11-19 18:35 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign29154994fa1fffbd
2017-11-19 17:36 - 2017-11-19 17:37 - 111053138 _____ C:\Users\Marc\Downloads\httpd.www (3).zip
2017-11-19 17:19 - 2017-11-19 17:19 - 110067043 _____ C:\Users\Marc\Downloads\httpd.www (2).zip
2017-11-19 13:30 - 2017-11-19 13:30 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign28e1009a6ebdf945
2017-11-19 11:00 - 2017-11-19 11:00 - 001542768 _____ C:\Users\Marc\Downloads\water-09-00454-v2.pdf
2017-11-19 09:43 - 2017-11-19 09:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna56a0e75e72d7768
2017-11-19 09:43 - 2017-11-19 09:43 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign9a54233f32072cfe
2017-11-19 09:42 - 2017-11-19 09:42 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbeb4eabb30acce51
2017-11-19 09:42 - 2017-11-19 09:42 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna99a02dc0c132469
2017-11-19 08:08 - 2017-11-19 08:08 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign59f9e11be32a8d34
2017-11-19 08:04 - 2017-11-19 08:04 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigncc984aaa89479f51
2017-11-19 07:53 - 2017-11-19 07:53 - 000050265 _____ C:\Users\Marc\Downloads\disposabledroid-bb.zip
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign80a99a65a892ca08
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign5f51e5912bba1101
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign191e079e6027eb82
2017-11-19 07:29 - 2017-11-19 07:29 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign16076731447ec462
2017-11-19 07:28 - 2017-11-19 07:28 - 000000823 _____ C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
2017-11-19 05:19 - 2017-11-19 05:19 - 001006100 _____ C:\Users\Marc\Downloads\tinified (18).zip
2017-11-19 05:18 - 2017-11-19 05:18 - 001322667 _____ C:\Users\Marc\Downloads\tinified (17).zip
2017-11-19 05:17 - 2017-11-19 05:17 - 001336719 _____ C:\Users\Marc\Downloads\tinified (16).zip
2017-11-19 05:14 - 2017-11-19 05:14 - 000166535 _____ C:\Users\Marc\Downloads\tinified (15).zip
2017-11-19 05:13 - 2017-11-19 05:14 - 000922288 _____ C:\Users\Marc\Downloads\tinified (14).zip
2017-11-19 05:12 - 2017-11-19 05:12 - 001044536 _____ C:\Users\Marc\Downloads\tinified (13).zip
2017-11-19 05:11 - 2017-11-19 05:11 - 000482131 _____ C:\Users\Marc\Downloads\tinified (12).zip
2017-11-19 05:10 - 2017-11-19 05:10 - 001172965 _____ C:\Users\Marc\Downloads\tinified (11).zip
2017-11-19 05:08 - 2017-11-19 05:08 - 001537196 _____ C:\Users\Marc\Downloads\tinified (10).zip
2017-11-19 04:57 - 2017-11-19 04:58 - 015235767 _____ C:\Users\Marc\Downloads\uploaded_images.zip
2017-11-19 04:47 - 2017-11-19 04:47 - 000150421 _____ C:\Users\Marc\Downloads\js (2).zip
2017-11-19 04:42 - 2017-11-19 04:42 - 000050346 _____ C:\Users\Marc\Downloads\css.zip
2017-11-19 00:29 - 2017-11-19 00:29 - 000059697 _____ C:\Users\Marc\Downloads\sitemap (2).xml
2017-11-18 23:50 - 2017-11-18 23:50 - 000007344 _____ C:\Users\Marc\Downloads\tinified (9).zip
2017-11-18 23:49 - 2017-11-18 23:49 - 000034261 _____ C:\Users\Marc\Downloads\images (1).zip
2017-11-18 23:26 - 2017-11-18 23:26 - 000000526 _____ C:\Users\Marc\Downloads\images.zip
2017-11-18 23:17 - 2017-11-18 23:18 - 000475920 _____ C:\Users\Marc\Documents\design3.psd
2017-11-18 23:17 - 2017-11-18 23:17 - 000482677 _____ C:\Users\Marc\Documents\design1.psd
2017-11-18 23:17 - 2017-11-18 23:17 - 000463971 _____ C:\Users\Marc\Documents\design2.psd
2017-11-18 22:31 - 2017-11-18 22:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign36b82f2f6ac79c93
2017-11-18 22:17 - 2017-11-18 22:17 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign479347ec3f3905f9
2017-11-18 22:05 - 2017-11-18 22:05 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignff9a510c1d92dd9f
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigne665661293406263
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsignbbdc7a1795033f36
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsigna07b7d2c82e2f043
2017-11-18 21:49 - 2017-11-18 21:49 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign7d3731bb37c55b5d
2017-11-18 20:46 - 2017-11-18 20:46 - 000085497 _____ C:\Users\Marc\Downloads\js-index2.js
2017-11-18 20:45 - 2017-11-18 20:45 - 000085498 _____ C:\Users\Marc\Downloads\js-index.js.000
2017-11-18 20:45 - 2017-11-18 20:45 - 000085498 _____ C:\Users\Marc\Downloads\js-index.js
2017-11-18 20:45 - 2017-11-18 20:45 - 000085497 _____ C:\Users\Marc\Downloads\js-index.js.001
2017-11-18 20:39 - 2017-11-18 20:39 - 000066005 _____ C:\Users\Marc\Downloads\js (1).zip
2017-11-18 20:27 - 2017-11-18 20:27 - 000084332 _____ C:\Users\Marc\Downloads\js.zip
2017-11-18 19:33 - 2017-11-18 19:34 - 039049333 _____ C:\Users\Marc\Downloads\httpd.www (1).zip
2017-11-18 19:21 - 2017-11-18 19:21 - 000059697 _____ C:\Users\Marc\Downloads\sitemap (1).xml
2017-11-18 19:09 - 2017-11-18 19:09 - 000077160 _____ C:\Users\Marc\Downloads\fontawesome-webfont.woff2
2017-11-18 17:37 - 2017-11-18 17:37 - 000007192 _____ C:\Users\Marc\Downloads\tinified (8).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000049952 _____ C:\Users\Marc\Downloads\tinified (5).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000026436 _____ C:\Users\Marc\Downloads\tinified (6).zip
2017-11-18 17:35 - 2017-11-18 17:35 - 000015407 _____ C:\Users\Marc\Downloads\tinified (7).zip
2017-11-18 17:33 - 2017-11-18 17:33 - 000311675 _____ C:\Users\Marc\Downloads\logo_a.zip
2017-11-18 17:32 - 2017-11-18 17:32 - 000003712 _____ C:\Users\Marc\Downloads\tinified (4).zip
2017-11-18 17:31 - 2017-11-18 17:31 - 000013077 _____ C:\Users\Marc\Downloads\img.zip
2017-11-18 17:27 - 2017-11-18 17:27 - 000007396 _____ C:\Users\Marc\Downloads\tinified (3).zip
2017-11-18 17:26 - 2017-11-18 17:26 - 000072414 _____ C:\Users\Marc\Downloads\logo (1).zip
2017-11-18 17:26 - 2017-11-18 17:26 - 000015380 _____ C:\Users\Marc\Downloads\tinified (2).zip
2017-11-18 17:21 - 2017-11-18 17:21 - 000027179 _____ C:\Users\Marc\Downloads\tinified (1).zip
2017-11-18 17:18 - 2017-11-18 17:18 - 000051382 _____ C:\Users\Marc\Downloads\tinified.zip
2017-11-18 17:13 - 2017-11-18 23:39 - 000000000 ____D C:\Users\Marc\Documents\resize images
2017-11-18 17:12 - 2017-11-18 17:13 - 000309274 _____ C:\Users\Marc\Downloads\logo.zip
2017-11-18 06:23 - 2017-12-07 11:42 - 000000000 ____D C:\Users\Marc\Documents\backup of every website
2017-11-18 06:23 - 2017-11-18 06:23 - 006889534 _____ C:\Users\Marc\Downloads\httpd.www.zip
2017-11-18 02:32 - 2017-11-18 02:32 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign009bb6b9f2398954
2017-11-18 02:31 - 2017-11-18 02:31 - 000000000 ____D C:\Users\Marc\AppData\Local\Tempzxpsign0411acc87206ed09
2017-11-17 20:30 - 2017-11-17 20:30 - 000004096 _____ C:\Users\Marc\Downloads\_Thumbs.db
2017-11-17 03:53 - 2017-11-17 03:53 - 000000529 _____ C:\Users\Marc\Downloads\mail.php
2017-11-17 03:00 - 2017-11-17 03:00 - 000114466 _____ C:\Users\Marc\Downloads\PHPMailer-master.zip
2017-11-17 01:55 - 2017-11-17 01:55 - 000002971 _____ C:\Users\Marc\Downloads\contact_us.php
2017-11-17 01:53 - 2017-11-17 01:53 - 005264487 _____ C:\Users\Marc\Downloads\flippy_affilateplatform_4.0.0.zip
2017-11-17 00:03 - 2017-11-16 23:40 - 000040847 _____ C:\Users\Marc\Downloads\sitemap - Kopie.xml
2017-11-16 22:41 - 2017-11-16 23:14 - 000022801 _____ C:\Users\Marc\Downloads\sitemap2.xml
2017-11-16 22:39 - 2017-11-16 23:40 - 000040847 _____ C:\Users\Marc\Downloads\sitemap.xml
2017-11-16 22:24 - 2017-11-16 22:24 - 000001982 _____ C:\Users\Marc\Downloads\rss_all.php
2017-11-16 02:09 - 2017-11-16 02:15 - 000106077 _____ C:\Users\Marc\Downloads\listings.sql
2017-11-15 19:41 - 2017-11-15 20:01 - 001752244 _____ C:\Users\Marc\Downloads\jokes (2).sql
2017-11-15 19:32 - 2017-11-15 19:32 - 000011517 _____ C:\Users\Marc\Downloads\add.php
2017-11-15 19:08 - 2017-11-15 19:09 - 008824924 _____ C:\Users\Marc\Downloads\jokebrothers_com_mysql.sql
2017-11-15 19:05 - 2017-11-15 19:05 - 001751596 _____ C:\Users\Marc\Downloads\jokes (1).sql
2017-11-15 18:47 - 2017-11-15 18:47 - 001751596 _____ C:\Users\Marc\Downloads\jokes.sql
2017-11-15 17:40 - 2017-11-02 06:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 17:40 - 2017-11-02 05:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 17:40 - 2017-11-02 05:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 17:40 - 2017-11-02 05:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 17:40 - 2017-11-02 05:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 17:40 - 2017-11-02 05:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 17:40 - 2017-11-02 05:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 17:40 - 2017-11-02 05:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 17:40 - 2017-11-02 05:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 17:40 - 2017-11-02 05:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 17:40 - 2017-11-02 05:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 17:40 - 2017-11-02 05:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 17:40 - 2017-11-02 05:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 17:40 - 2017-11-02 05:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 17:40 - 2017-11-02 05:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 17:40 - 2017-10-25 08:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 17:40 - 2017-10-15 16:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 17:40 - 2017-10-15 15:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 17:40 - 2017-10-15 15:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 17:40 - 2017-10-15 15:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 17:40 - 2017-10-15 15:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 17:39 - 2017-11-02 05:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 17:39 - 2017-11-02 05:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 17:39 - 2017-11-02 05:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 17:39 - 2017-11-02 05:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 17:39 - 2017-11-02 05:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 17:39 - 2017-11-02 05:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 17:39 - 2017-11-02 05:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 17:39 - 2017-11-02 05:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 17:39 - 2017-11-02 05:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 17:39 - 2017-11-02 05:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 17:39 - 2017-11-02 05:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 17:39 - 2017-11-02 05:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 17:39 - 2017-11-02 05:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 17:39 - 2017-11-02 05:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 17:39 - 2017-11-02 05:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 17:39 - 2017-11-02 05:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 17:39 - 2017-11-02 05:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 17:39 - 2017-11-02 05:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 17:39 - 2017-11-02 05:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 17:39 - 2017-11-02 05:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 17:39 - 2017-10-15 16:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 17:39 - 2017-10-15 16:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 17:39 - 2017-10-15 15:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 17:39 - 2017-10-15 15:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 17:39 - 2017-10-15 15:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 17:39 - 2017-10-15 15:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 17:39 - 2017-10-15 15:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 17:39 - 2017-10-15 15:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 17:39 - 2017-10-15 15:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 17:36 - 2017-11-02 06:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 17:36 - 2017-11-02 05:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 17:36 - 2017-11-02 05:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 17:36 - 2017-11-02 05:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 17:36 - 2017-11-02 05:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 17:36 - 2017-11-02 05:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 17:35 - 2017-11-02 06:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 17:35 - 2017-11-02 06:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 17:35 - 2017-11-02 06:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 17:35 - 2017-11-02 06:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 17:35 - 2017-11-02 06:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 17:35 - 2017-11-02 06:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 17:35 - 2017-11-02 05:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 17:35 - 2017-11-02 05:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 17:35 - 2017-11-02 05:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 17:35 - 2017-11-02 05:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 17:35 - 2017-11-02 05:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 17:35 - 2017-11-02 05:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 17:35 - 2017-11-02 05:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 17:35 - 2017-11-02 05:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 17:35 - 2017-11-02 05:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 17:35 - 2017-11-02 05:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 17:35 - 2017-11-02 05:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 17:35 - 2017-11-02 05:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 17:35 - 2017-11-02 05:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 17:35 - 2017-11-02 05:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 17:35 - 2017-11-02 05:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 17:35 - 2017-11-02 05:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 17:35 - 2017-11-02 05:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 17:35 - 2017-11-02 05:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 17:35 - 2017-11-02 05:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 17:35 - 2017-10-15 15:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 17:35 - 2017-10-15 15:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 17:35 - 2017-10-15 15:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 17:35 - 2017-10-15 15:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 17:35 - 2017-10-15 15:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 17:35 - 2017-10-15 15:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 17:35 - 2017-10-15 15:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 17:35 - 2017-10-15 15:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 17:34 - 2017-11-02 06:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 17:34 - 2017-11-02 06:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 17:34 - 2017-11-02 06:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 17:34 - 2017-11-02 06:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 17:34 - 2017-11-02 06:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 17:34 - 2017-11-02 06:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 17:34 - 2017-11-02 06:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 17:34 - 2017-11-02 06:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 17:34 - 2017-11-02 06:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 17:34 - 2017-11-02 06:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 17:34 - 2017-11-02 05:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 17:34 - 2017-11-02 05:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 17:34 - 2017-11-02 05:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 17:34 - 2017-11-02 05:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 17:34 - 2017-11-02 05:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 17:34 - 2017-11-02 05:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 17:34 - 2017-11-02 05:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 17:34 - 2017-11-02 05:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 17:34 - 2017-11-02 05:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 17:34 - 2017-11-02 05:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 17:34 - 2017-11-02 05:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 17:34 - 2017-11-02 05:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 17:34 - 2017-11-02 05:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 17:34 - 2017-11-02 05:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 17:34 - 2017-11-02 05:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 17:34 - 2017-10-15 15:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 17:34 - 2017-10-15 15:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 17:34 - 2017-10-15 15:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 17:34 - 2017-10-15 15:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 17:34 - 2017-10-15 15:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 17:34 - 2017-10-15 15:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 17:34 - 2017-10-15 15:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 17:34 - 2017-10-15 15:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 17:34 - 2017-10-15 15:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 17:33 - 2017-11-02 06:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 17:33 - 2017-11-02 06:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 17:33 - 2017-11-02 06:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 17:33 - 2017-11-02 06:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 17:33 - 2017-11-02 06:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 17:33 - 2017-11-02 05:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 17:33 - 2017-11-02 05:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 17:33 - 2017-11-02 05:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 17:33 - 2017-11-02 05:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 17:33 - 2017-11-02 05:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 17:33 - 2017-11-02 05:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 17:33 - 2017-11-02 05:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 17:33 - 2017-11-02 05:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 17:33 - 2017-11-02 05:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 17:33 - 2017-11-02 05:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 17:33 - 2017-10-15 15:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 17:33 - 2017-10-15 15:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 17:33 - 2017-10-15 15:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 17:33 - 2017-10-15 15:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 17:33 - 2017-10-15 15:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-14 23:42 - 2017-11-14 23:42 - 000005830 _____ C:\Users\Marc\AppData\Local\recently-used.xbel
2017-11-14 21:28 - 2017-11-14 21:29 - 072981771 _____ C:\Users\Marc\Desktop\httpd.www.zip
2017-11-14 21:15 - 2017-11-14 23:42 - 000000000 ____D C:\Users\Marc\AppData\Local\gtk-2.0
2017-11-14 21:06 - 2017-11-14 23:40 - 000000000 ____D C:\Users\Marc\.gimp-2.8
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\AppData\Local\gegl-0.2
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\AppData\Local\fontconfig
2017-11-14 21:06 - 2017-11-14 21:06 - 000000000 ____D C:\Users\Marc\.thumbnails
2017-11-14 21:05 - 2017-11-14 21:05 - 000000683 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-11-14 16:26 - 2017-11-14 16:26 - 000041952 _____ C:\Users\Marc\Downloads\RG002469 (1).pdf
2017-11-14 13:50 - 2017-12-02 13:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-11-14 13:49 - 2017-12-02 13:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-14 13:49 - 2017-11-14 13:49 - 000097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Sun
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Sun
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\ProgramData\Oracle
2017-11-14 13:49 - 2017-11-14 13:49 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-14 13:48 - 2017-11-14 13:48 - 001852992 _____ (Oracle Corporation) C:\Users\Marc\Downloads\JavaSetup8u151.exe
2017-11-12 01:32 - 2017-11-12 01:32 - 001416592 _____ C:\Users\Marc\Downloads\bookmarks_12.11.17.html
2017-11-11 16:48 - 2017-11-11 16:48 - 000041952 _____ C:\Users\Marc\Downloads\RG002469.pdf
2017-11-07 19:55 - 2017-11-07 19:55 - 002875273 _____ C:\Users\Marc\Downloads\2ee8156f24657141.mp4
2017-11-07 18:08 - 2017-11-07 18:08 - 000428328 _____ C:\Users\Marc\Downloads\4798185_t201501069.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-12-07 17:34 - 2016-11-28 16:02 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Skype
2017-12-07 17:16 - 2017-08-12 21:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-07 15:33 - 2017-03-18 22:01 - 000000000 ____D C:\WINDOWS\INF
2017-12-07 11:55 - 2017-08-12 21:31 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{882D50A6-925B-4CF2-A990-2B3E317B6FFC}
2017-12-07 06:25 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-06 22:12 - 2017-10-11 13:18 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-06 22:12 - 2017-10-11 13:18 - 000002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-06 18:50 - 2016-12-07 07:32 - 000000000 ____D C:\Users\Marc\AppData\LocalLow\Mozilla
2017-12-06 12:54 - 2017-08-12 21:25 - 000000000 ____D C:\Users\Marc
2017-12-06 09:32 - 2017-08-12 21:35 - 003624024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-06 09:32 - 2017-03-20 05:35 - 001768032 _____ C:\WINDOWS\system32\perfh007.dat
2017-12-06 09:32 - 2017-03-20 05:35 - 000432086 _____ C:\WINDOWS\system32\perfc007.dat
2017-12-06 09:32 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-06 09:27 - 2016-11-28 16:00 - 000000000 __SHD C:\Users\Marc\IntelGraphicsProfiles
2017-12-06 09:26 - 2017-08-12 21:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-06 00:00 - 2017-01-16 14:43 - 000000000 ____D C:\Users\Marc\AppData\Local\PokerStars.EU
2017-12-05 18:59 - 2017-09-11 15:01 - 000000000 ____D C:\Program Files (x86)\PokerStars.EU
2017-12-05 13:35 - 2017-04-19 09:19 - 000000000 ____D C:\Users\Marc\AppData\Roaming\FileZilla
2017-12-03 20:56 - 2017-08-11 09:14 - 000000000 ___DC C:\WINDOWS\Panther
2017-12-03 20:45 - 2017-08-12 21:32 - 000060963 _____ C:\WINDOWS\diagwrn.xml
2017-12-03 20:45 - 2017-08-12 21:32 - 000060963 _____ C:\WINDOWS\diagerr.xml
2017-12-03 20:18 - 2017-03-18 12:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-03 20:12 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Registration
2017-12-03 20:11 - 2017-09-30 16:00 - 000000000 ___HD C:\$WINDOWS.~BT
2017-12-03 09:43 - 2017-11-05 07:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holdem Indicator
2017-12-03 09:43 - 2017-11-05 07:25 - 000000000 ____D C:\Program Files (x86)\Holdem Indicator
2017-12-02 15:25 - 2016-12-06 21:09 - 000000000 ____D C:\Users\Marc\AppData\Local\ElevatedDiagnostics
2017-12-02 13:24 - 2017-03-18 22:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 13:23 - 2016-08-23 17:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-12-02 13:05 - 2017-08-12 21:23 - 000380520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-12-02 13:05 - 2017-06-28 18:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-02 13:05 - 2016-05-05 17:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 13:04 - 2017-11-06 07:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tournament Indicator
2017-12-02 13:04 - 2017-10-12 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-12-02 13:04 - 2017-10-03 15:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin
2017-12-02 13:04 - 2017-09-17 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear
2017-12-02 13:04 - 2017-09-13 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon
2017-12-02 13:04 - 2017-09-11 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
2017-12-02 13:04 - 2017-08-25 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-12-02 13:04 - 2017-08-12 21:25 - 000000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2017-12-02 13:04 - 2017-08-12 21:24 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-02 13:04 - 2017-08-12 21:24 - 000000000 ____D C:\Program Files\Intel
2017-12-02 13:04 - 2017-07-18 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCryptor
2017-12-02 13:04 - 2017-07-10 18:48 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-02 13:04 - 2017-06-01 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2017-12-02 13:04 - 2017-04-29 11:51 - 000000000 ____D C:\WINDOWS\ShellNew
2017-12-02 13:04 - 2017-04-29 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2017-12-02 13:04 - 2017-04-25 23:13 - 000000000 ____D C:\Program Files\UNP
2017-12-02 13:04 - 2017-04-19 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Help
2017-12-02 13:04 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-02 13:04 - 2017-03-16 22:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-12-02 13:04 - 2017-01-24 01:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-12-02 13:04 - 2017-01-20 18:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-12-02 13:04 - 2016-12-04 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-12-02 13:04 - 2016-12-04 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-12-02 13:04 - 2016-11-29 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-12-02 13:04 - 2016-11-29 15:34 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-12-02 13:04 - 2016-11-28 15:53 - 000000000 ____D C:\WINDOWS\oem
2017-12-02 13:04 - 2016-08-23 19:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2017-12-02 13:04 - 2016-08-23 19:07 - 000000000 ____D C:\WINDOWS\system32\ihvmanager
2017-12-02 13:04 - 2016-08-23 18:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-12-02 13:04 - 2016-08-23 17:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-12-02 13:04 - 2016-05-05 17:08 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-12-02 13:04 - 2016-05-05 17:07 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2017-12-02 12:35 - 2017-03-18 12:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-12-01 02:37 - 2016-11-28 19:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-01 02:33 - 2017-10-10 19:15 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-01 02:33 - 2016-11-28 19:36 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-30 08:41 - 2016-05-05 17:08 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-28 11:21 - 2017-09-13 17:54 - 000001315 _____ C:\Users\Marc\AppData\Roaming\SAS7_000.DAT
2017-11-27 14:50 - 2017-11-05 07:48 - 000000000 ____D C:\Users\Marc\Documents\888poker
2017-11-26 22:50 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-26 05:53 - 2017-10-24 11:37 - 000006286 _____ C:\Users\Marc\Desktop\züchtung.txt
2017-11-25 05:22 - 2016-02-13 14:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-23 00:09 - 2017-03-18 21:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 15:36 - 2016-12-02 15:04 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-18 18:26 - 2016-11-30 16:20 - 000000000 ____D C:\ProgramData\Skype
2017-11-18 17:30 - 2017-02-06 12:42 - 001421312 ___SH C:\Users\Marc\Downloads\Thumbs.db
2017-11-18 17:27 - 2017-01-26 03:41 - 000094208 ___SH C:\Users\Marc\Desktop\Thumbs.db
2017-11-18 02:32 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Adobe
2017-11-18 02:31 - 2017-10-03 16:48 - 000000000 ____D C:\Users\Marc\AppData\Roaming\NVIDIA
2017-11-17 05:39 - 2017-11-05 07:48 - 000002026 _____ C:\Users\Marc\Desktop\888poker.lnk
2017-11-17 05:38 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Local\VirtualStore
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 23:02 - 2017-03-18 22:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:06 - 2017-10-11 13:18 - 000003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-15 17:06 - 2017-10-11 13:18 - 000003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-15 01:33 - 2016-11-28 16:00 - 000000000 ____D C:\Users\Marc\AppData\Local\Packages
2017-11-14 20:47 - 2016-11-28 16:04 - 000000000 ____D C:\Users\Marc\AppData\Roaming\Mozilla
2017-11-14 13:48 - 2016-12-15 07:55 - 000000000 ____D C:\Users\Marc\AppData\Local\Adobe
2017-11-14 13:47 - 2017-08-21 02:44 - 000004702 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 13:47 - 2017-08-12 21:31 - 000004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-12 00:23 - 2017-11-06 07:23 - 000000000 ____D C:\Program Files (x86)\Tournament Indicator

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2017-09-13 17:54 - 2017-11-28 11:21 - 000001315 _____ () C:\Users\Marc\AppData\Roaming\SAS7_000.DAT
2017-11-14 23:42 - 2017-11-14 23:42 - 000005830 _____ () C:\Users\Marc\AppData\Local\recently-used.xbel
2016-12-06 18:25 - 2016-11-23 14:37 - 000000570 _____ () C:\Users\Marc\AppData\Local\TroubleshooterConfig.json

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-12-02 15:25

==================== Ende von FRST.txt ============================

Froschmann 07.12.2017 18:01
Additional.txt
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-12-2017
durchgeführt von Marc (07-12-2017 18:00:07)
Gestartet von C:\Users\Marc\Downloads
Windows 10 Home Version 1703 15063.729 (X64) (2017-08-12 20:34:03)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-721633766-3456424319-3093112155-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-721633766-3456424319-3093112155-503 - Limited - Disabled)
Gast (S-1-5-21-721633766-3456424319-3093112155-501 - Limited - Disabled)
Marc (S-1-5-21-721633766-3456424319-3093112155-1001 - Administrator - Enabled) => C:\Users\Marc

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
888poker (HKLM-x32\...\{F78E5FB8-7856-4A2C-A81B-6EDA12F81B01}) (Version: 7.4.00037 - 888) Hidden
888poker (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\InstallShield_{F78E5FB8-7856-4A2C-A81B-6EDA12F81B01}) (Version: 7.4.00037 - 888)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3027 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3023 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 375.95 - NVIDIA Corporation) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
AutoHotkey 1.1.25.01 (HKLM\...\AutoHotkey) (Version: 1.1.25.01 - Lexikos)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5917.02 - CyberLink Corp.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dragon 15 (HKLM-x32\...\{768AC460-237E-45B6-99B8-1DE6D0F391E8}) (Version: 15.00.000 - Nuance Communications Inc.)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
EPSON WF-2760 Series Printer Uninstall (HKLM\...\EPSON WF-2760 Series) (Version:  - Seiko Epson Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Ghost Control 3.0.6 (HKLM-x32\...\Ghost Control_is1) (Version:  - N.R.S.)
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Git version 2.13.2 (HKLM\...\Git_is1) (Version: 2.13.2 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\GitHubDesktop) (Version: 1.0.10 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Holdem Indicator 2.9.6.0 (HKLM-x32\...\Holdem Indicator_is1) (Version:  - hxxp://www.HoldemIndicator.com)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{61a0f1f5-c77e-4992-ba85-029f93cd8d18}) (Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Malwarebytes Version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM-x32\...\{F8A2A208-72B3-4D61-95FC-8A65D340689B}_is1) (Version: 1.13.1 - Microsoft Corporation)
Mozilla Firefox 57.0.1 (x64 de) (HKLM\...\Mozilla Firefox 57.0.1 (x64 de)) (Version: 57.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.1.6541 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA Grafiktreiber 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tournament Indicator 2.6.0.0 (HKLM-x32\...\Tournament Indicator_is1) (Version:  - hxxp://www.TournamentIndicator.com)
TunnelBear (HKLM-x32\...\{8092fbe5-9e59-4729-a5de-5bb6a64873cc}) (Version: 3.0.37.12 - TunnelBear)
TunnelBear (HKLM-x32\...\{ABC9BE61-B890-4100-BCA4-5AC3BF1F3CB5}) (Version: 3.0.37.12 - TunnelBear) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Winner Poker (HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\winnerpoker) (Version: 1.1.1.35 - Winner Poker)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-721633766-3456424319-3093112155-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Marc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxDTCM.dll [2017-02-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0481BC6E-5635-4CA5-9A47-AC5F661D507F} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-01-20] ()
Task: {1219C36E-B6F0-47AC-B8C1-D71B3F7457E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)
Task: {171E2F16-7D52-4AFD-92B1-0869BF5D85A6} - System32\Tasks\EPSON WF-2760 Series Update {C8EC83F3-0518-4374-B434-D11713730F69} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {207DC15A-70EC-439B-89F8-9BA9F1C08A72} - System32\Tasks\EPSON WF-2760 Series Update {B6CFA1C1-110C-426C-80BD-40BB944004D8} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {2F2090A3-917D-4EB2-8B3B-C25A373CEC79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {355F852A-7001-4393-A65A-7457F7E17AF9} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-01-20] ()
Task: {4207B2C7-9F0A-45DA-BF1B-0EF9A2356C0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {4B3A6DEF-7085-4318-8ECE-48E36EA5909D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {55B0F94A-287A-4D03-8B01-0FA86CEFE6F7} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {5740D63E-86DA-4729-87CF-D6FC0B97FD60} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-03] (Acer Incorporated)
Task: {5A8C5CDE-3D27-4211-A3B4-D4A8D5FBB8DA} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {619B4769-D920-45E3-A6E8-098C98ECE282} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {657100E4-F622-443A-964A-67B240ABF7B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {6A0E7275-3E1C-4D19-B27E-95710E785830} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {6D0FC957-707D-4278-9E3A-4A6203F68EC6} - System32\Tasks\EPSON WF-2760 Series Update {68E8254B-F612-4C41-8893-CD52FBAD49A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {70A687B9-01B1-4889-8921-9B4C54A0191C} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {785C730D-B10F-4F09-B654-90DDFBDA135A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {79448C01-7561-4BBF-9286-C8FB4851FDE4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {79A0CD66-2A3B-4C15-8D21-DC3C7EEB2981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {79D87E59-33B6-4EDA-96A9-EBE172939FCF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {7E8D8FCD-D903-42A6-BCA0-3117E6359021} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {84ECDB13-8E79-4CC6-A578-9DE428046846} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {8786A3CF-361F-4FC7-BF53-D7A7B3BFAC26} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-03] (Acer Incorporated)
Task: {88D688B3-6645-49BE-AEBC-8CAB1D5A53EB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {90264D9C-0E0D-41AC-BC70-B660A5026298} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {9914F2F5-49AD-4044-BBE1-F1E61CE7E735} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MpCmdRun.exe [2017-12-07] (Microsoft Corporation)
Task: {AF2C6FB2-44F3-4700-A186-6D4BAC656D7D} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {AFB7F9EB-7065-4DC2-913B-D8E7DDF6BD19} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {CA105160-4ADE-451B-BBF2-81D45AD39E16} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {DA373233-071A-4568-B38E-078241CD5DD3} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-01-20] (Acer Incorporated)
Task: {E0285427-F9BF-4742-A3C6-181EC5D8AD97} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
Task: {E28D7D70-5F9A-4819-90B5-C2819368534A} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-01-20] ()
Task: {E6CA8CCB-F179-4D36-9E8A-03F274774B5B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {E7C499CC-7566-46C3-9F93-CBDCCB29EBA9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E819E1F4-DFDE-4EA8-AD43-751E0A9F439C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {EFF6E9E1-FAD1-4118-A917-6F4EDD3B4491} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {F51BBF49-4C3B-492A-9CD4-944361E4461B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-12-02] (Microsoft Corporation)
Task: {FFEB5D6D-7F8B-4346-8796-DC099B04930A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-22] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {68E8254B-F612-4C41-8893-CD52FBAD49A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{68E8254B-F612-4C41-8893-CD52FBAD49A1} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {B6CFA1C1-110C-426C-80BD-40BB944004D8}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{B6CFA1C1-110C-426C-80BD-40BB944004D8} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON WF-2760 Series Update {C8EC83F3-0518-4374-B434-D11713730F69}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSM1E.EXE:/EXE:{C8EC83F3-0518-4374-B434-D11713730F69} /F:UpdateWORKGROUP\LAPTOP-E5S4SKF9$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-03-04 19:26 - 2016-03-04 19:26 - 005570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-12-02 14:25 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-08-12 21:24 - 2016-12-29 14:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-01-17 02:30 - 2017-01-17 02:30 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-03-20 16:44 - 2017-03-20 16:44 - 000052392 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 21:59 - 2017-03-20 05:36 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-15 22:12 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 22:12 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-01-20 19:50 - 2016-01-20 19:50 - 004644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2017-12-06 09:31 - 2017-12-06 09:31 - 004698848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11711.1001.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-01 06:03 - 2017-12-01 06:03 - 026657792 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Video.UI.exe
2017-12-01 06:03 - 2017-12-01 06:03 - 009162240 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17102.13911.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-17 15:38 - 2017-11-17 15:38 - 035241472 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-11-17 15:38 - 2017-11-17 15:38 - 009218560 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-08-23 10:41 - 2017-08-23 10:41 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-17 15:38 - 2017-11-17 15:38 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe\Music.Visuals.dll
2017-10-10 03:50 - 2017-10-10 03:50 - 004252672 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-09-26 04:08 - 2017-09-26 04:08 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 08:27 - 2017-11-30 08:27 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-30 08:27 - 2017-11-30 08:27 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-03-18 21:58 - 2017-03-18 21:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-07-11 01:34 - 2017-07-11 01:34 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-07-11 01:34 - 2017-07-11 01:34 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2016-05-16 20:50 - 2016-05-16 20:50 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Software\Classes\regfile: regedit.exe "%1" <==== ACHTUNG

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2015-10-30 08:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-721633766-3456424319-3093112155-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "MouseDriver"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "Ghost Control"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-721633766-3456424319-3093112155-1001\...\StartupApproved\Run: => "OpenVPN-GUI"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{6437DEB9-D84B-4F1E-809F-09F93F6FB254}D:\games\portal 2\portal2.exe] => (Block) D:\games\portal 2\portal2.exe
FirewallRules: [TCP Query User{EB301C9C-A55F-4D75-8BBA-1578AB94C65B}D:\games\portal 2\portal2.exe] => (Block) D:\games\portal 2\portal2.exe
FirewallRules: [UDP Query User{01D36499-B575-4FD4-ADFA-870537E201C2}D:\games\age of empires ii hd\game.dat] => (Block) D:\games\age of empires ii hd\game.dat
FirewallRules: [TCP Query User{72A22D15-9A1B-4B78-91D2-2B63DF9EC97B}D:\games\age of empires ii hd\game.dat] => (Block) D:\games\age of empires ii hd\game.dat
FirewallRules: [UDP Query User{6645C61E-717B-49F3-8124-8EA19121C07D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{6C980ED1-22EC-49E1-B5F9-CB934935ADFC}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EE0D4713-8A0E-4C14-B49B-F60B918BEDAB}D:\programme\microsoft vs code\code.exe] => (Allow) D:\programme\microsoft vs code\code.exe
FirewallRules: [TCP Query User{06ED79E5-6DAD-44D9-813F-F388FEE3A883}D:\programme\microsoft vs code\code.exe] => (Allow) D:\programme\microsoft vs code\code.exe
FirewallRules: [{0A52A7B2-8F25-4B7A-9314-E0091894B3E3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{79E239C8-3498-41B1-8374-F4F8D0C6DD63}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A560B948-A40B-413E-A457-1C0A85D9B7F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E12A2E4B-AD3C-4D4F-BFD4-45CB5218AE2A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{50CDA598-A61C-4EAD-9AD9-93C415164E2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E7CFB66E-8BDA-495D-AA40-8C01969A7E97}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9C853F2-899B-42D7-BFCF-3BDC0C651DB8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6BE4FEA3-C238-44EB-A81F-8CB48177FBF5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4DA1DD0D-17DF-4D31-9398-B5C834877DE4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B650E4E5-9DFC-45D0-A425-9FF0EF2350C1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3C2C53B6-E8E1-4E28-9417-E9EC2D793987}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{90F8E26B-FFAC-41AA-9EB1-FED13BC6A443}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{D0D9C1B3-E5B7-47FF-9896-9569EAC5A2D4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{3C1D22C0-D147-4E4F-98A0-55F97BDD3FF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{04C76429-84FC-439B-BD08-10E52EF2A219}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2F8651DE-859C-4A05-A19C-752E210DECA3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F3A4DAC7-9C02-4220-9978-1C52EF4A8355}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{29CFB43A-B380-47C2-99DD-10D263E7B01B}] => (Allow) D:\Steamspiele\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{903ABAF8-A1D6-4213-927B-10D241C9FF9A}] => (Allow) D:\Steamspiele\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A17C384A-EA02-4F92-A1DB-0D6A9CAD365D}] => (Allow) D:\Steamspiele\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{D809024A-ECEA-4914-8E15-FBA492403288}] => (Allow) D:\Steamspiele\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{CF71BBA6-31F1-4981-8713-1D8F811EAAB7}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7ED345D0-BE4E-4D07-9157-EEF854EB1599}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B7932758-F237-4797-AD0C-74629D8FAF72}] => (Allow) D:\Steamspiele\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{2BC7A53D-ACAE-4E13-9794-4E4A7DFB6E32}] => (Allow) D:\Steamspiele\steamapps\common\Democracy 3\Democracy3.exe
FirewallRules: [{3666437C-07E8-446B-88AE-54D11D265723}] => (Allow) D:\Steamspiele\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2F282997-0382-427F-8EF9-2D21673DDA8D}] => (Allow) D:\Steamspiele\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{9E4E69E9-592F-4077-A8A8-D3EDA4CC8AC2}] => (Allow) D:\Steamspiele\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{DE8B01D8-14C8-4057-8ED1-25BAFADFBD86}] => (Allow) D:\Steamspiele\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{72042562-6185-4A7D-BE73-4B375E5672D8}] => (Allow) D:\Steamspiele\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{49D16CAA-1D4C-49D5-B1ED-0441A5307B36}] => (Allow) D:\Steamspiele\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{15153893-58E9-4C79-9A53-163BC773F770}] => (Allow) D:\Steamspiele\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{C24CF349-1B0E-43E7-97DB-84C4F9A03176}] => (Allow) D:\Steamspiele\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{81CE3A2A-63D7-403B-B581-C0DF8DDBCC73}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{CC500E97-B57F-4DF4-9A6E-E489E411025D}] => (Allow) D:\Programme\steam\Steam.exe
FirewallRules: [{4D37F854-1189-4E7F-ACB5-9DB64690C8FF}] => (Allow) D:\Programme\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C2D26449-97F0-4056-AFD4-DEDEB7FBEE0F}] => (Allow) D:\Programme\steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{57ABC4A2-AF21-429E-A522-BC7DE6118EF4}] => (Allow) D:\Programme\steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [{354CB7E9-A9C5-433F-89D6-DB0F3A3C57FF}] => (Allow) D:\Programme\steam\steamapps\common\Hearts of Iron IV\hoi4.exe
FirewallRules: [TCP Query User{D1E20920-50FF-43E7-AD26-D6ADA28C6762}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{63C700BB-39C8-4C3D-814B-75DF39DB2A41}C:\users\marc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\marc\appdata\local\akamai\netsession_win.exe
FirewallRules: [{650DFFEE-8C63-40CB-9881-CF71FF0E17CF}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{A89A55D1-76DC-4126-B9B9-C72BA480662F}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{054CEC16-4ED0-48D9-9933-4338A6A25490}] => (Allow) D:\Programme\steam\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{C89F7CEA-232D-4DF0-AB3F-C24A252BC320}] => (Allow) D:\Programme\steam\steamapps\common\Call of Duty Ghosts\iw6sp64_ship.exe
FirewallRules: [{B0173163-EABC-49AE-B354-80CF409A9D95}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{1BFE85E9-D929-4759-870B-4C60EF614F18}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{18B28BFC-9CD1-445F-919C-2524DBE9C77D}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{7D729EAB-FD82-4219-8BAA-F8C5F4D2779C}] => (Allow) C:\Program Files (x86)\Tournament Indicator\Indicator.exe
FirewallRules: [{8DB1C38E-D597-4280-BCBD-ADFD0ACE8EA5}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{1636DC0F-7CC9-463C-8303-BA197BA686BF}] => (Allow) C:\Program Files (x86)\Holdem Indicator\HoldemIndicator.exe
FirewallRules: [{64BAD023-B621-412C-8E97-7CDD4D118AE9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

02-12-2017 16:38:38 Geplanter Prüfpunkt
05-12-2017 14:56:18 Installed Safari

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: TunnelBear Adapter V9
Description: TunnelBear Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TunnelBear Provider V9
Service: tap-tb-0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2017 06:50:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:50:22 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 06:11:40 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-721633766-3456424319-3093112155-1001}/">.

Error: (12/06/2017 03:20:09 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{41FD88F7-F295-4D39-91AC-A85F3149A05B}" wurde abgelehnt.

Error: (12/06/2017 01:43:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Marc\Downloads\esetsmartinstaller_deu (1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

Error: (12/06/2017 09:54:00 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (12/06/2017 09:27:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (12/05/2017 10:04:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{41FD88F7-F295-4D39-91AC-A85F3149A05B}" wurde abgelehnt.

Error: (12/05/2017 03:59:43 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (12/06/2017 09:27:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/06/2017 09:27:01 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\Lokaler Dienst" (SID: S-1-5-19) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 und der APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (12/06/2017 09:26:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (12/06/2017 09:26:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2017 um 01:29:48 unerwartet heruntergefahren.

Error: (12/03/2017 08:50:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:38 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys

Error: (12/03/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys

Error: (12/03/2017 08:50:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.

Error: (12/03/2017 08:50:37 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Marc\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-12-07 11:30:43.362
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-07 10:39:08.103
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-07 10:39:08.100
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-06 11:05:44.274
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_31f4ef4821269ebb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-03 23:04:31.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.338
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.325
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:31.312
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.16299.15_none_f2b6706a39a0f009\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:27.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.16299.15_none_6bf69ff6ccd5c66d\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-03 23:04:27.514
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.16299.15_none_6bf69ff6ccd5c66d\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 81%
Installierter physikalischer RAM: 8060.13 MB
Verfügbarer physikalischer RAM: 1520.56 MB
Summe virtueller Speicher: 18812.13 MB
Verfügbarer virtueller Speicher: 7580.19 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:118.13 GB) (Free:35.56 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:478.86 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A7C69406)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A7C694E3)

Partition: GPT.

==================== Ende von Addition.txt ============================

cosinus 07.12.2017 21:40
Die Info wo genau der Teil gefunden wirde. Bitte nachreichen. Steht im Verlauf des AV.

Froschmann 08.12.2017 02:05
Hier wurde es gefunden:
Code:
Trojan:HTML/Brocoiner!rfn
Warnstufe: Schwerwiegend Status: Unter Quarantäne Datum: 7.12.2017
Empfohlene Aktion: Bedrohung jetzt entfernen.
Kategorie: Trojaner Details: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus
Weitere Informationen
Betroffene Elemente: containerfile: C:\Users\Marc\AppData\Local\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\cache2\entries\CE94BF5164C04AE312403C4CA6A85F4F3B1133A2 file: C:\Users\Marc\AppData\Local\Mozilla\Firefox\Profiles\aneucimv.default-1481643216534\cache2\entries \CE94BF5164C04AE312403C4CA6A85F4F3B1133A2->(GZip)

cosinus 08.12.2017 09:07
Das Teil ist im Browsercache. Heißt du hast ne Website angesurft, die per JavaScript Bitcoins auf Besucherrechnern schürfen lässt siehe https://www.trojaner-board.de/186983...coin-hive.html

Froschmann 08.12.2017 11:46
Ja, das ist sehr wahrscheinlich. Habe an Besuchertausch für Webseiten teilgenommen.

cosinus 08.12.2017 12:07
Wenn du keine anderen Probleme hast wär die Sache auch damit erledigt.

Froschmann 08.12.2017 12:09
Super danke!

cosinus 08.12.2017 12:15
Kannst aber wenn du willst mal den adwCleaner laufen lassen:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!



adwCleaner v7.x

Downloade Dir bitte http://deeprybka.trojaner-board.de/adwcleaner/adwc.pngAdwCleaner auf Deinen Desktop (Bebilderte Anleitung).
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Tracing Schlüssel
    • Prefetch Dateien
    • Proxy
    • Winsock
    • IE Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist. Am Ende des Suchlaufs öffnet sich automatisch eine Logdatei. Schließe diese.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19