Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zlob.Q Is my PC infected / compromitted?


  • This topic is locked This topic is locked
30 replies to this topic

#1 HannesGert

HannesGert

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 08 February 2018 - 01:24 PM

Hi, very often (dayly 1 to 3)  I get notifications from Norton that says "Norton blocked an attack: System infected: Trojan.Zlob.Q". I have up to date virus protection (LiveUpdate) and the full system scan cant find anything. But it doesnt slow down my PC and doesnt disconnect me from the net. I have run Norton Power Eraser and still nothing. (it did find 2 files which are self by me created). It seems that a trojan horse is on my PC but Norton blocks all its attacks so that the trojan doesnt seem to disturb. But I am nervously irritated, nevertheless.

I have Windows 10 Version 1709 (Build 16299.214) X64.

What should I do? Can you help me?

 

 

Attached File  FRST.txt   62.43KB   7 downloads

 

Attached File  Addition.txt   52.55KB   5 downloads



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 08 February 2018 - 02:51 PM

Greetings HannesGert and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST64 icon, select Rename, and rename it to FRST64english. Be sure to copy and paste both documents in your reply using multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 08 February 2018 - 04:48 PM

Hi,Gary, thanks for so fast response, please call me Gert, its my real name, and please excuse my bad English. I hope I did all right and the attach files are OK.  
 
 
Attached File  FRST.txt   62.78KB   1 downloads
Attached File  Addition.txt   53.01KB   1 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07.02.2018 01
Ran by Hohndorf (administrator) on DESKTOP-NP5MPKU (08-02-2018 22:27:47)
Running from C:\Users\Hohndorf\Desktop
Loaded Profiles: Hohndorf (Available Profiles: Hohndorf)
Platform: Windows 10 Home Version 1709 16299.214 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\nortonsecurity.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\nortonsecurity.exe
(Ascora GmbH) C:\Program Files (x86)\CheckDrive\CheckDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\HxAccounts.exe
() C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
() C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Farbar) C:\Users\Hohndorf\Desktop\FRST64english.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [588360 2017-06-22] ()
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2014-03-28] (AVM Berlin)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [213536 2016-02-19] (Geek Software GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5118656 2017-06-22] ()
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [425864 2017-02-14] (Acronis International GmbH)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3164059949-768371667-2499420802-1001\...\Run: [Speech Recognition] => C:\WINDOWS\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-3164059949-768371667-2499420802-1001\...\Policies\Explorer: [NoTrayContextMenu] 1
HKU\S-1-5-21-3164059949-768371667-2499420802-1001\...\MountPoints2: {28f703e0-c089-11e5-bf31-fcaa145ee31f} - "J:\pushinst.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2016-01-23]
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\Users\Hohndorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyMemory.EXE - Verknüpfung.lnk [2016-01-22]
ShortcutTarget: MyMemory.EXE - Verknüpfung.lnk -> D:\MyDataBase\MyMemory.EXE (privat)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{707aca66-a9ae-4a8a-b0a3-3a009b442ec6}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3164059949-768371667-2499420802-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1003&geo=DE&ver=22.12.0.104&locale=de_DE&guid=A4F38C69-9A00-4932-9A1C-E4D0217AC6E6&doi=2016-09-01&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-12-12] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-12-12] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine32\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine32\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3164059949-768371667-2499420802-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\coIEPlg.dll [2018-01-25] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7l54ssoq.default
FF ProfilePath: C:\Users\Hohndorf\AppData\Roaming\t-online.de\Browser7\Profiles\7l54ssoq.default [2018-02-08]
FF ProfilePath: C:\Users\Hohndorf\AppData\Roaming\Deutsche Telekom AG\Browser7\Profiles\7l54ssoq.default [2016-04-11]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1278720 2017-06-22] ()
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-07-31] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2017-01-06] (Microsoft Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4795288 2017-02-13] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1617520 2017-06-22] ()
R2 NortonSecurity; C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\NortonSecurity.exe [328712 2018-01-26] (Symantec Corporation)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7014728 2017-03-07] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2017-01-05] (Microsoft Corporation) [File not signed]
S3 tonlinedeBrowser7Maintenance; C:\Program Files (x86)\t-online.de Browser 7 Maintenance Service\maintenanceservice.exe [175312 2017-12-01] (t-online.de)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2016-01-21] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\BASHDefs\20180201.001\BHDrvx64.sys [1880144 2018-02-01] (Symantec Corporation)
R1 ccSet_NGC; C:\WINDOWS\system32\drivers\NGCx64\160C000.068\ccSetx64.sys [187544 2018-01-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507984 2018-01-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [152656 2018-01-04] (Symantec Corporation)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [378712 2017-07-31] (Acronis International GmbH)
R3 fwlanusb6; C:\WINDOWS\system32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.2.15\Definitions\IPSDefs\20180207.001\IDSvia64.sys [1056920 2017-10-16] (Symantec Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 SRTSP; C:\WINDOWS\System32\Drivers\NGCx64\160C000.068\SRTSP64.SYS [817816 2018-01-25] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NGCx64\160C000.068\SRTSPX64.SYS [49304 2018-01-25] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\160C000.068\SYMEFASI64.SYS [1942168 2018-01-25] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\160C000.068\SymELAM.sys [24608 2018-01-25] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102552 2018-02-01] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NGCx64\160C000.068\Ironx64.SYS [307864 2018-01-25] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\NGCx64\160C000.068\SYMNETS.SYS [566936 2018-01-25] (Symantec Corporation)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310552 2017-07-31] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [213336 2017-07-31] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [690520 2017-07-31] (Acronis International GmbH)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324952 2017-07-31] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-08 21:41 - 2018-02-08 21:41 - 000000000 ____D C:\WINDOWS\Panther
2018-02-08 17:37 - 2018-02-08 17:33 - 002402304 _____ (Farbar) C:\Users\Hohndorf\Desktop\FRST64english.exe
2018-02-08 17:12 - 2018-02-08 17:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2018-02-07 17:13 - 2018-02-08 17:42 - 000053808 _____ C:\Users\Hohndorf\Desktop\Addition.txt
2018-02-07 17:12 - 2018-02-08 22:28 - 000017013 _____ C:\Users\Hohndorf\Desktop\FRST.txt
2018-02-07 17:11 - 2018-02-08 22:27 - 000000000 ____D C:\FRST
2018-02-07 16:25 - 2018-02-07 16:25 - 000000000 ____D C:\WINDOWS\pss
2018-02-03 19:03 - 2018-02-03 19:03 - 000002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-01 16:53 - 2018-02-07 21:56 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Security with Backup
2018-02-01 16:47 - 2018-02-01 16:47 - 000003414 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2018-02-01 16:46 - 2018-02-01 16:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2018-02-01 16:43 - 2018-02-01 16:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2018-02-01 15:17 - 2018-01-17 23:07 - 007385080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-01 15:17 - 2018-01-17 23:07 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-01 15:17 - 2018-01-17 22:07 - 006479560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-01 15:17 - 2018-01-17 21:52 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-01 15:17 - 2018-01-17 21:48 - 013703680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-01 15:17 - 2018-01-17 21:46 - 018921984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-01 15:17 - 2018-01-17 21:44 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-01 15:17 - 2018-01-17 21:40 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-02-01 15:17 - 2018-01-17 21:39 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-02-01 15:17 - 2018-01-17 21:39 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-02-01 15:17 - 2018-01-17 21:39 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-02-01 15:16 - 2018-01-17 23:19 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-01 15:16 - 2018-01-17 23:19 - 001055640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-01 15:16 - 2018-01-17 23:19 - 000599456 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-01 15:16 - 2018-01-17 23:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-01 15:16 - 2018-01-17 23:18 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-01 15:16 - 2018-01-17 23:18 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-01 15:16 - 2018-01-17 23:18 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-01 15:16 - 2018-01-17 23:18 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-01 15:16 - 2018-01-17 23:18 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-01 15:16 - 2018-01-17 23:18 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-02-01 15:16 - 2018-01-17 23:15 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-01 15:16 - 2018-01-17 23:15 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-01 15:16 - 2018-01-17 23:15 - 001954560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-01 15:16 - 2018-01-17 23:15 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-01 15:16 - 2018-01-17 23:15 - 001209248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-01 15:16 - 2018-01-17 23:15 - 001002600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-01 15:16 - 2018-01-17 23:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-01 15:16 - 2018-01-17 23:12 - 001313024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-01 15:16 - 2018-01-17 23:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-01 15:16 - 2018-01-17 23:12 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-01 15:16 - 2018-01-17 23:11 - 001044384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-02-01 15:16 - 2018-01-17 23:10 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-01 15:16 - 2018-01-17 23:10 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-01 15:16 - 2018-01-17 23:10 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-01 15:16 - 2018-01-17 23:10 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-01 15:16 - 2018-01-17 23:10 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-01 15:16 - 2018-01-17 23:10 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-01 15:16 - 2018-01-17 23:09 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-01 15:16 - 2018-01-17 23:09 - 002709200 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-01 15:16 - 2018-01-17 23:09 - 000712096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-01 15:16 - 2018-01-17 23:09 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-01 15:16 - 2018-01-17 23:09 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-01 15:16 - 2018-01-17 23:09 - 000154528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-01 15:16 - 2018-01-17 23:09 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-01 15:16 - 2018-01-17 23:08 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 004486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 002447768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 000677792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-01 15:16 - 2018-01-17 23:08 - 000614168 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-01 15:16 - 2018-01-17 23:08 - 000494496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-01 15:16 - 2018-01-17 23:08 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-01 15:16 - 2018-01-17 23:08 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-01 15:16 - 2018-01-17 23:08 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 004506584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 001430760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-01 15:16 - 2018-01-17 23:07 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 001254152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 000603928 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-01 15:16 - 2018-01-17 23:07 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-01 15:16 - 2018-01-17 23:07 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-01 15:16 - 2018-01-17 23:06 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-01 15:16 - 2018-01-17 23:06 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-01 15:16 - 2018-01-17 23:06 - 000087392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-01 15:16 - 2018-01-17 23:04 - 001103776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-01 15:16 - 2018-01-17 23:04 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-01 15:16 - 2018-01-17 22:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-01 15:16 - 2018-01-17 22:19 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-01 15:16 - 2018-01-17 22:16 - 002255120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-02-01 15:16 - 2018-01-17 22:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-01 15:16 - 2018-01-17 22:13 - 004382040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-02-01 15:16 - 2018-01-17 22:13 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-02-01 15:16 - 2018-01-17 22:10 - 025250304 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-01 15:16 - 2018-01-17 22:10 - 006092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-01 15:16 - 2018-01-17 22:10 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-01 15:16 - 2018-01-17 22:10 - 002338784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-01 15:16 - 2018-01-17 22:10 - 002192112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-01 15:16 - 2018-01-17 22:10 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-02-01 15:16 - 2018-01-17 22:10 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-01 15:16 - 2018-01-17 22:09 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-01 15:16 - 2018-01-17 22:09 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-01 15:16 - 2018-01-17 22:09 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-01 15:16 - 2018-01-17 22:08 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-01 15:16 - 2018-01-17 22:08 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-01 15:16 - 2018-01-17 22:08 - 000083224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-02-01 15:16 - 2018-01-17 22:07 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-01 15:16 - 2018-01-17 22:07 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-01 15:16 - 2018-01-17 22:07 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-01 15:16 - 2018-01-17 22:07 - 000982536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-01 15:16 - 2018-01-17 22:07 - 000662216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-01 15:16 - 2018-01-17 22:06 - 001149280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-01 15:16 - 2018-01-17 22:06 - 000386432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-01 15:16 - 2018-01-17 22:06 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-01 15:16 - 2018-01-17 22:06 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-01 15:16 - 2018-01-17 22:04 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-02-01 15:16 - 2018-01-17 21:52 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-01 15:16 - 2018-01-17 21:51 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-01 15:16 - 2018-01-17 21:51 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-01 15:16 - 2018-01-17 21:51 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-01 15:16 - 2018-01-17 21:51 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-01 15:16 - 2018-01-17 21:50 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-01 15:16 - 2018-01-17 21:49 - 023657984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-01 15:16 - 2018-01-17 21:48 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-01 15:16 - 2018-01-17 21:48 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-01 15:16 - 2018-01-17 21:47 - 008020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-01 15:16 - 2018-01-17 21:47 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-01 15:16 - 2018-01-17 21:46 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 012831744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-02-01 15:16 - 2018-01-17 21:45 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-01 15:16 - 2018-01-17 21:45 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-01 15:16 - 2018-01-17 21:44 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-01 15:16 - 2018-01-17 21:44 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-02-01 15:16 - 2018-01-17 21:44 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 003169280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-02-01 15:16 - 2018-01-17 21:43 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-01 15:16 - 2018-01-17 21:42 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 001312256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-02-01 15:16 - 2018-01-17 21:42 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 004815360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 002771968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-01 15:16 - 2018-01-17 21:41 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-02-01 15:16 - 2018-01-17 21:41 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000885248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-02-01 15:16 - 2018-01-17 21:41 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 002523648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-02-01 15:16 - 2018-01-17 21:39 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-02-01 15:16 - 2018-01-17 21:38 - 001064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2018-02-01 15:16 - 2018-01-17 21:38 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-01 15:16 - 2018-01-17 21:38 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-01 15:16 - 2018-01-17 21:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2018-02-01 15:16 - 2018-01-17 21:38 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-01 15:16 - 2018-01-17 21:38 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-01 15:16 - 2018-01-17 21:37 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-02-01 15:16 - 2018-01-17 21:37 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-02-01 15:16 - 2018-01-17 21:37 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-01 15:16 - 2018-01-17 21:36 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-02-01 15:16 - 2018-01-17 21:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-02-01 15:16 - 2018-01-17 21:36 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-02-01 15:16 - 2018-01-17 21:36 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-02-01 15:16 - 2018-01-17 21:36 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-02-01 15:16 - 2018-01-17 21:35 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-02-01 15:16 - 2018-01-17 21:35 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-02-01 15:16 - 2018-01-17 21:34 - 002216960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2018-02-01 15:16 - 2018-01-17 21:34 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-02-01 15:16 - 2018-01-17 21:34 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-02-01 15:16 - 2018-01-17 21:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-02-01 15:16 - 2018-01-17 21:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-01 15:16 - 2018-01-17 21:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-02-01 15:16 - 2018-01-17 21:32 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-02-01 15:16 - 2018-01-17 21:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2018-02-01 15:16 - 2018-01-17 19:47 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-02-01 15:16 - 2018-01-17 19:47 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-02-01 15:16 - 2018-01-11 01:52 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-01 15:16 - 2018-01-11 01:51 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-01 15:15 - 2018-01-17 23:07 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-01 15:15 - 2018-01-17 22:09 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-01 15:15 - 2018-01-17 22:06 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-02-01 15:15 - 2018-01-17 21:49 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-01 15:15 - 2018-01-17 21:49 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-01 15:15 - 2018-01-17 21:49 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-01 15:15 - 2018-01-17 21:48 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-01 15:15 - 2018-01-17 21:48 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-01 15:15 - 2018-01-17 21:48 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-01 15:15 - 2018-01-17 21:47 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-01 15:15 - 2018-01-17 21:47 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-01 15:15 - 2018-01-17 21:47 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-02-01 15:15 - 2018-01-17 21:46 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-01 15:15 - 2018-01-17 21:45 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-02-01 15:15 - 2018-01-17 21:45 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-01 15:15 - 2018-01-17 21:45 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-01 15:15 - 2018-01-17 21:45 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-02-01 15:15 - 2018-01-17 21:44 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-02-01 15:15 - 2018-01-17 21:44 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-02-01 15:15 - 2018-01-17 21:43 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-01 15:15 - 2018-01-17 21:43 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-02-01 15:15 - 2018-01-17 21:43 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-01 15:15 - 2018-01-17 21:42 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-02-01 15:15 - 2018-01-17 21:42 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-02-01 15:15 - 2018-01-17 21:42 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2018-02-01 15:15 - 2018-01-17 21:42 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-02-01 15:15 - 2018-01-17 21:42 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-02-01 15:15 - 2018-01-17 21:41 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-02-01 15:15 - 2018-01-17 21:40 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-02-01 15:15 - 2018-01-17 21:40 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-02-01 15:15 - 2018-01-17 21:40 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-02-01 15:15 - 2018-01-17 21:40 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2018-02-01 15:15 - 2018-01-17 21:40 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-01 15:15 - 2018-01-17 21:39 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-02-01 15:15 - 2018-01-17 21:39 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-01 15:15 - 2018-01-17 21:39 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2018-02-01 15:15 - 2018-01-17 21:39 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-02-01 15:15 - 2018-01-17 21:38 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2018-02-01 15:15 - 2018-01-17 21:38 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-01 15:15 - 2018-01-17 21:38 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-02-01 15:15 - 2018-01-17 21:38 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-01 15:15 - 2018-01-17 21:37 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-02-01 15:15 - 2018-01-17 21:37 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-02-01 15:15 - 2018-01-17 21:37 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-02-01 15:15 - 2018-01-17 21:37 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2018-02-01 15:15 - 2018-01-17 21:37 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-02-01 15:15 - 2018-01-17 21:37 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-02-01 15:15 - 2018-01-17 21:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-02-01 15:15 - 2018-01-17 21:36 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-02-01 15:15 - 2018-01-17 21:36 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-02-01 15:15 - 2018-01-17 21:36 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-02-01 15:15 - 2018-01-17 21:35 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-02-01 15:15 - 2018-01-17 21:35 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-02-01 15:15 - 2018-01-17 21:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2018-02-01 15:15 - 2018-01-17 21:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2018-02-01 15:15 - 2018-01-17 21:35 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-02-01 15:15 - 2018-01-17 21:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-02-01 15:15 - 2018-01-17 21:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-02-01 15:15 - 2018-01-17 21:34 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-02-01 15:15 - 2018-01-17 21:34 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-02-01 15:15 - 2018-01-17 21:34 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-02-01 15:15 - 2018-01-17 21:34 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-02-01 15:15 - 2018-01-17 21:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-01 15:15 - 2018-01-17 21:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-01 15:15 - 2018-01-17 21:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2018-02-01 15:15 - 2018-01-17 21:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-01 15:15 - 2018-01-17 21:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-02-01 15:15 - 2018-01-17 21:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-01-31 10:34 - 2018-01-31 10:34 - 000002397 _____ C:\Users\Hohndorf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-08 18:53 - 2016-12-21 13:14 - 000000000 ____D C:\Users\Hohndorf\AppData\LocalLow\Mozilla
2018-02-08 14:39 - 2017-10-17 16:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-08 12:57 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-07 21:48 - 2017-10-17 16:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-07 20:05 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-07 20:05 - 2016-01-21 15:51 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-02-07 16:11 - 2017-08-13 16:16 - 000133132 _____ C:\WINDOWS\ntbtlog.txt
2018-02-07 12:13 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-07 12:13 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-07 12:11 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-06 03:49 - 2017-09-29 14:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 03:49 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-04 14:19 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-02-03 19:03 - 2016-04-03 13:07 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 16:01 - 2016-01-26 14:29 - 000000000 ____D C:\Program Files (x86)\avmwlanstick
2018-02-01 18:45 - 2016-03-22 14:28 - 000000000 ____D C:\Program Files\Common Files\AV
2018-02-01 18:10 - 2016-01-22 14:04 - 000000000 ____D C:\ProgramData\Norton
2018-02-01 18:09 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-01 17:18 - 2017-11-11 19:28 - 000000000 ____D C:\WINDOWS\Minidump
2018-02-01 16:43 - 2017-10-17 15:52 - 000102552 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2018-02-01 16:43 - 2017-10-17 15:52 - 000008471 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2018-02-01 15:38 - 2017-10-17 16:35 - 002617768 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-01 15:38 - 2017-09-30 15:35 - 001208422 _____ C:\WINDOWS\system32\perfh007.dat
2018-02-01 15:38 - 2017-09-30 15:35 - 000288030 _____ C:\WINDOWS\system32\perfc007.dat
2018-02-01 15:33 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-01 15:32 - 2016-11-06 16:57 - 000000000 ___RD C:\Users\Hohndorf\3D Objects
2018-02-01 15:32 - 2015-09-10 06:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-01 15:31 - 2017-10-17 16:15 - 000286400 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-01 15:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-01 15:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-01 15:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-01 15:27 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-01 15:18 - 2017-09-29 14:41 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-31 17:27 - 2017-10-17 16:18 - 000000000 ____D C:\Users\Hohndorf
2018-01-31 16:50 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-31 10:35 - 2017-10-17 16:31 - 000003382 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3164059949-768371667-2499420802-1001
2018-01-31 10:34 - 2016-01-21 15:31 - 000000000 ___RD C:\Users\Hohndorf\OneDrive
2018-01-30 14:25 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-26 19:00 - 2016-07-08 13:43 - 000000000 ____D C:\ProgramData\YTD Video Downloader
2018-01-25 18:20 - 2016-01-25 18:36 - 000000000 ____D C:\Users\Hohndorf\AppData\Local\CrashDumps
2018-01-25 10:31 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-25 10:30 - 2016-01-22 17:32 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-23 19:36 - 2017-10-17 16:19 - 000000000 ____D C:\Users\Hohndorf\AppData\Local\Packages
2018-01-14 16:58 - 2017-03-10 13:36 - 000000000 ____D C:\Users\Hohndorf\Documents\Visual Studio 2017
2018-01-10 14:55 - 2016-01-21 21:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-10 14:51 - 2017-10-11 13:40 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-10 14:51 - 2016-01-21 21:28 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2017-07-31 17:18 - 2017-07-31 17:24 - 513568528 _____ () C:\Users\Hohndorf\AppData\Local\AcronisTrueImage2017_8058.exe
2016-03-17 19:15 - 2016-03-17 19:15 - 000000017 _____ () C:\Users\Hohndorf\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-29 15:34

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07.02.2018 01
Ran by Hohndorf (08-02-2018 22:29:15)
Running from C:\Users\Hohndorf\Desktop
Windows 10 Home Version 1709 16299.214 (X64) (2017-10-17 15:42:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3164059949-768371667-2499420802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3164059949-768371667-2499420802-503 - Limited - Disabled)
Gast (S-1-5-21-3164059949-768371667-2499420802-501 - Limited - Disabled)
Hohndorf (S-1-5-21-3164059949-768371667-2499420802-1001 - Administrator - Enabled) => C:\Users\Hohndorf
WDAGUtilityAccount (S-1-5-21-3164059949-768371667-2499420802-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Online mit Backup (Enabled - Up to date) {E3FDBD9F-8140-1400-F32B-8B58923F7C4D}
AS: Norton Security Online mit Backup (Enabled - Up to date) {589C5C7B-A77A-1B8E-C99B-B02AE9B836F0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Online mit Backup (Enabled) {DBC63CBA-CB2F-1558-D874-226D6CEC3B36}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{3FB8B185-7EBB-4E02-9038-DBF328954435}) (Version: 20.0.8058 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{3FB8B185-7EBB-4E02-9038-DBF328954435}Visible) (Version: 20.0.8058 - Acronis)
Active Directory Authentication Library für SQL Server (HKLM\...\{DCF8CB30-F4CE-476A-AB02-E8D620FADC70}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library für SQL Server (x86) (HKLM-x32\...\{03D2027B-6335-4822-89ED-CD99D2F4CE43}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Ahnenblatt 2.64 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.64.1.3 - Dirk Boettcher)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Application Verifier x64 External Package (HKLM\...\{AB5E83C8-0175-0A1F-338A-EB8925AFC341}) (Version: 10.1.14393.795 - Microsoft) Hidden
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version: - ArcSoft)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{B2429EA1-767E-4947-A458-F2204A2AA1BB}) (Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools for Windows 10 - ENU (HKLM-x32\...\{E5C9A6AC-6AB9-455C-B8AF-FAC95908D0DF}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (HKLM-x32\...\{3DF885A3-8834-49EB-8390-15DCD84DC5FB}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
CanoScan LiDE 70 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411) (Version: - )
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 1.07 - Abelssoft)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
CodedUITestUAP (HKLM-x32\...\{0AB83CFE-A321-364C-8F78-A79084EC90D4}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
Corel Applications (HKLM-x32\...\Corel Applications) (Version: - )
DiagnosticsHub_CollectionService (HKLM\...\{90A561D7-0C29-464D-94E1-2A7E1C553230}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
DirComp (HKLM-x32\...\{B915FA4E-B670-43E9-8EA0-9F16BFFD8AE8}) (Version: 2.06.0000 - Wolfgang Wirth)
Entity Framework 6.1.3 Tools for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{FD639F4D-1460-42E6-B32D-FEC1745D0BDC}) (Version: 13.0.1601.5 - Microsoft Corporation)
FileZilla Client 3.28.0 (HKLM-x32\...\FileZilla Client) (Version: 3.28.0 - Tim Kosse)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Google Earth Pro (HKLM-x32\...\{76AADFE7-3416-419C-A30B-41E762231584}) (Version: 7.3.1.4505 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
HDD Health v4.2 (HKLM-x32\...\HDD Health_is1) (Version: - )
icecap_collection_neutral (HKLM-x32\...\{64F3E6FC-68E3-4062-9C2C-ABD93FDFF309}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{0AD162D1-4973-4315-97E9-5DE9A92B4049}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{FE002482-71A5-4B32-9D08-60ADFAF19E07}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{9FBD9D6F-A511-45F5-B672-63A5087F6F89}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 - ENU (HKLM-x32\...\{5FAE69D5-D9A7-469A-A021-2EB40F4FE0AB}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (HKLM-x32\...\{F255D538-8ECB-4ED1-9670-E195D403BCCF}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Inno Setup Version 5.5.5 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.5 - jrsoftware.org)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (HKLM-x32\...\{FE250127-0DBB-47AA-8439-7A2FA145030F}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{51783942-DFB0-4452-97CC-BDF2D4AB3A48}) (Version: 15.0.24.0 - Microsoft Corporation) Hidden
Kits Configuration Installer (HKLM-x32\...\{0275DC52-C83E-3142-D2EF-70877F885663}) (Version: 10.0.26624 - Microsoft) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{91BF6CA6-F6AA-4639-944A-627B7D02567E}) (Version: 4.6.01604 - Microsoft Corporation) Hidden
MATLAB Component Runtime 7.7 (HKLM-x32\...\{7AF35DB0-6833-4780-95AA-5FE2904D51A1}) (Version: 7.7 - The MathWorks)
MATLAB R2007b (HKLM-x32\...\MatlabR2007b) (Version: 7.5 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{39BEF607-44E6-472B-90C1-BD62AA2B7A3F}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{C07B4BC7-A37D-46A8-B2A3-620CC569D149}) (Version: 4.6.01586 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4997.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3164059949-768371667-2499420802-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{C555970C-4C94-4A20-9869-AE7E2F84748F}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{264B070C-82D7-4C9C-B1CE-A0B124BCC787}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{4EFF12AE-599C-42A2-ACFA-0D95C3B11A19}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{E8F3D249-7DE6-4422-AC86-1CE7D5CCFA0F}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (14.0.60519.0) (HKLM-x32\...\{9F367648-EC0C-4F97-B351-D12A51E38F96}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{35A7B00B-4F9C-4B4D-919C-86FFFEE46AD6}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25008 (HKLM-x32\...\{f1e7e313-06df-4c56-96a9-99fdfd149c51}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM-x32\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.5.30227.2 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{63967E7E-5D53-42FA-A7B2-DC50FB0F976F}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{7F6DCED8-6A2B-4436-AF20-8F659D04E388}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{2ADB6B9D-83C6-494E-B8AE-E815956A4670}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{48BF289B-F3FA-4023-9251-80ABF7B726F9}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2016 (HKLM\...\{FEC926D4-785B-4ED7-B35D-3FA37DD29F8B}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2016 (HKLM-x32\...\{A37BE9D7-EAAE-4C6B-9D7E-DBD8B8D88681}) (Version: 13.0.1601.5 - Microsoft Corporation)
Norton Security Online mit Backup (HKLM-x32\...\NGC) (Version: 22.12.0.104 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0407-0000-0000000FF1CE}) (Version: 15.0.4997.1000 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
PDF24 Creator 7.6.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14G - NewSoft)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (HKLM-x32\...\{31F41F21-21C1-4A52-AFA7-B7D7F6B181AF}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (HKLM-x32\...\{35BD3B44-C9E4-457D-8260-41566E8BEFE2}) (Version: 14.0.25527 - Microsoft Corporation) Hidden
Projekt- und Elementvorlagen für Visual Studio Express 2015 für Windows 10 – DEU (HKLM-x32\...\{ED32D594-33DE-460C-97FF-5381901879B5}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Projekt- und Elementvorlagen für Visual Studio Professional 2015 – DEU (HKLM-x32\...\{B6380049-0E34-4266-9BD6-58A3DA83E400}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM-x32\...\{87BFB956-DC1D-38FC-A849-A9997A183F63}) (Version: 14.0.25425 - Microsoft Corporation) Hidden
Rossmann Fotowelt Software (HKU\S-1-5-21-3164059949-768371667-2499420802-1001\...\{d3a47c47-a3f1-49ba-bdaa-6ef79ed065b4}) (Version: 5.3.0-2475 - ORWO Net GmbH Bitterfeld-Wolfen)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{23F3B544-D6BD-322B-A48A-C66790A8AE0D}) (Version: 14.102.25521 - Microsoft) Hidden
t-online.de Browser 7 57.0.118 (x86 de) (HKLM-x32\...\t-online.de Browser 7 57.0.118 (x86 de)) (Version: 57.0.118 - t-online.de)
t-online.de Browser 7 Maintenance Service (HKLM-x32\...\tonlinedeBrowser7MaintenanceService) (Version: 57.0.0.6541 - t-online.de)
TypeScript Power Tool (HKLM-x32\...\{0B693FB7-DF61-44DB-AEAA-E2E30F85A781}) (Version: 2.1.5.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (HKLM-x32\...\{CF436B98-B0FE-447F-8E46-68E0B14FDDE0}) (Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{315BBDA9-CE84-D465-59F8-B9C765D953AC}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{4E8F20FD-6BC7-B65C-D4F2-5D7CEDE3352E}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{233B73D9-650E-9CEC-1002-767C916C1B61}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{F4E7226B-6A1C-F4D6-1109-6E1CD5B3E633}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{DA52B326-3A74-1EB4-A788-D812C2F100A8}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{BF8547E5-1066-30AE-F3CB-028DC61A7D01}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{0C8D9D70-FA5A-4CA9-763F-D8D93BC099B5}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{10FE9F38-FA10-BE00-12A7-B95F3927B5DA}) (Version: 10.1.10563.0 - Microsoft Corporation)
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{6AFD985C-21B7-8F2D-86B2-19A0563A1195}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{AF5B9C51-F99A-59CC-70F5-214E9B535EE3}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{F2EB74A7-148A-8DC9-82A5-B5A88093EEC4}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{F48A9651-9D00-4D94-810E-8738A41F16C2}) (Version: 14.10.25008 - Microsoft Corporation) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VS Immersive Activate Helper (HKLM-x32\...\{D8A4EA2B-1A97-45A5-BF96-7493183F8524}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{2901E697-0E9C-404B-B7D0-6E2D43F64CE5}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{3B64C68E-14E0-4214-A53D-502E9FBD32E7}) (Version: 16.0.59.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{1070C8E8-4DFB-419F-984A-5C835828897E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B9F4AA09-F4AC-4108-ADA0-27CDD45FCEC3}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{AEF5E0F2-31D1-454A-A992-C523C0007B4D}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{DE8B48BF-82B9-434A-B254-1EA2306E5FBA}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{0E1A59A3-625B-47C4-BC96-E8A876417A8F}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{B3988EC1-015B-4A61-A323-BCCCDD218E4F}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{581E5656-26E2-4A02-9711-48C8E4998310}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{15D591B0-7B40-4957-B6C0-EB7452B5AAB6}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{DC296244-0701-4EDE-9696-05B9C1D017B3}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{11230C85-1813-4BC3-9C24-E0B74B59653E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{1E8F631A-96B4-4BB1-9455-B2FF083DA864}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{47C6B2A0-8A58-4C87-91B8-DC8D138524AA}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{37968509-8B79-4E9A-85D1-6AA39DA2211A}) (Version: 15.0.26228 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{D396CF10-5F2B-417D-9571-0B669B99440E}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{A32A9CF6-E7AA-48B8-A3D3-50C157E69F53}) (Version: 15.0.26208 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{C9966D24-DB2F-8514-EAA3-BEED85F3E166}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.795 (HKLM-x32\...\{5eb6fbea-73ee-4a8e-9042-110704768d7f}) (Version: 10.1.14393.795 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version: - )
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{A249F631-CEBC-EDCB-4C49-700E551E66CA}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{E71CB7F1-3E88-4450-1764-B3CC1E205C4A}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C49E6FDA-8196-0CAF-2CDD-CF1B0F4EA5AD}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{33D11371-82A5-852B-CDE2-5528CE406151}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{FB431EE2-C835-6DE9-8DC3-C8FCDE028FE0}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{FB82399D-9C48-9AF5-DCA1-CFE61BCA70A6}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{23909757-D6F0-7F7C-BD34-7E72BA9BD59C}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{D3A337CD-EA32-F4BA-03FA-825903190C92}) (Version: 10.1.14393.795 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (HKLM-x32\...\{74B9E6F9-1793-4E90-22A1-A42254D04453}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (HKLM-x32\...\{1EE3550B-B5FB-B866-C153-1C609FBC1E89}) (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
YTD Video Downloader 5.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7.1 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers1-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers1-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-11-19] (Igor Pavlov)
ContextMenuHandlers6-x32: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\buShell.dll [2018-01-25] (Symantec Corporation)
ContextMenuHandlers6-x32: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\NavShExt.dll [2018-01-25] (Symantec Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DE8C992-D0C2-4398-B287-E56AF78D1F28} - System32\Tasks\Norton Security with Backup\Norton Security Online with Backup Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\SymErr.exe [2018-01-25] (Symantec Corporation)
Task: {1066778D-80C5-4197-9BFC-E3F031129C22} - System32\Tasks\Abelssoft\StartBackgroundguardWithWindows => C:\Program Files (x86)\CheckDrive\CheckDrive.exe [2016-01-15] (Ascora GmbH)
Task: {3A8623FA-3F0A-47FC-BA13-43FAFC306848} - System32\Tasks\Norton Security with Backup\Norton Security Online with Backup Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\SymErr.exe [2018-01-25] (Symantec Corporation)
Task: {54F4EB2E-D518-4444-A2D4-BA28268FE6F7} - System32\Tasks\Norton Security with Backup\Norton Security Online with Backup Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\SymErr.exe [2018-01-25] (Symantec Corporation)
Task: {550F5A64-3DEC-4D39-A05E-182F671DA68E} - \{0E050B47-0A09-0C79-0511-7A790C051109} -> No File <==== ATTENTION
Task: {55FFC400-B3AB-4C56-A2DA-F95020B9D9E4} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
Task: {591EB42F-6926-49E8-BBB7-4165558170B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {5A506C32-30FC-4255-B1D7-85D158C71A43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {92FAB539-103C-4C04-ACF2-796DAEAE9366} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-12-12] (Microsoft Corporation)
Task: {A6966524-B639-471F-8BCF-9ABB49985820} - System32\Tasks\{0DEB5039-C14F-438C-B1DC-487709CD85D4} => C:\Windows\system32\pcalua.exe -a H:\Collection_One\InStall_EXEn\MDB_Plus_InStall.EXE -d H:\Collection_One\InStall_EXEn
Task: {BA428B43-5F1C-4E39-9BFE-38B9E720EE0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2018-01-10] (Microsoft Corporation)
Task: {BDFE60EB-DA5A-4E84-B8EB-A44EF614F316} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.12.0.104\WSCStub.exe [2018-01-25] (Symantec Corporation)
Task: {C25BF4E6-F9F4-4A95-BF3C-B578EBA39EB1} - System32\Tasks\S-1-5-21-3164059949-768371667-2499420802-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {C36EB891-7C7B-4F1B-A0A7-325610266C36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-03] (Google Inc.)
Task: {CBF07A67-5949-4393-87AA-61CCC6FA7BC0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {FDD6514E-E32A-466B-9152-A67910F16F65} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Online mit Backup\Upgrade.exe [2018-01-25] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Hohndorf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\NudeOrNotNude.lnk -> H:\System_DIA_Show\NudeOrNotNude.BAT ()

==================== Loaded Modules (Whitelisted) ==============

2015-11-04 15:43 - 2015-11-04 15:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-06-22 12:49 - 2017-06-22 12:49 - 001278720 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-07-31 17:37 - 2017-07-31 17:37 - 006086232 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2016-01-22 19:55 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-01-23 15:39 - 2013-03-08 09:54 - 000017760 _____ () C:\Program Files (x86)\HDD Health\HDDHealthService.exe
2017-03-07 10:57 - 2017-03-07 10:57 - 007014728 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-02 10:46 - 2017-03-02 10:46 - 005823600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-09-29 11:32 - 2017-09-29 11:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-02-01 15:16 - 2018-01-17 21:46 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-01 15:16 - 2018-01-17 21:40 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-22 15:34 - 2006-09-20 08:35 - 000020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2016-01-22 15:34 - 2006-09-19 16:05 - 000024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2017-06-22 12:37 - 2017-06-22 12:37 - 000588360 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2017-06-22 13:57 - 2017-06-22 13:57 - 005118656 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2015-11-04 15:43 - 2015-11-04 15:43 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2018-02-02 12:19 - 2018-02-02 12:19 - 002250240 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11801.1001.6.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-06 13:30 - 2018-02-06 13:32 - 001231536 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-22 12:47 - 2017-06-22 12:47 - 003621776 _____ () C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
2017-06-22 13:53 - 2017-06-22 13:53 - 017825960 _____ () C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
2017-06-22 13:56 - 2017-06-22 13:56 - 003637720 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-06-22 13:55 - 2017-06-22 13:55 - 001314952 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-06-22 13:55 - 2017-06-22 13:55 - 020921440 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-06-22 12:36 - 2017-06-22 12:36 - 000396720 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-15 11:28 - 2016-08-15 11:28 - 000129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-03-07 10:48 - 2017-03-07 10:48 - 000248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-11-23 13:41 - 2016-11-23 13:41 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2016-08-29 22:57 - 2016-08-29 22:57 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2017-06-22 12:35 - 2017-06-22 12:35 - 008055728 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2017-06-22 12:35 - 2017-06-22 12:35 - 000049584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 23:42 - 2015-07-30 23:39 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3164059949-768371667-2499420802-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hohndorf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "OpwareSE4"
HKLM\...\StartupApproved\Run32: => "PDFPrint"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D61AEA80-4C62-4C8A-A205-019A941E4F50}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{CA1FA9D5-5CCE-4E37-B7FE-8EEDD727C708}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{BB24A034-9E03-441E-9099-5C3D95B9B517}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{3B34B166-F9E3-4973-AC93-05B418162047}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{DE67B8F1-77B7-4052-AE2D-CE1526B51507}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{5B9FB969-F381-4F6F-8047-E9DCDB44D7E4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{B0949175-DBDC-4403-8296-71D99E8BEC6A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{6DFEE73A-CD9E-4B9C-AA88-7277E3F450A0}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{51A4717A-40A9-4A6B-A484-54851154E96B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{F8E30F96-A372-414A-BC52-7A3991C69C01}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{08276A4F-7E81-4448-95A6-EEAC41D62034}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{7EC47A70-92CE-479B-AA05-14B04AC810F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F93768A6-37B4-4640-B4B4-6DE290462F1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D04095B9-934A-44DF-A7B8-77A8059EAA1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0413DB6-2C99-4F7F-92B2-DAFA3506E07A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{48B11AA6-519B-4BF2-B403-578AC97A51A6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{BE989480-7448-47CC-9216-691DDA979763}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{52F97676-BA00-4521-BE6D-44FE118E6FAA}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{7CE9F0AD-218A-4B33-82F8-E62CA1771764}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FE742ABB-E55B-48EF-9A04-740809438555}] => (Allow) C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\Browser7.exe
FirewallRules: [{1187174B-B5D7-4ECC-843E-9A54725A4D51}] => (Allow) C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\Browser7.exe

==================== Restore Points =========================

05-02-2018 19:16:35 Windows Modules Installer

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2018 09:44:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:42:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:42:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:41:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:41:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:40:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:40:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:40:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_DiagTrack, Version: 10.0.16299.15, Zeitstempel: 0x9c786b9a
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.16299.214, Zeitstempel: 0x39ffe1ab
Ausnahmecode: 0xcfffffff
Fehleroffset: 0x00000000000a0d54
ID des fehlerhaften Prozesses: 0x96c
Startzeit der fehlerhaften Anwendung: 0x01d3a054fb0ae458
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 82fec8ee-5e1d-4fc0-b69f-7ec09f644726
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/08/2018 09:39:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/08/2018 09:39:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


System errors:
=============
Error: (02/08/2018 10:19:09 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/08/2018 09:41:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzererfahrung und Telemetrie im verbundenen Modus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/08/2018 08:49:56 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/08/2018 04:52:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/08/2018 04:49:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/07/2018 05:38:43 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/07/2018 05:32:38 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/07/2018 05:05:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NP5MPKU)
Description: Der Server "microsoft.windowscommunicationsapps_17.8827.21855.0_x64__8wekyb3d8bbwe!microsoft.windowslive.mail.AppX7ybzfvde833pqjpbsrp77rh0m461ej8c.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/07/2018 04:11:43 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "TermService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Error: (02/07/2018 04:11:38 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Fehler "1084" in DCOM, als der Dienst "TermService" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{F9A874B6-F8A8-4D73-B5A8-AB610816828B}


CodeIntegrity:
===================================
Date: 2018-02-08 22:16:24.839
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 22:16:24.838
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:46:22.492
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:46:22.490
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:44:13.313
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:44:13.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:41:48.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:41:48.961
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:41:47.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-02-08 21:41:47.828
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A4-6320 APU with Radeon™ HD Graphics
Percentage of memory in use: 61%
Total physical RAM: 3264.73 MB
Available physical RAM: 1259.64 MB
Total Virtual: 6592.73 MB
Available Virtual: 3778.02 MB

==================== Drives ================================

Drive c: (Pri_C) (Fixed) (Total:292.27 GB) (Free:224.24 GB) NTFS
Drive d: (Vol_D) (Fixed) (Total:100.69 GB) (Free:98.93 GB) NTFS
Drive e: (Vol_E) (Fixed) (Total:100.56 GB) (Free:99.12 GB) NTFS
Drive f: (Vol_F) (Fixed) (Total:49.41 GB) (Free:49.26 GB) NTFS
Drive g: (Vol_G) (Fixed) (Total:49.04 GB) (Free:48.88 GB) NTFS
Drive h: (Vol_H) (Fixed) (Total:338.09 GB) (Free:299.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 14BAC7FD)

Partition: GPT.

==================== End of Addition.txt ============================
 
Thanks
Gert

Edited by Oh My!, 08 February 2018 - 04:52 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 08 February 2018 - 05:15 PM

Greetings Gert.

Can you provide the log from Norton showing what was detected?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 09 February 2018 - 04:33 AM

Greetings Gary.

 

Hope this helps:

 

Attached File  Norton.txt   4.67KB   7 downloads

 

Gert



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 09 February 2018 - 09:59 AM

Yes that helps, thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe /f
Reg: reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_svchost.exe /f
Reg: reg delete HKEY_CURRENT_USER\Console\taskeng.exe /f  
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Folder: C:\Users\Hohndorf\Documents
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Note: This step resets your Firewall settings and you may be asked later to grant permission for legitimate programs to pass through the Firewall. If you recognize the program agree to the request.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 09 February 2018 - 11:08 AM

Hi Gary,
 
I hope  its all OK (because Ctrl  + C but never Ctrl + V - it did the "system" itself?) 
 
Attached File  Fixlog.txt   29.28KB   1 downloads

Fix result of Farbar Recovery Scan Tool (x64) Version: 07.02.2018 01
Ran by Hohndorf (09-02-2018 16:52:29) Run:1
Running from C:\Users\Hohndorf\Desktop
Loaded Profiles: Hohndorf (Available Profiles: Hohndorf)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Reg: reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe /f
Reg: reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_svchost.exe /f
Reg: reg delete HKEY_CURRENT_USER\Console\taskeng.exe /f
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
Folder: C:\Users\Hohndorf\Documents

*****************

Restore point was successfully created.
Processes closed successfully.

========= reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_WindowsPowerShell_v1.0_powershell.exe /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete HKEY_CURRENT_USER\Console\%SystemRoot%_System32_svchost.exe /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


========= reg delete HKEY_CURRENT_USER\Console\taskeng.exe /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= netsh winsock reset catalog =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Depotweiterleitung wird zurckgesetzt... OK
Depot wird zurckgesetzt... OK
Steuerungsprotokoll wird zurckgesetzt... OK
Echosequenzanforderung wird zurckgesetzt... OK
Global wird zurckgesetzt... OK
Schnittstelle wird zurckgesetzt... OK
Anycastadresse wird zurckgesetzt... OK
Multicastadresse wird zurckgesetzt... OK
Unicastadresse wird zurckgesetzt... OK
Nachbar wird zurckgesetzt... OK
Pfad wird zurckgesetzt... OK
Potentiell wird zurckgesetzt... OK
Pr„fixrichtlinie wird zurckgesetzt... OK
Proxynachbar wird zurckgesetzt... OK
Route wird zurckgesetzt... OK
Standordpr„fix wird zurckgesetzt... OK
Unterschnittstelle wird zurckgesetzt... OK
Reaktivierungsmuster wird zurckgesetzt... OK
Nachbar aufl”sen wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... Fehler
Zugriff verweigert

wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


========= End of CMD: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3164059949-768371667-2499420802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3164059949-768371667-2499420802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========


========================= Folder: C:\Users\Hohndorf\Documents ========================

2016-01-21 15:28 - 2018-02-01 15:34 - 000000402 __ASH [ECF88F261853FE08D58E2E903220DA14] () C:\Users\Hohndorf\Documents\desktop.ini
2016-01-24 16:27 - 2016-01-24 16:27 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Ahnenblatt
2016-01-24 16:27 - 2011-02-08 19:52 - 000005156 ____A [76FE20B5D631A4BD9950D7F61F8583D9] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel.ahn
2016-01-24 16:27 - 2011-02-08 19:53 - 000005610 ____A [F555D160D31EE754AAD42B36BDF9EFAE] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel.csv
2016-01-24 16:27 - 2011-02-08 19:52 - 000005980 ____A [EE31F64E7E713E908C79D337CE2F694E] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel.ged
2016-01-24 16:27 - 2011-02-08 19:55 - 000028160 ____A [C42BDA6C20688BF639C1EB43218B6297] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel.xls
2016-01-24 16:27 - 2011-02-08 19:51 - 000006608 ____A [C8D858EFB2E23339655BA3030AD57026] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder.ahn
2016-01-24 16:27 - 2011-02-06 21:37 - 000001964 ____A [62C9F9040FE068916DB12A5864588102] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Unicode.ahn
2016-01-24 16:27 - 2016-01-24 16:27 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder
2016-01-24 16:27 - 2003-08-22 21:30 - 000041579 ____A [F13A33028E29592A53D3EC1FB13CB376] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\BartholomäusBeckmann1.jpg
2016-01-24 16:27 - 2003-08-22 21:29 - 000021064 ____A [3AF7AA1B02DE639C45D093EFCA3709DD] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\FriedrichBeckmann1.jpg
2016-01-24 16:27 - 2003-08-22 21:30 - 000014852 ____A [D7882D89A477AFCEA973F1FA2203B0AE] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\JohannBeckmann1.jpg
2016-01-24 16:27 - 2003-08-22 21:30 - 000020779 ____A [F7E5A6877DD61D823441A6BD9C95CD94] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\JohannBeckmann2.jpg
2016-01-24 16:27 - 2003-08-22 21:33 - 000045469 ____A [A2AD2B0109DD5846E26DED0307FB19E9] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\JosefBeckmann1.jpg
2016-01-24 16:27 - 2003-08-22 21:33 - 000041999 ____A [319C30DB19E48C15DD1E2FE6F72E7C11] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\JosefineKoch1.jpg
2016-01-24 16:27 - 2003-08-22 21:32 - 000030677 ____A [A2799745B9A80045FC55769DE62F28D0] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\JosefineKoch2.jpg
2016-01-24 16:27 - 2006-06-18 10:41 - 000096501 ____A [BC9375B58A88C712FA35D23EE42F3518] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\KurtBeckmann.jpg
2016-01-24 16:27 - 2003-08-22 21:32 - 000027241 ____A [71F13483DCFA26D398FA29552C1A93C3] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\ReginaWillner1.jpg
2016-01-24 16:27 - 2003-08-22 21:34 - 000018359 ____A [971768AB16251A376105C97632FD6FDB] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\RobertBeckmann1.jpg
2016-01-24 16:27 - 2003-08-22 21:30 - 000014852 ____A [D7882D89A477AFCEA973F1FA2203B0AE] () C:\Users\Hohndorf\Documents\Ahnenblatt\Beispiel-Bilder\SophieKowalski1.jpg
2016-01-31 19:37 - 2016-01-31 19:37 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Benutzerdefinierte Office-Vorlagen
2017-10-17 16:18 - 2017-10-17 16:18 - 000000000 _SHDL [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Eigene Bilder
2017-10-17 16:18 - 2017-10-17 16:18 - 000000000 _SHDL [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Eigene Musik
2017-10-17 16:18 - 2017-10-17 16:18 - 000000000 _SHDL [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Eigene Videos
2017-06-20 15:09 - 2017-06-20 15:09 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\FeedbackHub
2017-05-16 12:24 - 2017-05-16 12:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Grafiken
2017-05-16 12:24 - 2017-05-16 12:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Grafiken\Filter Library
2016-01-23 17:02 - 2017-01-20 19:22 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\MATLAB
2016-01-22 15:44 - 2016-01-22 15:44 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\My Albums
2016-01-22 15:44 - 2016-01-22 15:44 - 000321568 ____A [F529946FE03D48C16B5811E7A7314003] () C:\Users\Hohndorf\Documents\My Albums\Sample.abm
2016-10-02 10:11 - 2016-10-02 10:11 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\My PageManager
2016-10-02 10:11 - 2004-11-16 19:25 - 000381483 ____A [B5BEE930FF710B8307F47AAE7DC28DB0] () C:\Users\Hohndorf\Documents\My PageManager\AutumnView.jpg
2016-10-02 10:11 - 2005-06-23 14:24 - 000279178 ____A [262B6BCEDAAD0561FC7E792559B01377] () C:\Users\Hohndorf\Documents\My PageManager\BizCard 5.pdf
2016-10-02 10:11 - 2005-07-13 14:14 - 001265637 ____A [88834B46F4E29264B300C8F01EF5CD7A] () C:\Users\Hohndorf\Documents\My PageManager\DanChin.jpg
2016-10-02 10:11 - 2005-06-23 14:24 - 000387054 ____A [B099E2ECD882AF2476F6F997E3731384] () C:\Users\Hohndorf\Documents\My PageManager\DVD PowerSuite 2.pdf
2016-10-02 10:11 - 2005-07-22 18:42 - 000184325 ____A [E24CB3B9B61525D9341B1DA657D945D6] () C:\Users\Hohndorf\Documents\My PageManager\Forms.pdf
2016-10-02 10:11 - 2002-02-23 03:12 - 000101746 ____A [0AD609DF01A2C6F316288A1761A55A6A] () C:\Users\Hohndorf\Documents\My PageManager\History.JPG
2016-10-02 10:11 - 2004-11-16 19:26 - 000231191 ____A [4AF3E5958EB952AF9764A04498385C5F] () C:\Users\Hohndorf\Documents\My PageManager\Lake.jpg
2016-10-02 10:11 - 2005-06-23 12:33 - 000053729 ____A [7C32098691ECFFC0F4F75CDEEC700676] () C:\Users\Hohndorf\Documents\My PageManager\License.pdf
2016-10-02 10:11 - 2005-07-22 18:42 - 000136628 ____A [10F10504491E3CE65369B7EC722BD645] () C:\Users\Hohndorf\Documents\My PageManager\Mr.photo3.pdf
2016-10-02 10:11 - 2005-06-23 14:24 - 000291310 ____A [6FA20FCAEF3EF8CD8ADB91817B60ADEE] () C:\Users\Hohndorf\Documents\My PageManager\PageManager 7.pdf
2016-10-02 10:11 - 2004-11-16 19:24 - 000352185 ____A [237CF81AF2796F46AA94A3D8ECB2F9A5] () C:\Users\Hohndorf\Documents\My PageManager\Play Ground.jpg
2016-10-02 10:11 - 2002-04-25 07:11 - 000188107 ____A [80480E3D227BAEFF139D0F20E6B2832D] () C:\Users\Hohndorf\Documents\My PageManager\Shop.jpg
2016-10-02 10:11 - 2004-11-16 19:23 - 000315740 ____A [39E9898C941AD95B4B3F0F0AC25E9162] () C:\Users\Hohndorf\Documents\My PageManager\Tower.jpg
2016-10-02 10:11 - 2005-07-22 18:42 - 000132479 ____A [262543228D5CC9FD296A34F728A3492B] () C:\Users\Hohndorf\Documents\My PageManager\VideoWorks6.pdf
2016-01-22 19:23 - 2016-01-22 19:23 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien
2016-01-22 19:23 - 2016-01-22 19:23 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien\Effect Presets
2016-01-22 19:23 - 2016-01-22 19:23 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien\Effect Presets\Gradient Mapping
2016-01-22 19:23 - 2016-01-22 19:23 - 000000350 ____A [9EE216D167C295E8999081B8D2A3DA76] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien\Effect Presets\Gradient Mapping\High Contrast.xml
2016-01-22 19:23 - 2016-01-22 19:23 - 000000497 ____A [46879F6AE8B7EE3D42C7F748B6BA7967] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien\Effect Presets\Gradient Mapping\Hot.xml
2016-01-22 19:23 - 2016-01-22 19:23 - 000000781 ____A [20023DAB028F76CC1A7302188AA02B9D] () C:\Users\Hohndorf\Documents\paint.net Benutzerdateien\Effect Presets\Gradient Mapping\Rainbow.xml
2016-01-23 20:15 - 2017-03-06 15:59 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015
2016-01-23 20:27 - 2016-01-23 20:27 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\ArchitectureExplorer
2017-03-06 15:59 - 2017-03-06 17:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files
2017-03-06 15:59 - 2017-03-06 15:59 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\Attractors
2017-03-06 16:05 - 2017-03-06 16:05 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\CD_Moving
2017-03-06 16:14 - 2017-03-06 16:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\Eliza
2017-03-06 16:29 - 2017-03-06 16:29 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\FrakTale
2017-03-06 16:39 - 2017-03-06 16:39 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\GrafiCompo
2017-03-06 16:50 - 2017-03-06 16:50 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\GraPhyMat
2017-03-06 16:55 - 2017-03-06 16:55 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\LottoTip
2017-03-06 16:59 - 2017-03-06 16:59 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\MusicPaint
2017-03-06 17:03 - 2017-03-06 17:03 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\MusicShow
2017-03-06 17:09 - 2017-03-06 17:09 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\MyDataBase
2017-03-06 17:14 - 2017-03-06 17:14 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Backup Files\PI_Music
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\JavaScript
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\JavaScript\My Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\SQL_SSDT
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\SQL_SSDT\My Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual Basic
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual Basic\My Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual C#
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual C#\My Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual C++
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual C++\My Code Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual Web Developer
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual Web Developer\My CSS Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\Visual Web Developer\My HTML Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\XAML
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\XAML\My XAML Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\XML
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Code Snippets\XML\My Xml Snippets
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Projects
2016-01-23 20:22 - 2016-08-24 19:00 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings
2016-01-23 20:24 - 2017-03-06 19:49 - 000260939 ____A [5ECA72AD1BD7B2EFD1C6C4A3B9EEE852] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings\CurrentSettings.vssettings
2016-01-23 20:23 - 2015-07-06 22:52 - 000227927 ____N [1619510EF84F0EC870BD873085BCB738] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings\CurrentSettings-2016-01-23.vssettings
2016-08-24 19:00 - 2016-08-24 19:00 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings\Blend
2016-08-24 19:00 - 2016-09-21 12:45 - 000194889 ____A [9FCEB58554893FB4CBF44085F6804658] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings\Blend\CurrentSettings.vssettings
2016-08-24 19:00 - 2016-06-20 12:03 - 000260522 ____N [6496265BC94E3BC0C72BE6582A64374E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Settings\Blend\CurrentSettings-2016-08-24.vssettings
2016-01-23 20:24 - 2016-01-23 20:24 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\StartPages
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\Erweiterungen
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\JavaScript
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\TypeScript
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\Visual Basic
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\Visual C#
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\Visual C++-Projekt
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ItemTemplates\Visual Web Developer
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\Erweiterungen
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\JavaScript
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\TypeScript
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\Visual Basic
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\Visual C#
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\Visual C++-Projekt
2016-01-23 20:15 - 2016-01-23 20:15 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2015\Templates\ProjectTemplates\Visual Web Developer
2017-03-10 13:36 - 2018-01-14 16:58 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017
2017-03-10 13:40 - 2017-03-10 13:40 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\ArchitectureExplorer
2018-01-14 16:58 - 2018-01-14 16:58 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Backup Files
2018-01-14 16:58 - 2018-01-14 16:58 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Backup Files\MusicEvent
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\JavaScript
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\JavaScript\My Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\TypeScript
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\TypeScript\My Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual Basic
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual Basic\My Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual C#
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual C#\My Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual C++
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual C++\My Code Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual Web Developer
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual Web Developer\My CSS Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\Visual Web Developer\My HTML Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\XAML
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\XAML\My XAML Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\XML
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Code Snippets\XML\My Xml Snippets
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Projects
2017-03-10 13:36 - 2017-03-10 13:39 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Settings
2017-03-10 13:38 - 2018-01-14 16:58 - 000305302 ____A [7277057F2888A98FE93E5BF352464B55] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Settings\CurrentSettings.vssettings
2017-03-10 13:38 - 2017-03-10 12:47 - 000281092 ____N [1423DC36464E4D02B0E455F9397DDA21] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Settings\CurrentSettings-2017-03-10.vssettings
2017-03-10 13:38 - 2017-03-10 13:39 - 000300276 ____A [900B76D23309754BA5E4E250D6C1C820] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Settings\Old.CurrentSettings.vssettings
2017-03-10 13:38 - 2017-03-10 13:38 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\StartPages
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\Erweiterungen
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\JavaScript
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\TypeScript
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\Visual Basic
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\Visual C#
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\Visual C++-Projekt
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ItemTemplates\Visual Web Developer
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\Erweiterungen
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\JavaScript
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\TypeScript
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\Visual Basic
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\Visual C#
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\Visual C++-Projekt
2017-03-10 13:36 - 2017-03-10 13:36 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Hohndorf\Documents\Visual Studio 2017\Templates\ProjectTemplates\Visual Web Developer

====== End of Folder: ======



The system needed a reboot.

==== End of Fixlog 16:53:18 ====

Edited by Oh My!, 09 February 2018 - 11:17 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 09 February 2018 - 11:20 AM

Thank you.

There is no need to paste the information, the program does things automatically.

Let me know if you are still receiving the notifications.

Edited by Oh My!, 09 February 2018 - 11:23 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 09 February 2018 - 01:48 PM

Hi, Gary,

at first I will say "thank you for the wonderful help and collaboration". I think I have to wait a little time (1 day?) before I hope to say „I dont  receive no more notifications.“ During this time the PC will be frequently put on with many internet access. The problem is: I want to prove that the trojan is removed but I have to avoid to catch it once more. Is this idea stupid? How can I avoid to catch the same trojan again in spite of many would access?

I want to ask a question more: the Norton Security Online is able to block the attack of such a trojan like trojan.zlob.q but not able to remove it during a scan – manpower (like you) is necessary – but are there  viruses (trojans) which the Norton Security is able to remove? In the past I didnt know that there is a difference between block attack and remove the trojan or avoid to catch it.

 

Should I delete FRST.TXT, Addition.TXT, Norton.TXT, Fixlog.TXT on the desktop but keep FRST64english.EXE on the desktop (for later)?

Now I will start a backup (Acronis True Image) – and say good night

 

Gert



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 09 February 2018 - 02:04 PM

Hi Gert.

More than likely the virus came through the installation of a codec file. Can't tell you exactly how that happened but that is the usual delivery mechanism. Just being careful from here on out will go a long way in avoiding another similar infections. However, there are times when this stuff just happens.

We have more stuff to do and yes it is a good idea to give it some time.

Norton Power Eraser usually gets rid of the infection but there are times when there is a remnant left behind that affects your computer. This is not uncommon and when this occurs it either requires running additional tools or handled with the personal touch. Fighting malware is a multifacted approach. There are programs to block a virus from getting in, programs to scan and detect viruses, and programs to remove viruses that made it through. Some programs can do it all but not for every single type of malware. Often times multiple tools and steps are required for nasty viruses. The people who write the malware are trying to do everything they can to avoid detection and/or removal. It is an ongoing game of cat and mouse.

Leave everything as is for now. Once we have determined your computer is clean we will clean things up.

Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • ESET log
  • Security Analysis log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 10 February 2018 - 03:49 PM

Hi, Gary,
I hope I did all right. Concerning ESET: Removed are:  ytd.exe, Joy_It_Drivers_GigaByte.ISO, Handbrake_Install.EXE, PDF24_Creator_InStall.EXE, YouTubeDownLoad_InStall.EXE
I would like to keep PDF24_Creator_InStall.EXE, this file is on any extern disk, no problem, I can recover and reinstall it. All the others I can renounce. Joy_It_Drivers_GigaByte.ISO is an image of a CD/DVD, no problem.
Is it critical to keep and reinstall DF24_Creator_InStall.EXE?
​Your question "How is the Computer running" I will answer tomorrow, after a little test. No Norton notifications (Trojan.Zlob.Q) until now. 
 
Thanks
Gert

# AdwCleaner 7.0.8.0 - Logfile created on Sat Feb 10 15:07:31 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\GreenTree Applications
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted: C:\ProgramData\ytd video downloader
Deleted: C:\Users\All Users\ytd video downloader


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKLM\SOFTWARE\WebBar
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|wb.exe
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1579 B] - [2018/2/10 15:2:38]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

C:\AdwCleaner\Quarantine\frAQBc8Wsa\YTD Video Downloader\ytd.exe a variant of Win32/YTDDownloader.A potentially unwanted application cleaned by deleting
H:\CD_or_DVD_ISOs_or_IMGs\Joy_It_Drivers_GigaByte.ISO Win32/PrcView potentially unsafe application deleted
H:\Collection_One\InStall_EXEn\Handbrake_Install.EXE a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
H:\Collection_One\InStall_EXEn\PDF24_Creator_InStall.EXE a variant of Win32/DownloadSponsor.C potentially unwanted application cleaned by deleting
H:\Collection_One\InStall_EXEn\YouTubeDownLoad_InStall.EXE Win32/YTDDownloader.B potentially unwanted application cleaned by deleting

Result of Security Analysis by Rocket Grannie (x86) Updated: 31st January, 2018
Running from:C:\Users\Hohndorf\Desktop (21:04:23 - 02/10/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Norton Security Online mit Backup (Enabled - up to Date)
Norton Security Online mit Backup (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Norton Security Online mit Backup (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Microsoft Silverlight (5.1.50907.0)

***----------------Analysis Complete-------------------------***

Attached Files


Edited by Oh My!, 10 February 2018 - 05:27 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 10 February 2018 - 05:29 PM

Greetings Gert.

Nothing to worry about in any of those reports. I look forward to hearing an update tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 11 February 2018 - 10:56 AM

Hi, Gary,

just I would tell you my PC is running excellently, before I looked shortly to Norton --- and I found Trojan.Zlob.Q -  if I try to remember what I did - I believe I checked Visual Studio compilation of one of my Windows Store apps --- no direct Internet activity to this time  16:09:10   but WLAN on - curious

 

Gert

 

Attached File  Norton.txt   4.67KB   0 downloads

 

Now I had a look at Norton once more and the attack is shortly after beginning Visul Studio :

 

 

Kategorie: Firewall - Aktivitäten
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Programmname,Programmpfad,Standardaktionen,Durchgeführte Aktion,Lokaler Computer,Beschreibung des Datenverkehrs
11.02.2018 15:58:23,Infos,Sie haben den Zugriff von Microsoft Visual Studio XAML Designer auf Ihre Netzwerkressourcen zugelassen.,Zugelassen,Keine Aktion erforderlich,Microsoft Visual Studio XAML Designer,C:\Users\Hohndorf\AppData\Local\Microsoft\VisualStudio\15.0_c0a7761c\Designer\ShadowCache\c4jkl4rr.g3u\olr1yio1.1ey\XDesProc.exe,Keine Aktion erforderlich,Zulassen,"192.168.178.21, 55540","Ausgehend TCP, https"
Sie haben den Zugriff von <b>Microsoft Visual Studio XAML Designer</b> auf Ihre Netzwerkressourcen zugelassen.

Edited by HannesGert, 11 February 2018 - 11:30 AM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 PM

Posted 11 February 2018 - 02:48 PM

Greetings Gert.

 

The information you posted does not identify that activity with Trojan.Zlob.Q. It is just information about the Firewall allowing the program to access the Network. Is there other information besides what you posted?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 HannesGert

HannesGert
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dresden (Germany)
  • Local time:01:24 AM

Posted 12 February 2018 - 03:48 AM

Greetings Gary.

 

As „other informations“ I can show you a pic which contains 2 looks at Norton’s notifications. To understand what happens I think the Trojan.Zlob.Q is a backdoor Trojan horse which is on my PC and an attac from outside tries to use this backdoor Trojan horse but Norton blocks it. It is the same situation as before of our beginning collaboration. I ask me and you, how dangerous is it, Norton blocks every attack, but the Trojan is present on my PC? Another thought: If I never had looked at Nortons notifications I had never detected the issue with   Trojan.Zlob.Q. Can I „live“ with Trojan.Zlob.Q or should it be to removed from my PC? I thought our action with registry had removed the Trojan.Zlob.Q. How should we goon?

 

Thanks

Gert  

 

Attached File  1.JPG   152.61KB   0 downloads


Edited by HannesGert, 12 February 2018 - 03:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users