Jump to content

Adware in Chrome cannot be removed


Recommended Posts

Hello Factorium and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 4 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts.

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select http://i.imgur.com/Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Here is the scan of Malwarebytes

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/21/20
Scan Time: 9:23 AM
Log File: dd135ab0-2bd2-11eb-a0bb-049226bf476d.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33198
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1198)
CPU: x64
File System: NTFS
User: FACTORIUMS-PC\nilsm

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 308879
Threats Detected: 32
Threats Quarantined: 0
Time Elapsed: 4 min, 29 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, No Action By User, 6927, 252393, 1.0.33198, , ame, , , 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, No Action By User, 6927, 252393, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, 6093, -1, 0.0.0, , action, , , 
PUP.Optional.DownloadProtect.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, 6093, -1, 0.0.0, , action, , , 

Registry Value: 4
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, No Action By User, 6927, 252393, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}, No Action By User, 6987, 237883, , , , , , 
PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}, No Action By User, 6987, 237883, 1.0.33198, , ame, , , 
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, No Action By User, 6927, 252393, 1.0.33198, , ame, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 7
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{06001778-E3C5-46AE-AF82-ED921E4E8959}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{31EB95DE-77E4-42DC-815F-79FF13934C90}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{59470F0C-DE55-4112-808C-BB0C9DD1E5C5}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{98A73D44-CC79-4FD5-AD00-6FEC2417435C}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9CC00E3D-9953-43B8-93F3-2FCC45F53AA9}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E1C5BB49-1DE2-4338-8E51-6182071BA412}, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect.ChrPRST, C:\WINDOWS\INSTALLER\{F000E43B-B4C1-4CD1-8A21-DBD4B4D1234B}, No Action By User, 6093, 255640, 1.0.33198, , ame, , , 

File: 17
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{06001778-E3C5-46AE-AF82-ED921E4E8959}\xiacccghgikkhfhifpcmepjjgjpbmcjlfml, No Action By User, 57, 237879, 1.0.33198, , ame, , , 
PUP.Optional.DownloadProtect, C:\Windows\Installer\{06001778-E3C5-46AE-AF82-ED921E4E8959}\ciacccghgikkhfhifpcmepjjgjpbmcjlfrx, No Action By User, 57, 237879, , , , , C4C816772F9F88EAA0E1EE48B12B643A, 4DEDE9088EFA1498217C793E8F0663E795D4BD94E35F02966EA6492F0B4DB130
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{31EB95DE-77E4-42DC-815F-79FF13934C90}\xdifannhhnhhanjgjgocaddejcpohmcceml, No Action By User, 57, 237879, 1.0.33198, , ame, , 790179346DA90BAE47F3B99CA759079C, 5F050C5FD27154135C4CD5F4A5CF64A8BC5A7455E04616F6D410E52297C466A9
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{31EB95DE-77E4-42DC-815F-79FF13934C90}\cdifannhhnhhanjgjgocaddejcpohmccerx, No Action By User, 57, 237878, 1.0.33198, , ame, , 6F9267558B56DC6FB189529586DE545E, 6B4AAAB64A94EC8447DE7BF07FE63F857F60CE0BD6BD2BDC02D84586104C38BD
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{59470F0C-DE55-4112-808C-BB0C9DD1E5C5}\xeiibihhphcgofnjcljemoefpfpljmicmml, No Action By User, 57, 237879, 1.0.33198, , ame, , FE2A70908513B8359F21E33EFFCFA257, E49864082A5B8CBB770E59A82FFBFAE3B974EABAAE5AA10420BC6A6AE1FD06C5
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{59470F0C-DE55-4112-808C-BB0C9DD1E5C5}\ceiibihhphcgofnjcljemoefpfpljmicmrx, No Action By User, 57, 237878, 1.0.33198, , ame, , 8837DDC0A0DEFA4209AC2CD67D68EF9B, CD263A64E748C09D305933699FB3E58EDA289B264F4998C086435127FC12C035
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{98A73D44-CC79-4FD5-AD00-6FEC2417435C}\xajlahficgggoimajbipegmojmaakanidml, No Action By User, 57, 237879, 1.0.33198, , ame, , BA472206049B8967463A55F086A33C23, 51208269D56A8B63BD65523098635BE9CE4B665173267614D283E9547BC7B839
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{98A73D44-CC79-4FD5-AD00-6FEC2417435C}\cajlahficgggoimajbipegmojmaakanidrx, No Action By User, 57, 237878, 1.0.33198, , ame, , 9351A339747A065257D4AB56C6D4342A, 2B1C4DF6E1C6649CD16C48DE21911AEBDD79902FEEB85824E0A240DC02242BC5
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9CC00E3D-9953-43B8-93F3-2FCC45F53AA9}\xnknfklpelhmdbjgejagidokcebheegpnml, No Action By User, 57, 237879, 1.0.33198, , ame, , 781BC26F136A52ABC5159F52F131E93E, D01C2C30DBE3F366DB2CB9BBC6C8B8A8DC0C592725381FBEF95723B415965B22
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9CC00E3D-9953-43B8-93F3-2FCC45F53AA9}\cnknfklpelhmdbjgejagidokcebheegpnrx, No Action By User, 57, 237878, 1.0.33198, , ame, , D6EF6297652D276F6D14B886A4E7245C, B323B80B543671AEE86D2782EE4EE4059F016D97E63814C51651530C34972DC9
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E1C5BB49-1DE2-4338-8E51-6182071BA412}\xkhldajdacaelmmcnpgklkllhibjkdmgkml, No Action By User, 57, 237879, 1.0.33198, , ame, , 1CD6A10A269BCBDD0CF2B9BB63DD542D, 11ADBA9452C326FCDDEFF2CA642A52CDEBB7FCB16AF034AFFA157B49B790F3E9
PUP.Optional.DownloadProtect, C:\Windows\Installer\{E1C5BB49-1DE2-4338-8E51-6182071BA412}\ckhldajdacaelmmcnpgklkllhibjkdmgkrx, No Action By User, 57, 237879, , , , , C8419470B4B42C214B3430C4C8DC0E45, 0F7989D5C1D72D510BE4C5E7066FAA70B546525D311A1AA18961871A14347EE6
PUP.Optional.DownloadProtect.ChrPRST, C:\WINDOWS\INSTALLER\{F000E43B-B4C1-4CD1-8A21-DBD4B4D1234B}\{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}.xpi, No Action By User, 6093, 255640, 1.0.33198, , ame, , 1A0C7873B4891CF0442CCF4651719AA6, 6AAD7B612FC8E4A779F77F87414860FE98317E0C36F8AB6B0C005AE33EC998D6
PUP.Optional.DownloadProtect.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, No Action By User, 6093, -1, 0.0.0, , action, , D02FD9B93B16800F80F77FD2DE49C803, 2F5BE93A27D085AF13B454C6DD3AA40C4EC48019C805353DC977DF39427950F5
PUP.Optional.DownloadProtect.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, No Action By User, 6093, -1, 0.0.0, , action, , D02FD9B93B16800F80F77FD2DE49C803, 2F5BE93A27D085AF13B454C6DD3AA40C4EC48019C805353DC977DF39427950F5
PUP.Optional.DownloadProtect.ChrPRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, No Action By User, 6093, -1, 0.0.0, , action, , 16A4B7D944C0D23E38F87051F77B523C, 513DC4F84A1EAD3DF757A64FB1ED1F01F79CCBBACBC39679D4AD7D7CE0098B9D
PUP.Optional.ChipDe, C:\USERS\NILSM\DOWNLOADS\WIZTREE - CHIP-INSTALLER.EXE, No Action By User, 600, 562568, 1.0.33198, , ame, , FCF37188DFC6BBA9E363FE56FDDC36C9, 89BB725B7CFEF9646C94F837AFD7AD2C96DFC42A429629C90E06DA6106AAF085

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

This is the Scan of AdwCleaner 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build:    10-08-2020
# Database: 2020-11-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-21-2020
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  4
# Failed:   1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\nilsm\AppData\Local\Temp\DMR

***** [ Files ] *****

Deleted       C:\Users\nilsm\Desktop\..\Downloads\WIZTREE - CHIP-INSTALLER.EXE
Deleted       C:\Windows\Installer\{F000E43B-B4C1-4CD1-8A21-DBD4B4D1234B}\{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}.XPI

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted   Websuche

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] remove_file_ntuser
[+] remove_wingrouppolicy_registry
[+] remove_regKey_googleupdatepolicy
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1737 octets] - [21/11/2020 09:34:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Link to post
Share on other sites

Here Additiom

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-11-2020
durchgeführt von nilsm (Administrator) auf FACTORIUMS-PC (21-11-2020 09:42:15)
Gestartet von C:\Users\nilsm\Downloads
Geladene Profile: nilsm & postgres
Platform: Windows 10 Home Version 1909 18363.1198 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

() [Datei ist nicht signiert] C:\Program Files (x86)\Wondershare\MobileTransPro\ElevationService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359518.inf_amd64_ddc5c961c2795261\B359297\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0359518.inf_amd64_ddc5c961c2795261\B359297\atiesrxx.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(GoPro Media, Inc. -> ) D:\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(PostgreSQL Global Development Group) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe <7>
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) D:\NordVPN\nordvpn-service.exe
(Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [353784 2020-10-07] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [V0770Pin.dll] => RunDLL32.exe V0770Pin.dll,RunDLL32EP 514,/d:0
HKLM\...\Run: [C:\WINDOWS\system32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0770Ext.ax
HKLM-x32\...\Run: [V0770Mon.exe] => C:\WINDOWS\V0770Mon.exe [41600 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [C:\WINDOWS\System32\V0770Ext.ax] => C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\System32\V0770Ext.ax
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Run: [Steam] => D:\Steam\steam.exe [3424032 2020-10-29] (Valve -> Valve Corporation)
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Run: [Discord] => C:\Users\nilsm\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe [10106544 2019-01-19] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe [2498232 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1752920 2020-10-13] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-3057036889-2186060926-1911704382-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.75\Installer\chrmstp.exe [2020-10-07] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAndroidAppHelper.lnk [2020-05-22]
ShortcutTarget: MTWSAndroidAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTransPro\WSAndroidAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MTWSAppHelper.lnk [2020-05-22]
ShortcutTarget: MTWSAppHelper.lnk -> C:\Program Files (x86)\Wondershare\MobileTransPro\WSAppHelper.exe (Wondershare Technology Co.,Ltd -> Microsoft)
Startup: C:\Users\nilsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2020-06-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06BA666F-3AF2-4280-A1DF-28AA6F2D2A20} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {0B1D4B3A-8F4E-4E8C-AF7A-D42EB93FE1B7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16F807A3-C0F3-48A9-BC96-867953AC967B} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {2748C18C-D0B7-444D-AFCF-743D06E617C8} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {30307C84-6BA6-4ACC-BC82-DFB0124C0A4D} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {319439B6-63B9-485D-8725-F88AA7BC3DCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {561CD481-555D-43C0-B6A7-64BF1E712F7A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6DA5B302-F9DF-483E-B27B-FA33F27BD678} - System32\Tasks\Opera scheduled assistant Autoupdate 1593463161 => C:\Users\nilsm\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\nilsm\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {6FAB7A7B-4287-474E-B9B3-A72A1DE80C0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939528 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {80393D77-B034-4996-BD55-CA8F76935A4A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1645240 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {8CFFF5C7-A55C-4D02-954E-FC52AF783EFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {927E6958-1776-41AB-BBAA-1BD536CD1A0A} - System32\Tasks\BenutzerdienstfürDriver => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\WINDOWS\Installer\{98272AAC-5756-4596-B0C3-0D5E5DAF8F88}\{14E36B77-1F68-4190-863E-E27C2668D3F4} <==== ACHTUNG
Task: {B38758A6-2969-4AC5-B5B2-2CCCC879AAE7} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {C237D428-AAF3-4347-BFA0-52834B114859} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-10-13] (Overwolf Ltd -> Overwolf LTD)
Task: {CE03B3E9-C1C7-4F12-B1FD-CA2522337D09} - System32\Tasks\Ereignisse Überwachung TCP_IP => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{822A667C-C1EB-4460-9536-D5E7FF5748E1}\{8B97C8F8-2273-45DB-9778-4B6EF8DEDAB8}" <==== ACHTUNG
Task: {D9168F4F-EC01-45AF-99D1-84C7A6F070DC} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {E061694A-F248-4F67-B627-4C495FA5CF8A} - System32\Tasks\Opera scheduled Autoupdate 1593463159 => C:\Users\nilsm\AppData\Local\Programs\Opera\launcher.exe
Task: {F2911D00-CB14-431A-BF4A-01D5983A1D65} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144744 2020-11-15] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{233ddc7d-fcc2-4e20-8c0c-0c544d95ad62}: [DhcpNameServer] 192.168.178.1

Edge: 
======
Edge Profile: C:\Users\nilsm\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-17]
Edge Extension: ( ) - C:\Users\nilsm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hgpoodoamlknjnkblhlnlmlacajiegaf [2020-10-04]
Edge Extension: ( ) - C:\Users\nilsm\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jkmmgbdlgmokbciaenmjdhdgkghcjpln [2020-10-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}] - C:\WINDOWS\Installer\{F000E43B-B4C1-4CD1-8A21-DBD4B4D1234B}\{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}] - C:\WINDOWS\Installer\{F000E43B-B4C1-4CD1-8A21-DBD4B4D1234B}\{DEE7A0A3-F8A9-47AF-88FE-C122B0DBF9CA}.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default [2020-11-21]
CHR Extension: (Präsentationen) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-07]
CHR Extension: (Docs) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-07]
CHR Extension: (Google Drive) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-07]
CHR Extension: (Tabellen) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-10]
CHR Extension: ( ) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknfklpelhmdbjgejagidokcebheegpn [2020-11-21]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-11-20]
CHR Extension: (Google Mail) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\nilsm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8730200 2020-10-17] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-09-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 ElevationService; C:\Program Files (x86)\Wondershare\MobileTransPro\ElevationService.exe [907776 2020-04-30] () [Datei ist nicht signiert]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-06-17] (FUTUREMARK INC -> Futuremark)
R2 GoProDeviceDetectionService; D:\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-08-31] (GoPro Media, Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7269976 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; D:\NordVPN\nordvpn-service.exe [269584 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2522424 2020-11-14] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476288 2020-11-14] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2487640 2020-10-13] (Overwolf Ltd -> Overwolf LTD)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [Datei ist nicht signiert]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1358464 2020-10-31] (Rockstar Games, Inc. -> Rockstar Games)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13103632 2020-09-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [9912616 2020-10-07] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\NisSrv.exe [2467088 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2010.7-0\MsMpEng.exe [128376 2020-11-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileTransPro\DriverInstall.exe [123280 2020-05-12] (Wondershare Technology Co.,Ltd -> Wondershare)
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2020-11-21] (Malwarebytes Corporation -> Malwarebytes)
S3 Larmkanal; C:\WINDOWS\system32\DRIVERS\Larmkanal.sys [33112 2015-09-02] (ADORIASOFT LLC -> Adoriasoft LLC)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [217600 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [74936 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [134304 2020-11-21] (Malwarebytes Inc -> Malwarebytes)
R3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R3 Phosgene; C:\WINDOWS\system32\DRIVERS\Phosgene.sys [34168 2015-08-28] (ADORIASOFT LLC -> Adoriasoft LLC)
S3 RTCore64; D:\MSI Afterburner\RTCore64.sys [24000 2019-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64864 2019-07-09] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
R3 V0770Vid; C:\WINDOWS\system32\DRIVERS\V0770Vid.sys [388616 2015-09-14] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
S3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2020-04-26] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [174016 2020-04-09] (Oracle Corporation -> Oracle Corporation)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [5463560 2020-10-07] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429288 2020-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2020-11-07] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz149; \??\C:\WINDOWS\temp\cpuz149\cpuz149_x64.sys [X]
S3 GPUZ-v2; \??\C:\WINDOWS\TEMP\GPUZ-v2.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2020-11-21 09:42 - 2020-11-21 09:42 - 000021615 _____ C:\Users\nilsm\Downloads\FRST.txt
2020-11-21 09:41 - 2020-11-21 09:42 - 000000000 ____D C:\FRST
2020-11-21 09:40 - 2020-11-21 09:40 - 002294784 _____ (Farbar) C:\Users\nilsm\Downloads\FRST64.exe
2020-11-21 09:37 - 2020-11-21 09:37 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2020-11-21 09:37 - 2020-11-21 09:37 - 000134304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2020-11-21 09:37 - 2020-11-21 09:37 - 000074936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2020-11-21 09:33 - 2020-11-21 09:35 - 000000000 ____D C:\AdwCleaner
2020-11-21 09:33 - 2020-11-21 09:33 - 008447152 _____ (Malwarebytes) C:\Users\nilsm\Downloads\adwcleaner_8.0.8.exe
2020-11-21 09:30 - 2020-11-21 09:30 - 000007806 _____ C:\Users\nilsm\Desktop\Scan Maleware.txt
2020-11-21 09:21 - 2020-11-21 09:21 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2020-11-21 09:21 - 2020-11-21 09:21 - 000217600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-11-21 09:21 - 2020-11-21 09:21 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-11-21 09:21 - 2020-11-21 09:21 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-11-21 09:21 - 2020-11-21 09:21 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-11-21 09:21 - 2020-11-21 09:21 - 000000000 ____D C:\Users\nilsm\AppData\Local\mbam
2020-11-21 09:21 - 2020-11-21 09:20 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2020-11-21 09:21 - 2020-11-21 09:20 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2020-11-21 09:20 - 2020-11-21 09:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-11-21 09:20 - 2020-11-21 09:20 - 000000000 ____D C:\Program Files\Malwarebytes
2020-11-21 09:19 - 2020-11-21 09:19 - 002076624 _____ (Malwarebytes) C:\Users\nilsm\Downloads\MBSetup.exe
2020-11-21 09:19 - 2020-11-21 09:19 - 002076624 _____ (Malwarebytes) C:\Users\nilsm\Downloads\MBSetup (1).exe
2020-11-17 17:22 - 2020-11-21 09:37 - 000003122 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2020-11-14 15:15 - 2020-11-14 15:15 - 000000000 ____D C:\ProgramData\Activision
2020-11-14 15:14 - 2020-11-14 15:14 - 000000000 ____D C:\Users\nilsm\AppData\Local\Activision
2020-11-14 14:53 - 2020-11-14 14:53 - 000000715 _____ C:\Users\Public\Desktop\Call of Duty Black Ops Cold War.lnk
2020-11-14 14:53 - 2020-11-14 14:53 - 000000715 _____ C:\ProgramData\Desktop\Call of Duty Black Ops Cold War.lnk
2020-11-14 14:53 - 2020-11-14 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Black Ops Cold War
2020-11-14 14:10 - 2020-11-14 14:10 - 025445888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 022651392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 019812352 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramWorld.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 018038784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 009925944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 008011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007913776 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007761408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007604584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007292928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007274304 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 007008256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 006527992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 006438400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 006311424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 006196736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 006071392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 005906944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 005770336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 005284328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 005112320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 005003824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004855808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004608000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004471296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004129416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 004032776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 004005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003820032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003806208 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003761664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003741520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003728384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 003694392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003525592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003506688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003387904 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003371168 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 003265024 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002993976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 002948920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002870784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 002777712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002737152 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002695992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 002585032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002564608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002495264 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002466296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002315984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002306048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002263296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002261848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002230240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002147328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 002073088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001998936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001996800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001991608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001957528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001859072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001842368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001835520 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001834296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001824768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001743672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001698816 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001693696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001673568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001668312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001665192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001656904 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001615360 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001606144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001565504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001491160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocoreworker.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 001480512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 001459712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001419328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001397568 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 001393968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001369088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001307448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001285448 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsf3gip.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001274128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001272160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001259720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001170960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001154952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001151816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001108376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001101312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001098728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001096704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001083696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001077056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 001062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001053120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001048992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001022264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 001012792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000938984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000916760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000894016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000893616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000891984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000889408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000851768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000833336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000784000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000775480 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000774144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000767984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000752592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000743936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000716312 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000694160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000684872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000680248 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000675024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000642008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000618296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000598568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000592936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000586552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000572200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000551624 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\usosvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000538680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000535040 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000531472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000518464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000516536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000512512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.FileExplorer.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000477496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2020-11-14 14:10 - 2020-11-14 14:10 - 000473584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000467944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000456072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000453944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDDS.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000406992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000405928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000400696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000398656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000372544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000366184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000364856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000363120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000345568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000323904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000321536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000300704 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicCapsule.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000283136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000247864 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2020-11-14 14:10 - 2020-11-14 14:10 - 000222528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000214848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutil.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000211968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000211256 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcbloader.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000209208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000199992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000193600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000188216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ifsutil.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2020-11-14 14:10 - 2020-11-14 14:10 - 000180024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ulib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000179512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtm.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\diskpart.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000172352 _____ (Microsoft Corporation) C:\WINDOWS\system32\PktMon.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000165176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtm.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000149304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ulib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\raserver.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000132408 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000127064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbnetlib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerApi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Taskbar.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000117056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000108856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbnetlib.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdSSDP.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raserver.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000105272 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000104256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000099712 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000097088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PktMon.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000094024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthHost.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000093512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000090944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpnUserService.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000089336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdSSDP.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicAgent.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcXtrnal.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000084280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iemigplugin.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amsi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000051632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcicda.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2020-11-14 14:10 - 2020-11-14 14:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryCore.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicPS.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimsg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000024792 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciwave.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000021320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000020144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nsi.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsregtask.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\localui.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcXtrnal.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2020-11-14 14:10 - 2020-11-14 14:10 - 000011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-14 14:10 - 2020-11-14 14:10 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-14 14:09 - 2020-11-14 14:09 - 017790976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 007846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 006233088 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 004685120 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 003732480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 003581240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 003136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 002985472 _____ (Microsoft Corporation) C:\WINDOWS\system32\FluencyDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 002712064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 002656768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 002505496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 002296832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001816528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001784832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001766400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001751552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001746240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001588224 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001385704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001183232 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001150256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 001017656 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000874296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000825344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000804168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxAPDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxHAPDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtCangjieDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtBopomofoDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtHkStrokeDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChsStrokeDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtQuickDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000435000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000425056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpndecoder.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChxDecoder.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxinputrouter.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MtfDecoder.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000293176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpnranker.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiCloudStore.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateDeploymentProvider.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskpart.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\trie.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.System.UserProfile.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFFuzzyDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdvancedEmojiDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\VocabRoamingHandler.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\chxranker.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFSpellcheckDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\HashtagDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChtAdvancedDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MTFAppServiceDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RuleBasedDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\jpninputrouter.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\CustomInstallExec.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsi.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransliterationRanker.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmojiDS.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcicda.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\devauthe.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2020-11-14 14:09 - 2020-11-14 14:09 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\FaxPrinterInstaller.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\KNetPwrDepBroker.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciseq.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregtask.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2020-11-14 14:09 - 2020-11-14 14:09 - 000016144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2020-11-14 14:09 - 2020-11-14 14:09 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll
2020-11-14 13:58 - 2020-11-14 13:58 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-11-14 13:58 - 2020-11-14 13:58 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-11-04 10:53 - 2020-11-04 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizTree
2020-11-03 18:16 - 2020-11-03 18:16 - 000000000 ____D C:\WINDOWS\Panther
2020-10-31 15:04 - 2020-10-31 15:04 - 000000016 _____ C:\Users\nilsm\AppData\Roaming\obs-virtualcam.txt
2020-10-31 13:37 - 2020-10-31 13:37 - 000004408 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2020-10-31 13:36 - 2020-10-31 13:36 - 000000000 ____D C:\Users\nilsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2020-10-31 13:36 - 2020-10-31 13:36 - 000000000 ____D C:\Users\nilsm\AppData\Local\TeamSpeak 3
2020-10-31 13:36 - 2020-10-31 13:36 - 000000000 ____D C:\ProgramData\Overwolf
2020-10-31 13:36 - 2020-10-31 13:36 - 000000000 ____D C:\Program Files (x86)\Overwolf
2020-10-31 13:35 - 2020-11-07 14:12 - 000000000 ____D C:\Users\nilsm\AppData\Local\TeamSpeak 3 Client
2020-10-31 13:35 - 2020-11-03 09:10 - 000000000 ____D C:\Users\nilsm\AppData\Local\Overwolf
2020-10-31 13:35 - 2020-10-31 13:35 - 000001242 _____ C:\Users\nilsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2020-10-31 13:34 - 2020-10-31 13:34 - 089014080 _____ (TeamSpeak Systems GmbH) C:\Users\nilsm\Downloads\TeamSpeak3-Client-win64-3.5.3.exe
2020-10-27 18:04 - 2020-10-27 18:04 - 083957542 _____ C:\Users\nilsm\Downloads\Wurst-Client-v6.28.1-MC1.8-OF.zip
2020-10-27 18:00 - 2020-10-27 18:00 - 011077057 _____ C:\Users\nilsm\Downloads\Wurst-Client-v6.28.1-MC1.8.jar
2020-10-22 20:27 - 2020-10-22 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Modern Warfare

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2020-11-21 09:41 - 2020-07-02 13:27 - 001723292 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-11-21 09:41 - 2019-03-19 13:16 - 000743888 _____ C:\WINDOWS\system32\perfh007.dat
2020-11-21 09:41 - 2019-03-19 13:16 - 000150212 _____ C:\WINDOWS\system32\perfc007.dat
2020-11-21 09:41 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-11-21 09:40 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-11-21 09:39 - 2020-06-11 19:14 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2020-11-21 09:39 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-21 09:37 - 2020-10-19 19:13 - 000003108 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2020-11-21 09:37 - 2020-09-24 19:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-11-21 09:37 - 2020-07-02 13:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-11-21 09:36 - 2020-04-28 22:41 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-11-21 09:36 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-11-21 09:27 - 2020-05-29 09:17 - 000000000 ____D C:\Users\nilsm\AppData\Local\Battle.net
2020-11-21 09:21 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-11-20 23:23 - 2020-10-17 19:45 - 000000000 ____D C:\Users\nilsm\AppData\Local\Arma 3 Launcher
2020-11-20 23:02 - 2020-10-17 20:02 - 000000000 ____D C:\Users\nilsm\AppData\Local\Arma 3
2020-11-20 22:44 - 2020-10-03 08:27 - 000000306 __RSH C:\ProgramData\ntuser.pol
2020-11-20 19:39 - 2020-07-02 13:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-11-20 15:00 - 2020-05-29 09:16 - 000000000 ____D C:\Program Files (x86)\Battle.net
2020-11-19 19:13 - 2020-04-28 23:57 - 000000000 ____D C:\Users\nilsm\AppData\Roaming\discord
2020-11-19 17:52 - 2020-04-28 22:51 - 000000000 ____D C:\Users\nilsm\AppData\Local\D3DSCache
2020-11-19 14:25 - 2020-04-28 22:53 - 000000000 ____D C:\Users\nilsm\AppData\Local\PlaceholderTileLogoFolder
2020-11-19 14:16 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-11-15 16:11 - 2020-04-30 09:16 - 000000000 ____D C:\Program Files\Microsoft Office
2020-11-14 15:15 - 2020-10-18 08:12 - 000000000 ____D C:\Users\nilsm\Documents\Call Of Duty Black Ops Cold War
2020-11-14 15:01 - 2020-05-04 19:34 - 000000000 ____D C:\Users\nilsm\AppData\Roaming\Origin
2020-11-14 15:01 - 2020-05-04 19:34 - 000000000 ____D C:\ProgramData\Origin
2020-11-14 14:59 - 2020-05-04 19:38 - 000000000 ____D C:\Program Files (x86)\Origin
2020-11-14 14:59 - 2020-05-04 19:34 - 000000000 ____D C:\Users\nilsm\AppData\Local\Origin
2020-11-14 14:24 - 2020-04-28 22:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-14 14:23 - 2020-07-02 13:16 - 000400568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-14 14:23 - 2020-04-28 22:51 - 000000000 ___RD C:\Users\nilsm\3D Objects
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-14 14:22 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-14 14:17 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-14 14:16 - 2020-04-30 09:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-14 14:13 - 2020-04-30 09:53 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-14 14:09 - 2020-07-02 13:19 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-07 14:25 - 2020-04-28 22:41 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2020-11-04 11:13 - 2020-08-30 20:53 - 000000000 ____D C:\Users\nilsm\Riot Games
2020-11-03 09:12 - 2019-03-19 05:52 - 000000000 ____D C:\PerfLogs
2020-11-01 14:40 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-10-31 21:19 - 2020-07-02 13:19 - 000000000 ____D C:\Users\postgres
2020-10-31 21:18 - 2020-07-02 13:19 - 000000000 ____D C:\Users\nilsm
2020-10-31 16:23 - 2020-04-28 23:17 - 000000000 ____D C:\Users\nilsm\AppData\Roaming\obs-studio
2020-10-31 13:49 - 2020-10-17 20:06 - 000000000 ____D C:\Users\nilsm\Documents\Arma 3 - Other Profiles
2020-10-30 14:50 - 2020-04-28 23:06 - 000795000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-10-30 14:50 - 2020-04-28 22:53 - 000000000 ___RD C:\Users\nilsm\OneDrive
2020-10-30 14:49 - 2020-07-02 13:25 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3057036889-2186060926-1911704382-1001
2020-10-30 14:49 - 2020-07-02 13:19 - 000002383 _____ C:\Users\nilsm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-27 16:45 - 2020-06-17 22:09 - 000000000 ____D C:\Users\nilsm\AppData\Roaming\.minecraft
2020-10-25 01:03 - 2020-04-28 23:15 - 000000000 ____D C:\ProgramData\Package Cache
2020-10-24 18:54 - 2020-06-27 17:46 - 000000000 ____D C:\Users\nilsm\AppData\Local\CrashDumps
2020-10-22 17:46 - 2020-05-10 15:48 - 000000000 ____D C:\Users\nilsm\AppData\Local\babl-0.1

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2020-10-31 15:04 - 2020-10-31 15:04 - 000000016 _____ () C:\Users\nilsm\AppData\Roaming\obs-virtualcam.txt
2020-05-06 11:28 - 2020-05-15 19:09 - 000004669 _____ () C:\Users\nilsm\AppData\Roaming\VoiceMeeterDefault.xml
2020-10-21 18:28 - 2020-10-21 18:28 - 000005773 _____ () C:\Users\nilsm\AppData\Local\recently-used.xbel
2020-09-25 14:09 - 2020-09-25 14:09 - 000000017 _____ () C:\Users\nilsm\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-11-2020
durchgeführt von nilsm (21-11-2020 09:43:22)
Gestartet von C:\Users\nilsm\Downloads
Windows 10 Home Version 1909 18363.1198 (X64) (2020-07-02 12:25:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3057036889-2186060926-1911704382-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3057036889-2186060926-1911704382-503 - Limited - Disabled)
Gast (S-1-5-21-3057036889-2186060926-1911704382-501 - Limited - Disabled)
nilsm (S-1-5-21-3057036889-2186060926-1911704382-1001 - Administrator - Enabled) => C:\Users\nilsm
postgres (S-1-5-21-3057036889-2186060926-1911704382-1003 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-3057036889-2186060926-1911704382-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.9.2 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM\...\{B5ABFF44-9702-4CA1-A7D8-DBA659709C49}) (Version: 1.7 - Blackmagic Design)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Call of Duty Black Ops Cold War (HKLM-x32\...\Call of Duty Black Ops Cold War) (Version:  - Blizzard Entertainment)
Call of Duty Modern Warfare (HKLM-x32\...\Call of Duty Modern Warfare) (Version:  - Blizzard Entertainment)
DaVinci Resolve (HKLM\...\{F7162EAD-7658-4449-BF89-5ED3FDC877A4}) (Version: 16.2.6005 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{A5A6A747-393C-4B28-AB7B-2DE2BA7F7D73}) (Version: 1.1.267.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
FaceRig virtual audio driver version 1.0 (HKLM-x32\...\{D605CD1D-D626-4740-B657-86DC30723FCF}_is1) (Version: 1.0 - Adoriasoft LLC)
FaceRig Virtual Video driver version 1.0.1.1000 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0.1.1000 - Adoriasoft LLC)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
FiveM (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\CitizenFX_FiveM) (Version:  - The CitizenFX Collective)
Futuremark SystemInfo (HKLM-x32\...\{4738FDE3-3763-4E2E-A8FC-65E2DC138B7C}) (Version: 5.29.839.0 - Futuremark)
G3 Manager (HKLM-x32\...\{5672579F-D0BD-4960-BF29-0ADCAAB77286}) (Version: 1.07.3000 - DECA System)
G3 Manager (HKLM-x32\...\{5EE463BE-AF45-44CC-ABBC-8C0EBD5B9569}) (Version: 1.07.3000 - DECA System) Hidden
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.75 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GoPro Quik (HKLM\...\{AA5F7FCE-311C-46D8-B93A-ABF4DDCAB832}) (Version: 0.1.945 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{a23df978-67ca-4fe3-a740-a7b5ae7ec82f}) (Version: 2.7.0.945 - GoPro, Inc.)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2060.1 - Rockstar Games)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Live! Cam Sync HD VF0770 Driver (1.00.07.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes version 4.2.3.96 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.3.96 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 85.0.564.70 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.29 - )
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.13328.20356 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127 (HKLM-x32\...\{e31cb1a4-76b5-46a5-a084-3fa419e82201}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.47.3 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
MobileTrans ( Version 1.0.6 ) (HKLM-x32\...\{72289023-823E-4AF7-A65F-C608481758AC}_is1) (Version: 1.0.6 - Wondershare)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.31.13.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.8 - OBS Project)
OBS-VirtualCam version 2.0.4 (HKLM-x32\...\{7B7182E6-D22D-4E5A-BCA2-EC985A4BD588}_is1) (Version: 2.0.4 - OBS)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13328.20340 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 69.0.3686.36 (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Opera 69.0.3686.36) (Version: 69.0.3686.36 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 10.5.87.45080 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.157.0.16 - Overwolf Ltd.)
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
ReaPlugs/x64 (HKLM\...\ReaPlugs) (Version:  - )
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
RivaTuner Statistics Server 7.2.3 (HKLM-x32\...\RTSS) (Version: 7.2.3 - Unwinder)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.30.299 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.0 - Rockstar Games)
Smart View (HKLM-x32\...\{C7B50A89-F1D6-41C1-9375-0AF0C4CFE66F}) (Version: 1.0.0.0 - Samsung )
Snaz Version 1.9.2.6 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.9.2.6 - JimsApps)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
TeamSpeak Overlay (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Overwolf_jnabojaampcpfclojlbildognlnebnhfhibiielh) (Version: 1.0.0.2 - Overwolf app)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.10.5 - TeamViewer)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 113.0 - Ubisoft)
VALORANT (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WebM Project Directshow Filters (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\webmdshow) (Version:  - )
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.83 Build 20 - Windscribe Limited)
WizTree v3.35 (HKLM\...\WizTree_is1) (Version: 3.35 - Antibody Software)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
YellowDuck 1.2.1 (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\02353c67-75e5-58c9-8176-7d7dd0cf5eb7) (Version: 1.2.1 - )
Zoom (HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\ZoomUMX) (Version: 5.3.0 (52670.0921) - Zoom Video Communications, Inc.)

Packages:
=========
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-19] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-04-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-04-28] (Microsoft Corporation) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.30.33031.0_x64__8wekyb3d8bbwe [2020-11-07] (Microsoft Corporation) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11020.5479.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation)
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.10004.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-15] (Netflix, Inc.)
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.456.21041.0_x86__55nm5eh3cm0pr [2020-11-14] (ROBLOX Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0 [2020-11-19] (Spotify AB) [Startup Task]
Story Maker - Create Stories for Instagram -> C:\Program Files\WindowsApps\8075Queenloft.StoryMaker-CreateStoriesforInstagram_1.0.7.0_x64__g5dqhteqemct8 [2020-07-24] (Queenloft) [MS Ad]
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-08-01] (Microsoft Corporation)
Xbox Zubehör -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2011.9001.0_x64__8wekyb3d8bbwe [2020-11-11] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.6.0_x86__xpfg3f7e9an52 [2020-10-30] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-21] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Drivers32: [VIDC.RTV1] => C:\WINDOWS\system32\rtvcvfw64.dll [246272 2012-09-28] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [Datei ist nicht signiert]

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2020-08-19 16:48 - 2020-08-19 16:48 - 000017920 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 003567616 _____ () [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-10-09 18:43 - 2020-11-20 22:44 - 000010752 _____ () [Datei ist nicht signiert] C:\Program Files\Google\Chrome\Application\VERSION.dll
2020-06-23 20:40 - 2016-08-09 06:13 - 000183296 _____ () [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2020-06-23 20:40 - 2016-07-27 09:08 - 002264576 _____ () [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2020-09-23 03:00 - 2020-09-23 03:00 - 001583104 _____ (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2020-06-23 20:40 - 2015-08-26 09:40 - 001687930 _____ (Free Software Foundation) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\libiconv-2.dll
2020-06-23 20:40 - 2015-08-26 09:40 - 000685350 _____ (Free Software Foundation) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\libintl-8.dll
2020-06-23 20:40 - 2016-05-05 07:35 - 001655808 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\LIBEAY32.dll
2020-06-23 20:40 - 2016-05-05 07:35 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\PostgreSQL\9.5\bin\SSLEAY32.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000031744 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000039424 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000031744 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000413696 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000025088 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000025088 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000023552 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000519168 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 001431040 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 001180672 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000135680 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-09-23 03:09 - 2020-09-23 03:09 - 006010880 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 006345216 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 001078272 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000313856 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 004000256 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 003802624 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000171008 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 001083904 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000205312 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000329728 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000113152 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000376320 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 092323328 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 005560832 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000463360 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000188416 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 002888704 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000053760 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000059392 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000017408 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000287232 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000329216 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000136192 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000089088 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000312320 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2020-08-19 16:48 - 2020-08-19 16:48 - 000017920 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-09-23 03:09 - 2020-09-23 03:09 - 000085504 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [490]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2020-09-07 19:00 - 2020-09-07 19:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\nilsm\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\34143-hintergrundbilder-1080p-1920x1080-fuer-android-tablet.jpg
HKU\S-1-5-21-3057036889-2186060926-1911704382-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

Network Binding:
=============
Ethernet 3: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet 2: NordVPN LightWeight Firewall -> NordLwf (enabled) 
Ethernet: NordVPN LightWeight Firewall -> NordLwf (enabled) 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\StartupFolder: => "MTWSAppHelper.lnk"
HKLM\...\StartupApproved\StartupFolder: => "MTWSAndroidAppHelper.lnk"
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKLM\...\StartupApproved\Run32: => "V0770Mon.exe"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\StartupFolder: => "Voicemeeter (VB-Audio).LNK"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "Voicemod"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "AMDDVR"
HKU\S-1-5-21-3057036889-2186060926-1911704382-1001\...\StartupApproved\Run: => "Overwolf"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{FE3159B0-CF41-4FC3-A8B9-DC6DD8E1F901}C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{0F4F1EC9-48CF-4C30-86C7-1051C7826ED5}C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [{0359D1C0-4EEA-45D2-A587-DD1E57C5B7E7}] => (Allow) C:\Users\nilsm\AppData\Local\Programs\Opera\69.0.3686.36\opera.exe => Keine Datei
FirewallRules: [UDP Query User{E99BFECA-8487-4C92-B01D-88A0E5E6ADEE}C:\users\nilsm\appdata\local\fivem\fivem.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [TCP Query User{CE20FA93-89F6-4D97-85A2-3127A1402F1C}C:\users\nilsm\appdata\local\fivem\fivem.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{8D9C1766-9812-49A2-9ACC-CE02F7080B52}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{AF35CA54-A178-484E-BEFD-86A12E78AF39}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{91F098AA-EC9C-426F-8CF3-7D1EA9F23DDF}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{EFCAC980-E6A4-483B-8584-793F270699A8}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{E9308865-9DE9-4631-BA0A-665115179073}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{613E13D9-0D63-4C44-8DB6-650A091E648C}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{EB44E8D8-65EC-437F-BB7B-ACE1222A932C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{445EE6D6-1AB0-41C8-9F71-42146BCE5CA7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{10D4374D-1D46-4269-802B-757447D3B6F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{3C143C25-E42B-41C1-A1E2-168185F60757}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{9E9960CB-E7D2-49EE-8814-AC673C689475}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{557DD148-A1C2-4C23-B8A1-7E6A410C1E40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{25F1ED35-6726-45AE-B87F-23A238F02BFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{9905FAF6-9278-40BD-B225-7EC0DF9CE1F2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [UDP Query User{FACD7E27-6F99-43E5-8592-D37A4211C033}C:\program files\blackmagic design\davinci resolve\programm\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\fuscript.exe => Keine Datei
FirewallRules: [TCP Query User{EC0C327D-63B6-4388-B15F-D687D2F53AF0}C:\program files\blackmagic design\davinci resolve\programm\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\fuscript.exe => Keine Datei
FirewallRules: [UDP Query User{9E52260A-9E72-4B26-BC03-B7174B61D779}C:\program files\blackmagic design\davinci resolve\programm\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\resolve.exe => Keine Datei
FirewallRules: [TCP Query User{B173D3E7-BBA0-4EF5-8433-7AB9B3B7DE17}C:\program files\blackmagic design\davinci resolve\programm\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\resolve.exe => Keine Datei
FirewallRules: [UDP Query User{E3CA50AA-59EC-4674-8C28-4DDB7E6D795D}C:\program files\blackmagic design\davinci resolve\programm\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\dpdecoder.exe => Keine Datei
FirewallRules: [TCP Query User{06EC6B08-0B4C-422B-89DE-17AE7C188F25}C:\program files\blackmagic design\davinci resolve\programm\dpdecoder.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\programm\dpdecoder.exe => Keine Datei
FirewallRules: [UDP Query User{28484B8B-0E8D-476E-9750-C053FAF4347E}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [TCP Query User{F6DE4A6C-543D-4C5C-AE56-C5D57B71C725}D:\davinci resolve\fuscript.exe] => (Allow) D:\davinci resolve\fuscript.exe => Keine Datei
FirewallRules: [UDP Query User{86F8F282-3E8E-4A65-841B-2027D2F088B2}D:\davinci resolve\resolve.exe] => (Allow) D:\davinci resolve\resolve.exe => Keine Datei
FirewallRules: [TCP Query User{E4BAA55A-DA1B-437E-B270-C5D6668B443E}D:\davinci resolve\resolve.exe] => (Allow) D:\davinci resolve\resolve.exe => Keine Datei
FirewallRules: [UDP Query User{DFAAC2F3-46CB-4B35-902B-675A93EFE8B0}D:\davinci resolve\dpdecoder.exe] => (Allow) D:\davinci resolve\dpdecoder.exe => Keine Datei
FirewallRules: [TCP Query User{2820318A-D373-46F2-A01A-A92505285EA1}D:\davinci resolve\dpdecoder.exe] => (Allow) D:\davinci resolve\dpdecoder.exe => Keine Datei
FirewallRules: [UDP Query User{17355C9C-BCCD-411D-857A-6229CE8B2944}D:\windowsapps\spotifyab.spotifymusic_1.133.569.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.133.569.0_x86__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [TCP Query User{6773F0C1-DF26-403E-AAEF-EF9B3E9EE248}D:\windowsapps\spotifyab.spotifymusic_1.133.569.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.133.569.0_x86__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [{45F4363F-E030-4F33-A510-36EA782AFD60}] => (Allow) C:\Users\nilsm\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{CDBE8BCB-B1DC-4B62-98BA-4E7BF560126F}] => (Allow) C:\Users\nilsm\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{A70C7025-0904-48B0-9DAE-94F0099088F4}D:\windowsapps\spotifyab.spotifymusic_1.131.703.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.131.703.0_x86__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [TCP Query User{D9FEA2E0-59FF-4820-ADC4-ACC9C0D74AB6}D:\windowsapps\spotifyab.spotifymusic_1.131.703.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) D:\windowsapps\spotifyab.spotifymusic_1.131.703.0_x86__zpdnekdrzrea0\spotify.exe => Keine Datei
FirewallRules: [{81B86811-9BD7-4542-A5D9-BCA25B5CC592}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe => Keine Datei
FirewallRules: [{D56F6DD3-75C7-49B6-A597-910049A8A6B8}] => (Allow) C:\Program Files (x86)\Origin Games\Apex\EasyAntiCheat_launcher.exe => Keine Datei
FirewallRules: [{C1310748-ECAA-49AC-91D9-BF3A0FC47C04}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{1DA97936-866E-4B05-9807-0A1CBEF9D06E}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{DAD2366E-B474-4C66-9E46-FA669636061D}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{20639C4D-322F-4DFC-864A-8221C50BB3B2}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{58F3D3BC-1807-422B-85BB-867BAC1AD49F}D:\rockstar games launcher\grand theft auto v\gta5.exe] => (Allow) D:\rockstar games launcher\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{73D94905-0B7E-4FC9-8CBF-D9BA56DB00BB}D:\rockstar games launcher\grand theft auto v\gta5.exe] => (Allow) D:\rockstar games launcher\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{7DC683A3-4D21-48F2-B80C-BCA5155FF390}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Block) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [TCP Query User{A2FF515C-3B5D-40F4-837C-AD6F73EA7556}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Block) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{0EF2E0B3-C331-4E05-A5C8-AF2A6D8DC211}] => (Allow) D:\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe (Holotech Studios SRL -> )
FirewallRules: [{F43982DE-7959-42C4-ABC7-112211D476D1}] => (Allow) D:\Steam\steamapps\common\FaceRig\Bin\FaceRig.exe (Holotech Studios SRL -> )
FirewallRules: [{3DD5D072-61E2-4119-97E6-A31B639A8D52}] => (Allow) D:\Steam\steamapps\common\FaceRig\Bin\Launcher.exe (Holotech Studios SRL -> )
FirewallRules: [{A6DF80B4-4CC6-45DF-9BF9-7E8F9693D8AC}] => (Allow) D:\Steam\steamapps\common\FaceRig\Bin\Launcher.exe (Holotech Studios SRL -> )
FirewallRules: [UDP Query User{1578F4CB-967F-4BF1-98FF-AAC4649108D3}D:\obs-studio\bin\64bit\obs64.exe] => (Allow) D:\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [TCP Query User{5CA9784D-B8CD-40DD-AFE6-A6B30163356B}D:\obs-studio\bin\64bit\obs64.exe] => (Allow) D:\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{8A4695EA-9EAF-451E-8DC5-71866F109677}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{90DABB39-89E8-44C5-BF83-9BFB141D437C}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{588B001B-A70A-41F5-83C0-48340961A6D9}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A65B9B83-2A0B-46B2-8607-3FC812D0F5F6}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{5AC02D60-4167-4BA2-B470-D0ED253143EA}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{618FA734-3B64-44ED-9D1C-5ADDFBD7B0B0}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{D98289BC-57F3-476D-8D27-F212E500E03E}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [UDP Query User{8CB0A1E0-6B8F-4C13-A14C-A5D756825ACF}C:\program files (x86)\windscribe\wsappcontrol.exe] => (Allow) C:\program files (x86)\windscribe\wsappcontrol.exe (Windscribe Limited -> Windscribe Limited)
FirewallRules: [TCP Query User{CA5BBB82-967A-49B8-91F8-3C03B1876C62}D:\cod warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\cod warzone\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [UDP Query User{2A68C27A-A960-4DFA-B839-EE774CA1C692}D:\cod warzone\call of duty modern warfare\modernwarfare.exe] => (Allow) D:\cod warzone\call of duty modern warfare\modernwarfare.exe (Activision Publishing Inc -> Activision)
FirewallRules: [TCP Query User{9EE03F9E-3004-4602-8676-52636FA1209D}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [UDP Query User{100F64AE-01F2-4711-B4AC-E7557F3CA6ED}C:\program files\obs-studio\bin\64bit\obs64.exe] => (Allow) C:\program files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{126E6108-1612-4B9C-B494-56F1DB88ABFC}] => (Allow) D:\Origin Games\Apex\EasyAntiCheat_launcher.exe => Keine Datei
FirewallRules: [{74ED2152-1E40-4FB3-ABEF-F213A40B43AE}] => (Allow) D:\Origin Games\Apex\EasyAntiCheat_launcher.exe => Keine Datei
FirewallRules: [TCP Query User{72305B0A-49D5-48FB-BDED-759AD0B47CD2}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{7A7F4948-B4A9-4F01-AA6D-ABA8EE5D9F58}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{A5B99AC0-CD69-4680-9C6E-A38F5106F2D9}C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{0AD41D16-DFF1-4078-8BC5-51BD2937713B}C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.app\cache\subprocess\fivem_gtaprocess.exe (Intricus Software Limited -> Cfx.re) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F115C375-1CBD-4AD3-83AB-CD43898A718D}D:\rockstar games launcher\grand theft auto v\gta5.exe] => (Allow) D:\rockstar games launcher\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{28E6A997-59DE-4EFC-9AFE-35372A16C7C4}D:\rockstar games launcher\grand theft auto v\gta5.exe] => (Allow) D:\rockstar games launcher\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{1841CE52-0214-485B-B2E1-5A96B2DC46B2}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{7B43F813-BB49-4F80-A2E2-4E47AED7E31A}C:\windows\system32\settingsynchost.exe] => (Allow) C:\windows\system32\settingsynchost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{B7AFB478-1A59-4E5E-980D-09229B73C427}] => (Allow) D:\GoPro\GoPro Desktop App\GoPro Quik.exe (GoPro Media, Inc. -> )
FirewallRules: [{89200F32-CD3A-4064-AB98-90627219C2C6}] => (Allow) D:\GoPro\GoPro Desktop App\GoProMsgBus.exe (GoPro Media, Inc. -> )
FirewallRules: [{D5A92B49-09E9-4ACA-96C1-88F7608311EB}] => (Allow) D:\GoPro\GoPro Desktop App\GoProIDService.exe (GoPro Media, Inc. -> )
FirewallRules: [{5B5B0B8B-85E2-4C7B-8FBE-4F915E1A325D}] => (Allow) D:\GoPro\GoPro Desktop App\GoProLauncher.exe (GoPro Media, Inc. -> )
FirewallRules: [{57928662-BD1B-4CCA-9862-15BCF7C6751F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{6ACEE860-463C-4EED-B939-0BB37886C67B}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{2ABE55AB-959C-4052-BEF0-FF590FD358E9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{5F511AFB-EFF0-47E4-89B5-3E61578AEDDE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F50F5D5C-5295-4CEE-AFF2-D4A9BD74732A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{0FACF624-2F08-4DA2-A2F4-6217E6A2F52E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{2E1C52B6-E40E-4BB7-BD45-BE672C5EE512}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{D8A6A5AD-51DF-4726-86B2-A3116F7F46E0}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{5DAE3571-E595-4FC2-9E02-CC6535AC5690}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{7F1CDABD-9D70-4B2C-AF3D-5B7F4A10CB9B}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{19AB24D4-6EBA-46BC-AAC7-AC1AC6B7D761}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F7BF97C1-2D60-4F8A-ADAE-0F765B37318E}C:\program files (x86)\smart view\smart view.exe] => (Allow) C:\program files (x86)\smart view\smart view.exe () [Datei ist nicht signiert]
FirewallRules: [{EF85E6B9-6B52-4BBA-A6AF-8C0334030110}] => (Allow) D:\The Division\Tom Clancy's The Division\TheDivision.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{92219AE8-D985-497E-BD70-DC0604CAA604}D:\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{949BC149-396E-4687-A2CB-F496F6110A0A}D:\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{999129E3-15C1-4588-B4D9-21CC1EAD8423}D:\battle.net spiele\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\battle.net spiele\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{E366A83C-E5DE-47AD-8E9E-5E32702143EF}D:\battle.net spiele\starcraft ii\versions\base81433\sc2_x64.exe] => (Allow) D:\battle.net spiele\starcraft ii\versions\base81433\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{4BF2FC31-9166-4723-A99A-6A473ACB3A02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CA9E7FC2-19FC-4938-937D-EB53D00B834F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8ECA5E3F-3DEE-47E2-87B0-C39D82BA3009}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DD9768A8-D780-4672-80AA-1C90DEC1A20A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{1F4C4A1E-F06C-45DC-BF77-16320219D04C}C:\users\nilsm\appdata\local\fivem\fivem.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [UDP Query User{B9D5B1A3-62DA-49B1-BA10-68100F45A655}C:\users\nilsm\appdata\local\fivem\fivem.exe] => (Allow) C:\users\nilsm\appdata\local\fivem\fivem.exe (Intricus Software Limited -> Cfx.re)
FirewallRules: [{DA32E9FF-B592-4262-A334-8C17FD42C10A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{3F899190-489D-4B64-B2B6-95EFF58532D2}D:\origin games2\fifa 20 demo\fifa20_demo.exe] => (Allow) D:\origin games2\fifa 20 demo\fifa20_demo.exe => Keine Datei
FirewallRules: [UDP Query User{0C78C241-2651-41AB-A417-1A17985A8010}D:\origin games2\fifa 20 demo\fifa20_demo.exe] => (Allow) D:\origin games2\fifa 20 demo\fifa20_demo.exe => Keine Datei
FirewallRules: [{50D49DE1-FA3E-422E-B73D-4AE106109001}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{30AE9D94-D334-494D-9A01-C597D84FDB04}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [TCP Query User{58026896-053C-42A8-AD0A-8334923EDA6F}D:\battle.net spiele\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) D:\battle.net spiele\call of duty black ops cold war beta\blackopscoldwar.exe => Keine Datei
FirewallRules: [UDP Query User{D77F3115-53C7-4624-8CA8-35A264D87E1E}D:\battle.net spiele\call of duty black ops cold war beta\blackopscoldwar.exe] => (Allow) D:\battle.net spiele\call of duty black ops cold war beta\blackopscoldwar.exe => Keine Datei
FirewallRules: [TCP Query User{DEFAC086-6A69-4961-8286-D4E641DA03AC}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{A5ADE52C-0114-4E01-9AEE-8935128F0AE1}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{EA8597C4-9AFD-4B3F-AAE8-A9A4AA62D019}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{0F9644F2-A6C3-4471-BE87-3AD1F0C4B475}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{38ABB140-D69D-4CF1-83AE-19696F98D4D8}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{7FECD3A2-0B77-433C-86DD-1B95C0EB044F}] => (Allow) C:\Program Files (x86)\Overwolf\0.157.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{09469611-4EC9-48F9-9ADD-35DF19D97508}] => (Block) C:\Program Files (x86)\Overwolf\0.157.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{18EF34A8-F6DF-46CF-BC10-B46A9EC98E7D}] => (Block) C:\Program Files (x86)\Overwolf\0.157.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{B4B5AA66-4DDF-48C0-B181-CF280A294283}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Keine Datei
FirewallRules: [{C8D0DA68-3DA4-4F5C-983C-242B384EB201}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe => Keine Datei
FirewallRules: [{CA6539EF-730F-4D3F-A7B1-1F756FE58753}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Keine Datei
FirewallRules: [{B2A63C56-78DC-4671-8EC2-2B698D3F402E}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => Keine Datei
FirewallRules: [TCP Query User{568D1092-52E5-4B39-8E21-4DA28C0CB76B}D:\battle.net spiele\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) D:\battle.net spiele\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [UDP Query User{DAECA819-92EB-49E5-B22A-563C810E43CD}D:\battle.net spiele\call of duty black ops cold war\blackopscoldwar.exe] => (Allow) D:\battle.net spiele\call of duty black ops cold war\blackopscoldwar.exe (Activision Publishing Inc -> Activision Publishing, Inc.)
FirewallRules: [{671E1AB3-8291-4BC5-AE3B-6EAFF46DFC05}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64FABE82-7884-44BA-B8C8-3E99018902C6}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{24704C31-91CE-4FF1-B6DB-692D67DF1DB6}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{939A7493-FEC4-4D2B-AAE1-808A481DC098}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D8B2F17-4F8D-4076-9CDC-CFE9DE727031}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0F929421-BE25-4CEB-937F-E2CD1F747F5F}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2D41DB9A-1168-4022-B04D-AB8ED59CB884}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C0E71CFF-41E9-4A86-9A71-99D4CF7034D8}] => (Allow) D:\WindowsApps\SpotifyAB.SpotifyMusic_1.146.916.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3B38B2D5-F0DF-44CA-92EB-000CB6FCF82A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22A62E24-7D82-4224-BD8A-6B7A80AF262D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B501D405-9069-4F7F-91E4-521BFFD0E918}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DC52027B-A35A-4717-BAB9-AFEBAFDD4898}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DDDEE703-64C5-44D1-A3D7-DFC5DC98F709}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B1390E42-B05F-4C18-9DF0-3BDB25A42BB4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{788560C2-EDA3-49FA-9641-F4BC58BDC0FA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21E2DDC6-136A-4E61-BC90-B78A33B90A47}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CA3F2942-021A-46F3-9FB1-C48B41EF5ABC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2B4413E7-C2E7-4904-9219-1A261220D658}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4A8DF1F5-2AD8-480F-BC8A-A8C097E87EA2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E7C770E6-2C65-4BC8-A0A0-B7AF08DEF881}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)

==================== Wiederherstellungspunkte =========================

12-11-2020 19:09:31 Geplanter Prüfpunkt
20-11-2020 18:46:31 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (11/21/2020 09:36:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.

Error: (11/21/2020 09:36:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]

Error: (11/21/2020 09:36:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.

Error: (11/21/2020 09:36:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]

Error: (11/21/2020 09:33:27 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (412,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/20/2020 11:07:13 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5980,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/20/2020 10:56:53 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6456,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/20/2020 09:57:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1312,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


Systemfehler:
=============
Error: (11/21/2020 09:39:12 AM) (Source: DCOM) (EventID: 10010) (User: FACTORIUMS-PC)
Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/21/2020 09:37:27 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "%2", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die 
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung 
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar 
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.

Error: (11/21/2020 09:37:27 AM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "%2", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die 
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung 
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar 
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.

Error: (11/21/2020 09:37:18 AM) (Source: DCOM) (EventID: 10010) (User: FACTORIUMS-PC)
Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/21/2020 09:35:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/21/2020 09:35:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bluetooth Driver Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/21/2020 09:35:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GoPro Device Detection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/21/2020 09:35:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindscribeService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
===================================
Date: 2020-11-20 18:30:18.815
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {1F385588-A4A2-43B1-B208-3E4CA87E575E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2020-11-14 14:12:03.174
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3C50D30F-D8A5-482B-BE39-CF0B92FA9759}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2020-11-12 18:58:33.305
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {1C0DFF82-F5A6-4C4B-A143-141C4C269A08}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2020-11-02 14:52:45.742
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {47C38691-F09A-476C-9EE2-A7026D89B993}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2020-10-31 10:31:39.495
Description: 
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {53DB02A4-9EE0-4E6B-AEDC-4107C7C24457}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2020-11-14 14:00:04.124
Description: 
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.327.797.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.17600.5
Fehlercode: 0x80072ee2
Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 

Date: 2020-11-14 14:00:04.123
Description: 
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.327.797.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.17600.5
Fehlercode: 0x80072ee2
Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 

Date: 2020-11-14 14:00:04.122
Description: 
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.327.797.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.17600.5
Fehlercode: 0x80072ee2
Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. 

Date: 2020-11-14 13:59:42.494
Description: 
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.327.797.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.17600.5
Fehlercode: 0x80240016
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support". 

Date: 2020-11-04 10:56:32.309
Description: 
Bei Windows Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.327.246.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.17600.5
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich. 

CodeIntegrity:
===================================

Date: 2020-10-31 23:21:36.282
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:36.247
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:35.727
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:35.722
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:35.716
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:35.711
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 23:21:35.705
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\OWExplorer.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-31 19:05:42.528
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume6\Users\nilsm\AppData\Local\Discord\app-0.0.308\Discord.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Overwolf\0.157.0.16\win32\OWExplorer.dll that did not meet the Microsoft signing level requirements.

==================== Speicherinformationen =========================== 

BIOS: American Megatrends Inc. 0312 09/18/2018
Hauptplatine: ASUSTeK COMPUTER INC. TUF B450M-PRO GAMING
Prozessor: AMD Ryzen 5 1400 Quad-Core Processor 
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 8121.39 MB
Verfügbarer physikalischer RAM: 4691.37 MB
Summe virtueller Speicher: 23993.39 MB
Verfügbarer virtueller Speicher: 17251.58 MB

==================== Laufwerke ================================

Drive 😄 () (Fixed) (Total:110.67 GB) (Free:32.58 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.5 GB) (Free:208.68 GB) NTFS
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:389.69 GB) NTFS

\\?\Volume{1c1cff42-2692-40f3-a0bb-cdea0eec06fd}\ (Wiederherstellung) (Fixed) (Total:0.49 GB) (Free:0.47 GB) NTFS
\\?\Volume{0f43a186-f63c-4495-ba83-f7769b64f028}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{2a111268-499d-4c2a-ad8e-754adf9d0d58}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: C860158C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt =======================

 

Link to post
Share on other sites

Hiya Factorium,

Apologies I did not see your reply... The Malwarebytes log shows "No Action by User" against all found entries, is that correct...?

Thank you,

Kevin..

Link to post
Share on other sites
Hiya Factorium,

Continue as follows:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Detection History tab > from main interface.
  • Then click on "History" that will open to a historical list
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Right click on FRST.exe and select Rename change to FRSTEnglish.exe Double click to run one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

user posted image

Let me see those logs,

Thank you,

Kevin
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.