| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbebanner im SteamclientWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.02.2017, 08:26
| #1 |
 |  Werbebanner im Steamclient Moin zusammen. Leider bin ich schon wieder davon betroffen. Warum das so ist kann ich nicht sagen. Wenige Stunden vorher hat sich ein Launcher eines Tools aktualisiert und kurz danach tauchten dann die Banner auf. Dabei handelt es sich um itch Launcher 23.2.1. Ob der daran schuld hat weiss ich natürlich nicht. Durch die beiden Male zuvor weiss ich, dass ich hier zuerst einmal ein Logfile von FRST (64 Bit) posten soll. Das mache ich gleich mal: aufgeteilt in mehrere Parts Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by ezztr (21-02-2017 14:20:39)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version: - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version: - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version: - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version: - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.2.0 - OpenVPN Technologies)
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version: - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version: - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
TMPGEnc Video Mastering Works 6 Testversion (HKLM\...\{C21B422E-CA43-4CE9-B5E3-BA9D641EB047}) (Version: 6.1.5.26 - Pegasys Inc.)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version: - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
YouPloader Version 0.9.1 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.1 - BeCast)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {1B343C47-9E8F-43A0-A524-1984379BAFA2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {8750A57D-9BFA-4D2B-A981-3BED95846E00} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-21] (NVIDIA Corporation)
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E09D2D97-0118-4A48-AC63-32397DFF4F6E} - System32\Tasks\{2F9E6DA4-2C8B-428B-A4BE-2A050C4CB698} => msiexec.exe /l*vx "C:\ProgramData\Dell\Dell Customer Connect\Logs\OTBSurvey.1.4.15.0.msi_install_log.txt" ALLUSERS=1 /qn /norestart /i "C:\ProgramData\Dell\Dell Customer Connect\Downloads\OTBSurvey.1.4.15.0\OTBSurvey.1.4.15.0.msi"
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-08-30 00:31 - 2016-08-30 00:31 - 00949480 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-02 17:31 - 2016-11-02 17:31 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-19 16:59 - 2017-02-19 16:59 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-19 16:59 - 2017-02-19 16:59 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-19 16:59 - 2017-02-19 16:59 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-18 19:30 - 2017-02-18 19:30 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32api.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pywintypes27.dll
2017-02-18 19:30 - 2017-02-18 19:30 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pythoncom27.dll
2017-02-18 19:30 - 2017-02-18 19:30 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32com.shell.shell.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_hashlib.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._core_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._gdi_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._windows_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._controls_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._misc_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pysqlite2._sqlite.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_ctypes.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\unicodedata.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32file.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32security.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\hashobjs_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\thumbnails_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\usb_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\common.time34.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32event.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32gui.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_socket.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_ssl.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_elementtree.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pyexpat.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32inet.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_psutil_windows.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\windows._lib_cacheinvalidation.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32crypt.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._wizard.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._html2.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_multiprocessing.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_yappi.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32process.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._animate.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32pipe.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\select.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32pdh.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32profile.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32ts.pyd
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
Code:
ATTFilter ==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{84BB91C0-D0D8-46B8-9CA1-532F4D95BDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4BD0509B-4734-4336-8AF3-401A75059318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
==================== Restore Points =========================
30-01-2017 00:01:57 Installed QuickTime 7
06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
==================== Faulty Device Manager Devices =============
Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/20/2017 11:55:26 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [32] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/20/2017 12:02:58 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [14] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/19/2017 06:24:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.
Error: (02/19/2017 04:56:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 10.0.14393.479, Zeitstempel: 0x58258a90
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000264
Fehleroffset: 0x00000000000a5aa0
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0x01d289e2b6e1f25d
Pfad der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 93a2185f-82d8-4abb-ac02-c01c5e26d8a5
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/17/2017 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85
Name des fehlerhaften Moduls: igd10iumd64.dll, Version: 20.19.15.4531, Zeitstempel: 0x57ed27c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003c9a45
ID des fehlerhaften Prozesses: 0x2c90
Startzeit der fehlerhaften Anwendung: 0x01d2861abadb856e
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Berichtskennung: dbfb7ed5-2566-40fd-b77e-c8ff41f53d3d
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (02/17/2017 12:02:59 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [25] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/16/2017 02:00:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/16/2017 12:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: privatetunnel2.8.2.exe, Version: 2.8.2.0, Zeitstempel: 0x5894bb53
Name des fehlerhaften Moduls: privatetunnel2.8.2.exe, Version: 2.8.2.0, Zeitstempel: 0x5894bb53
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00017cf7
ID des fehlerhaften Prozesses: 0x4dc4
Startzeit der fehlerhaften Anwendung: 0x01d28807db4cae19
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.8.2.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.8.2.exe
Berichtskennung: 97926ac6-6211-467d-acb9-67439f3d0a31
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/16/2017 10:35:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VPNManager.exe, Version: 1.8.10.0, Zeitstempel: 0x57c9c628
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256d37
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000da832
ID des fehlerhaften Prozesses: 0x3740
Startzeit der fehlerhaften Anwendung: 0x01d2880402a4e047
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManager.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 073d6fb4-49ae-4a83-a036-7c899636f4fb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/16/2017 10:35:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VPNManager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.InvalidAsynchronousStateException
bei System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle)
bei System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
bei System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
bei VPNManager.FrmGlobalStatus.setLabelText(System.Windows.Forms.Label, System.String)
bei VPNManager.FrmGlobalStatus.setStatusLines()
bei VPNManager.FrmGlobalStatus.checkAdvancedProtection(System.String)
bei VPNManager.VpnConfig.connect_thread(Int32)
bei VPNManager.VpnConfig+<>c__DisplayClass73_0.<Connect>b__0()
bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (02/21/2017 01:34:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (02/21/2017 01:34:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
Error: (02/21/2017 01:34:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 1 0xc 0x4
Error: (02/21/2017 01:12:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/21/2017 02:14:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 06:56:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 04:15:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 02:49:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/20/2017 12:54:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 8 0x0 0x0
Error: (02/20/2017 12:54:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.
Code: 2 0xdeaddeed 0xeeec
CodeIntegrity:
===================================
Date: 2017-02-08 20:01:07.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-07 22:40:22.555
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-07 21:00:35.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-06 20:47:49.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-28 13:57:26.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-28 09:49:07.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-22 17:51:25.453
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-22 11:49:02.271
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-21 18:20:43.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-21 10:40:12.341
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16238.91 MB
Available physical RAM: 10616.37 MB
Total Virtual: 18670.91 MB
Available Virtual: 11437.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:153.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)
Partition: GPT.
==================== End of Addition.txt ====
|
|
21.02.2017, 08:28
| #2 |
| | Werbebanner im SteamclientFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (21-02-2017 14:20:09)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]
FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-21]
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-03]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2016-10-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-30] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 14:20 - 2017-02-21 14:20 - 00028802 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:08 - 2017-02-21 14:19 - 02422784 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-20 11:01 - 2017-02-20 11:01 - 00046039 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00004506 _____ C:\WINDOWS\System32\Tasks\{2F9E6DA4-2C8B-428B-A4BE-2A050C4CB698}
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-16 16:00 - 00000000 ____D C:\Users\ezztr\AppData\Local\PrivateTunnel
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 10:50 - 2017-02-16 10:50 - 00002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk
2017-02-16 10:50 - 2017-02-16 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 23:35 - 2017-02-14 23:39 - 00000000 ____D C:\Users\ezztr\Downloads\The.Walking.Dead.S07E09.HDTV.x264-FUM[ettv]
2017-02-14 23:33 - 2017-02-14 23:34 - 00007637 _____ C:\Users\ezztr\Downloads\87D8EB78DA788DD1CF0988FA063B8C7D9D21F87C.torrent
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 18:28 - 2017-02-06 18:28 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:51 - 2017-01-27 20:51 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 10:22 - 2016-12-21 14:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:22 - 2016-12-21 11:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-21 14:20 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-21 13:48 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-21 13:36 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-21 13:33 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 12:25 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 11:54 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-21 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-20 22:55 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-20 18:40 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 16:53 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-20 15:41 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-20 11:01 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 17:00 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-18 23:32 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-18 19:31 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-18 19:29 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-18 19:29 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-18 19:29 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 00:05 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 13:21 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 23:47 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-14 21:11 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 19:40 - 2016-08-04 03:47 - 01826720 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-10 19:40 - 2016-08-04 03:47 - 00490284 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-10 19:40 - 2015-12-27 02:15 - 04173406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 22:40 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-07 22:40 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-08-03 12:50 - 05078304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 19:18 - 2016-07-04 09:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 20:44 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-01-27 18:13 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 10:29 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 09:12 - 2016-08-03 12:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-12-23 17:59 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-09-22 22:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2015-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-22 01:16 - 2016-08-22 19:28 - 00000000 ____D C:\Website
==================== Files in the root of some directories =======
2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-20 11:01 - 2017-02-20 11:01 - 0046039 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2016-12-30 11:08 - 2016-12-30 11:09 - 2842808 _____ () C:\Users\ezztr\AppData\Local\Temp\npp.7.2.2.Installer.x64.exe
2016-10-29 03:26 - 2016-12-12 01:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvSCPAPI64.dll
2016-11-17 19:56 - 2017-01-20 21:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvStInst.exe
2016-08-29 22:56 - 2016-11-17 20:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetry.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI64.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-18 12:55
==================== End of FRST.txt ============================
|
|
21.02.2017, 16:09
| #3 |
| /// TB-Ausbilder   | Werbebanner im Steamclient Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
22.02.2017, 01:50
| #4 |
| | Werbebanner im Steamclient Hallo, hier das Logfile. Code:
ATTFilter 07:42:10.0401 0x1be0 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
07:42:10.0401 0x1be0 UEFI system
07:42:14.0390 0x1be0 ============================================================
07:42:14.0390 0x1be0 Current date / time: 2017/02/22 07:42:14.0390
07:42:14.0390 0x1be0 SystemInfo:
07:42:14.0390 0x1be0
07:42:14.0390 0x1be0 OS Version: 10.0.14393 ServicePack: 0.0
07:42:14.0390 0x1be0 Product type: Workstation
07:42:14.0390 0x1be0 ComputerName: DESKTOP-CSVQ63S
07:42:14.0390 0x1be0 UserName: ezztr
07:42:14.0390 0x1be0 Windows directory: C:\WINDOWS
07:42:14.0390 0x1be0 System windows directory: C:\WINDOWS
07:42:14.0390 0x1be0 Running under WOW64
07:42:14.0390 0x1be0 Processor architecture: Intel x64
07:42:14.0390 0x1be0 Number of processors: 8
07:42:14.0390 0x1be0 Page size: 0x1000
07:42:14.0390 0x1be0 Boot type: Normal boot
07:42:14.0390 0x1be0 CodeIntegrityOptions = 0x00000001
07:42:14.0390 0x1be0 ============================================================
07:42:14.0456 0x1be0 KLMD registered as C:\WINDOWS\system32\drivers\42858280.sys
07:42:14.0456 0x1be0 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
07:42:15.0025 0x1be0 System UUID: {B0C49137-0ECE-1D27-FCB8-5A0695621C42}
07:42:15.0431 0x1be0 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:15.0436 0x1be0 ============================================================
07:42:15.0436 0x1be0 \Device\Harddisk0\DR0:
07:42:15.0436 0x1be0 GPT partitions:
07:42:15.0437 0x1be0 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {165AC4DB-617F-4771-970A-87796BC180A5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
07:42:15.0437 0x1be0 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {68494F86-D24F-4D70-9760-B23DD64306F8}, Name: Microsoft reserved partition, StartLBA 0xFA800, BlocksNum 0x40000
07:42:15.0437 0x1be0 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {81D4A5D9-DCE0-428C-A22F-DE86FA566D55}, Name: Basic data partition, StartLBA 0x13A800, BlocksNum 0x39B1D000
07:42:15.0437 0x1be0 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6D83A601-5C67-4C05-958A-2BE29AF30678}, Name: , StartLBA 0x39C57800, BlocksNum 0x1CD800
07:42:15.0437 0x1be0 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FB621AB6-DC40-490D-9964-595107640B80}, Name: , StartLBA 0x39E25000, BlocksNum 0x1BBC000
07:42:15.0437 0x1be0 MBR partitions:
07:42:15.0437 0x1be0 ============================================================
07:42:15.0438 0x1be0 C: <-> \Device\Harddisk0\DR0\Partition3
07:42:15.0438 0x1be0 ============================================================
07:42:15.0438 0x1be0 Initialize success
07:42:15.0438 0x1be0 ============================================================
07:42:49.0729 0x2a18 ============================================================
07:42:49.0729 0x2a18 Scan started
07:42:49.0729 0x2a18 Mode: Manual; SigCheck; TDLFS;
07:42:49.0729 0x2a18 ============================================================
07:42:49.0729 0x2a18 KSN ping started
07:42:50.0057 0x2a18 KSN ping finished: true
07:42:51.0021 0x2a18 ================ Scan system memory ========================
07:42:51.0021 0x2a18 System memory - ok
07:42:51.0022 0x2a18 ================ Scan services =============================
07:42:51.0103 0x2a18 [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
07:42:51.0171 0x2a18 1394ohci - ok
07:42:51.0179 0x2a18 [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
07:42:51.0193 0x2a18 3ware - ok
07:42:51.0212 0x2a18 [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
07:42:51.0241 0x2a18 ACPI - ok
07:42:51.0246 0x2a18 [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev C:\WINDOWS\System32\drivers\AcpiDev.sys
07:42:51.0260 0x2a18 AcpiDev - ok
07:42:51.0266 0x2a18 [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
07:42:51.0281 0x2a18 acpiex - ok
07:42:51.0284 0x2a18 [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
07:42:51.0297 0x2a18 acpipagr - ok
07:42:51.0301 0x2a18 [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
07:42:51.0315 0x2a18 AcpiPmi - ok
07:42:51.0319 0x2a18 [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
07:42:51.0331 0x2a18 acpitime - ok
07:42:51.0357 0x2a18 [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
07:42:51.0395 0x2a18 ADP80XX - ok
07:42:51.0409 0x2a18 [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD C:\WINDOWS\system32\drivers\afd.sys
07:42:51.0429 0x2a18 AFD - ok
07:42:51.0471 0x2a18 [ F2EB8EB5FC46FB849498BBEF2AD6539D, 6BC9938B3E432963FFAB6A13E9237DA7888A3595522BBE99F2AA556ED06F5651 ] AGSService C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
07:42:51.0514 0x2a18 AGSService - ok
07:42:51.0523 0x2a18 [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
07:42:51.0542 0x2a18 ahcache - ok
07:42:51.0546 0x2a18 [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter C:\WINDOWS\System32\AJRouter.dll
07:42:51.0557 0x2a18 AJRouter - ok
07:42:51.0561 0x2a18 [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG C:\WINDOWS\System32\alg.exe
07:42:51.0575 0x2a18 ALG - ok
07:42:51.0580 0x2a18 [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
07:42:51.0594 0x2a18 AmdK8 - ok
07:42:51.0598 0x2a18 [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
07:42:51.0611 0x2a18 AmdPPM - ok
07:42:51.0615 0x2a18 [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
07:42:51.0625 0x2a18 amdsata - ok
07:42:51.0632 0x2a18 [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
07:42:51.0644 0x2a18 amdsbs - ok
07:42:51.0649 0x2a18 [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
07:42:51.0657 0x2a18 amdxata - ok
07:42:51.0663 0x2a18 [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID C:\WINDOWS\system32\drivers\appid.sys
07:42:51.0674 0x2a18 AppID - ok
07:42:51.0678 0x2a18 [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
07:42:51.0695 0x2a18 AppIDSvc - ok
07:42:51.0699 0x2a18 [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo C:\WINDOWS\System32\appinfo.dll
07:42:51.0716 0x2a18 Appinfo - ok
07:42:51.0719 0x2a18 [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr C:\WINDOWS\system32\drivers\applockerfltr.sys
07:42:51.0739 0x2a18 applockerfltr - ok
07:42:51.0751 0x2a18 [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
07:42:51.0779 0x2a18 AppReadiness - ok
07:42:51.0817 0x2a18 [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
07:42:51.0887 0x2a18 AppXSvc - ok
07:42:51.0894 0x2a18 [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
07:42:51.0904 0x2a18 arcsas - ok
07:42:51.0906 0x2a18 [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
07:42:51.0920 0x2a18 AsyncMac - ok
07:42:51.0923 0x2a18 [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
07:42:51.0930 0x2a18 atapi - ok
07:42:51.0940 0x2a18 [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
07:42:51.0966 0x2a18 AudioEndpointBuilder - ok
07:42:51.0985 0x2a18 [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
07:42:52.0019 0x2a18 Audiosrv - ok
07:42:52.0024 0x2a18 [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
07:42:52.0039 0x2a18 AxInstSV - ok
07:42:52.0050 0x2a18 [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
07:42:52.0069 0x2a18 b06bdrv - ok
07:42:52.0073 0x2a18 [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
07:42:52.0087 0x2a18 BasicDisplay - ok
07:42:52.0090 0x2a18 [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
07:42:52.0099 0x2a18 BasicRender - ok
07:42:52.0107 0x2a18 [ 2583ABE384B847C09F2FF68552267A70, A8898ABCD4346140EA5B863F700307D670C1DD336337FDFF7D85FD26E14FE13C ] bcbtums C:\WINDOWS\system32\drivers\bcbtums.sys
07:42:52.0121 0x2a18 bcbtums - ok
07:42:52.0157 0x2a18 [ 4F9633DC161B69E8950A54BFCE95C5EB, B580B1543311ABA50F15BE806B0858182DAB5D1EEB10AEEC5BEF7E0B7E4552BD ] BcmBtRSupport C:\WINDOWS\system32\BtwRSupportService.exe
07:42:52.0208 0x2a18 BcmBtRSupport - ok
07:42:52.0213 0x2a18 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
07:42:52.0222 0x2a18 bcmfn - ok
07:42:52.0225 0x2a18 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
07:42:52.0234 0x2a18 bcmfn2 - ok
07:42:52.0257 0x2a18 [ A3898CDAE4BC67637EAA6EA1295031CE, 0C0C08D063B0A714AB99D8353569E9C455A69582197A8A9A483F6E734CF5A355 ] BCMPCIEDHD63 C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys
07:42:52.0307 0x2a18 BCMPCIEDHD63 - ok
07:42:52.0319 0x2a18 [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
07:42:52.0343 0x2a18 BDESVC - ok
07:42:52.0346 0x2a18 [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:42:52.0356 0x2a18 Beep - ok
07:42:52.0381 0x2a18 [ 36147F78E903E8F42A12D95ADEEB034D, E753888611489B216BC1DD1D07031FA5D6E2825864D065D4B06D787BFFC3146C ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
07:42:52.0410 0x2a18 BEService - ok
07:42:52.0428 0x2a18 [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE C:\WINDOWS\System32\bfe.dll
07:42:52.0458 0x2a18 BFE - ok
07:42:52.0479 0x2a18 [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS C:\WINDOWS\System32\qmgr.dll
07:42:52.0528 0x2a18 BITS - ok
07:42:52.0534 0x2a18 [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
07:42:52.0550 0x2a18 bowser - ok
07:42:52.0566 0x2a18 [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
07:42:52.0600 0x2a18 BrokerInfrastructure - ok
07:42:52.0606 0x2a18 [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser C:\WINDOWS\System32\browser.dll
07:42:52.0621 0x2a18 Browser - ok
07:42:52.0625 0x2a18 [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
07:42:52.0639 0x2a18 BthAvrcpTg - ok
07:42:52.0643 0x2a18 [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
07:42:52.0657 0x2a18 BthHFEnum - ok
07:42:52.0660 0x2a18 [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
07:42:52.0671 0x2a18 bthhfhid - ok
07:42:52.0680 0x2a18 [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
07:42:52.0697 0x2a18 BthHFSrv - ok
07:42:52.0702 0x2a18 [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
07:42:52.0714 0x2a18 BTHMODEM - ok
07:42:52.0732 0x2a18 [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
07:42:52.0782 0x2a18 BTHPORT - ok
07:42:52.0787 0x2a18 [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv C:\WINDOWS\system32\bthserv.dll
07:42:52.0803 0x2a18 bthserv - ok
07:42:52.0807 0x2a18 [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
07:42:52.0828 0x2a18 BTHUSB - ok
07:42:52.0834 0x2a18 [ 9667D279C41AA1C31631E52EE6709559, 4859C95AB462A8A821731303F51822B0D0C35D01F731C0DA56F50CC4D5F0A336 ] btwampfl C:\WINDOWS\system32\DRIVERS\btwampfl.sys
07:42:52.0845 0x2a18 btwampfl - ok
07:42:52.0868 0x2a18 [ 66D870B50A4F5CBAF0C0A72976E057FA, 1689DF95149F0D174F4836B5DE103BAAC24410A0EA79ACAB6F1EBF35FCEF8AEE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:42:52.0894 0x2a18 btwdins - ok
07:42:52.0899 0x2a18 [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
07:42:52.0912 0x2a18 buttonconverter - ok
07:42:52.0916 0x2a18 [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
07:42:52.0943 0x2a18 CapImg - ok
07:42:52.0948 0x2a18 [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
07:42:52.0964 0x2a18 cdfs - ok
07:42:52.0973 0x2a18 [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
07:42:52.0996 0x2a18 CDPSvc - ok
07:42:53.0005 0x2a18 [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc C:\WINDOWS\System32\CDPUserSvc.dll
07:42:53.0024 0x2a18 CDPUserSvc - ok
07:42:53.0031 0x2a18 [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
07:42:53.0044 0x2a18 cdrom - ok
07:42:53.0050 0x2a18 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
07:42:53.0071 0x2a18 CertPropSvc - ok
07:42:53.0080 0x2a18 [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi C:\WINDOWS\system32\drivers\cht4sx64.sys
07:42:53.0095 0x2a18 cht4iscsi - ok
07:42:53.0137 0x2a18 [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd C:\WINDOWS\System32\drivers\cht4vx64.sys
07:42:53.0259 0x2a18 cht4vbd - ok
07:42:53.0265 0x2a18 [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass C:\WINDOWS\System32\drivers\circlass.sys
07:42:53.0278 0x2a18 circlass - ok
07:42:53.0289 0x2a18 [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
07:42:53.0308 0x2a18 CLFS - ok
07:42:53.0414 0x2a18 [ 77469C0C4540C39D3C5BF29D8CEDFB32, CBA289465516E9E4972542048068C7E25840B55645605C8C3577D0364BC05441 ] ClickToRunSvc C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
07:42:53.0482 0x2a18 ClickToRunSvc - ok
07:42:53.0500 0x2a18 [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
07:42:53.0522 0x2a18 ClipSVC - ok
07:42:53.0527 0x2a18 [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg C:\WINDOWS\System32\drivers\registry.sys
07:42:53.0540 0x2a18 clreg - ok
07:42:53.0546 0x2a18 [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
07:42:53.0555 0x2a18 CmBatt - ok
07:42:53.0568 0x2a18 [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
07:42:53.0589 0x2a18 CNG - ok
07:42:53.0593 0x2a18 [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
07:42:53.0600 0x2a18 cnghwassist - ok
07:42:53.0615 0x2a18 [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
07:42:53.0625 0x2a18 CompositeBus - ok
07:42:53.0628 0x2a18 COMSysApp - ok
07:42:53.0631 0x2a18 [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
07:42:53.0639 0x2a18 condrv - ok
07:42:53.0654 0x2a18 [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
07:42:53.0678 0x2a18 CoreMessagingRegistrar - ok
07:42:53.0700 0x2a18 [ B1A626A3AD0CA86B25F3D4984D1C366A, DF028DA1DD5D9511FFFBCD2DD47F2D1E878AD68D47525F1E5D7E4D656F8CADB5 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
07:42:53.0717 0x2a18 cphs - ok
07:42:53.0727 0x2a18 [ 1A97E6461CD8A7FC7AAF49F579D67681, B6782AEB339F3489C11F6466786A8543A84FD99A184BC358E85165BCD251682C ] cplspcon C:\WINDOWS\system32\IntelCpHDCPSvc.exe
07:42:53.0791 0x2a18 cplspcon - ok
07:42:53.0800 0x2a18 [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
07:42:53.0827 0x2a18 CryptSvc - ok
07:42:53.0834 0x2a18 [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam C:\WINDOWS\system32\drivers\dam.sys
07:42:53.0851 0x2a18 dam - ok
07:42:53.0858 0x2a18 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
07:42:53.0869 0x2a18 dbupdate - ok
07:42:53.0874 0x2a18 [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
07:42:53.0882 0x2a18 dbupdatem - ok
07:42:53.0906 0x2a18 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:42:53.0978 0x2a18 DcomLaunch - ok
07:42:53.0987 0x2a18 [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
07:42:54.0018 0x2a18 DcpSvc - ok
07:42:54.0023 0x2a18 [ 3802CBF4BDDE6F99974B27EE1782E5F9, 51562209E16A1C0247D73D7BFC8827AE4A2E57AF11350379A8FBA1EC44E56E54 ] DDDriver C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
07:42:54.0032 0x2a18 DDDriver - ok
07:42:54.0050 0x2a18 [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
07:42:54.0093 0x2a18 defragsvc - ok
07:42:54.0098 0x2a18 [ 04D91223860DB9B4169909A01CD66819, 0B598306E99BF9AF036908C9333D34A81F7A9FF292213A9EB583F3F4C8FE2CB1 ] Dell Customer Connect C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
07:42:54.0106 0x2a18 Dell Customer Connect - ok
07:42:54.0111 0x2a18 [ 802FC4E1B3E24185C731C81CD629F41D, FDA38B16E3D8CB1C6D7621AAD25663B954B7015F21F84524DAE2BB04923A996F ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
07:42:54.0118 0x2a18 Dell Foundation Services - ok
07:42:54.0190 0x2a18 [ 19C5F4EBA0B9670A923EEDCD97526B3A, 6D02BC69FD8D2099098255C7776E90FD98CAB343473D92238CB5F7DE9B080A89 ] DellDataVault C:\Program Files\Dell\DellDataVault\DellDataVault.exe
07:42:54.0276 0x2a18 DellDataVault - ok
07:42:54.0285 0x2a18 [ 5F57C0E23FB5FC5F3DDE5ACAF5D299D7, 381EB4B54B77CA061AFA484F5BF98B2518D3C7FD54406631C6C7F43E3132C4A3 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
07:42:54.0294 0x2a18 DellDataVaultWiz - ok
07:42:54.0301 0x2a18 [ 58F416B0E25755C3EE1FC754A5EDE1FC, DD5658C3AA4F019A30A76C2EEFA4DF9DDCE2A9425CC93D8EC870521D17D172EA ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
07:42:54.0314 0x2a18 DellDigitalDelivery - ok
07:42:54.0318 0x2a18 [ A8CD0B40A2DE20CCD6843774119A4FA1, 622C21231C6DCCAF6D8D4F0FBF4F55D474EFE9147EE7DA2C72EF51E2C946F1AC ] DellDockUpdate C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
07:42:54.0325 0x2a18 DellDockUpdate - ok
07:42:54.0330 0x2a18 [ DB1FA276F9559782005D0B1F0124E1FE, A6E14276CC9DE5E63D2556FCF91CAA86C6D076F3F5D9B43CB8B9CA219256EC42 ] DellPremierColorService C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe
07:42:54.0374 0x2a18 DellPremierColorService - ok
07:42:54.0383 0x2a18 [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf C:\WINDOWS\system32\drivers\DellProf.sys
07:42:54.0397 0x2a18 DellProf - ok
07:42:54.0413 0x2a18 [ 303CC91C34B77E49ECDC1F88F2CC48DC, A3B6539F473CB89774354153EE4D07E6C2C3B75FA171979407A03A95159C9096 ] DellUpdate C:\Program Files (x86)\Dell Update\DellUpService.exe
07:42:54.0441 0x2a18 DellUpdate - ok
07:42:54.0471 0x2a18 [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
07:42:54.0522 0x2a18 DeviceAssociationService - ok
07:42:54.0530 0x2a18 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
07:42:54.0566 0x2a18 DeviceInstall - ok
07:42:54.0572 0x2a18 [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
07:42:54.0594 0x2a18 DevQueryBroker - ok
07:42:54.0603 0x2a18 [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
07:42:54.0637 0x2a18 Dfsc - ok
07:42:54.0653 0x2a18 [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
07:42:54.0702 0x2a18 Dhcp - ok
07:42:54.0710 0x2a18 [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
07:42:54.0742 0x2a18 diagnosticshub.standardcollector.service - ok
07:42:54.0816 0x2a18 [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
07:42:54.0924 0x2a18 DiagTrack - ok
07:42:54.0930 0x2a18 [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk C:\WINDOWS\system32\drivers\disk.sys
07:42:54.0950 0x2a18 disk - ok
07:42:54.0970 0x2a18 [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
07:42:55.0011 0x2a18 DmEnrollmentSvc - ok
07:42:55.0015 0x2a18 [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
07:42:55.0029 0x2a18 dmvsc - ok
07:42:55.0034 0x2a18 [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
07:42:55.0059 0x2a18 dmwappushservice - ok
07:42:55.0069 0x2a18 [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:42:55.0096 0x2a18 Dnscache - ok
07:42:55.0107 0x2a18 [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc C:\WINDOWS\System32\dot3svc.dll
07:42:55.0130 0x2a18 dot3svc - ok
07:42:55.0137 0x2a18 [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS C:\WINDOWS\system32\dps.dll
07:42:55.0158 0x2a18 DPS - ok
07:42:55.0162 0x2a18 [ B7AD595A1C686403404C79A854CAD17E, E122EDB5939DE8F6E1202F06551FA816BEE953C00D60C136F8657532C1DE828B ] dptf_acpi C:\WINDOWS\System32\drivers\dptf_acpi.sys
07:42:55.0172 0x2a18 dptf_acpi - ok
07:42:55.0177 0x2a18 [ 5A47D54EEBB3554887BC27F89984C8EB, BBDE5F29FC65F8A66DA98C96163A99315583BC5A6895F1CB6967EF0707E27154 ] dptf_cpu C:\WINDOWS\System32\drivers\dptf_cpu.sys
07:42:55.0185 0x2a18 dptf_cpu - ok
07:42:55.0190 0x2a18 [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud C:\WINDOWS\system32\DRIVERS\drmkaud.sys
07:42:55.0200 0x2a18 drmkaud - ok
07:42:55.0207 0x2a18 [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
07:42:55.0229 0x2a18 DsmSvc - ok
07:42:55.0234 0x2a18 [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc C:\WINDOWS\System32\DsSvc.dll
07:42:55.0250 0x2a18 DsSvc - ok
07:42:55.0295 0x2a18 [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
07:42:55.0369 0x2a18 DXGKrnl - ok
07:42:55.0379 0x2a18 [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:42:55.0400 0x2a18 EapHost - ok
07:42:55.0404 0x2a18 EasyAntiCheat - ok
07:42:55.0500 0x2a18 [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
07:42:55.0622 0x2a18 ebdrv - ok
07:42:55.0631 0x2a18 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS C:\WINDOWS\System32\lsass.exe
07:42:55.0641 0x2a18 EFS - ok
07:42:55.0645 0x2a18 [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
07:42:55.0655 0x2a18 EhStorClass - ok
07:42:55.0660 0x2a18 [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
07:42:55.0670 0x2a18 EhStorTcgDrv - ok
07:42:55.0675 0x2a18 [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
07:42:55.0690 0x2a18 embeddedmode - ok
07:42:55.0698 0x2a18 [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
07:42:55.0715 0x2a18 EntAppSvc - ok
07:42:55.0719 0x2a18 [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
07:42:55.0731 0x2a18 ErrDev - ok
07:42:55.0762 0x2a18 [ 03860DE7D2EC356A6DB7DF8836689AE3, 62706FE7D356EA0BAE163F698934949D4EFD659AFCED60E1028129B6E635CDF0 ] esifsvc C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
07:42:55.0828 0x2a18 esifsvc - ok
07:42:55.0839 0x2a18 [ 17861A6D45A46B88C077F9211959D119, D6C2746E0C9E3E0ED6FF702673F2B4AAEDCBE27D7D1C2E476D6EFED3B1C14C7C ] esif_lf C:\WINDOWS\system32\DRIVERS\esif_lf.sys
07:42:55.0850 0x2a18 esif_lf - ok
07:42:55.0870 0x2a18 [ 8842ED1E87D7662F249B5B63501E693B, A6D71351C2F32295926664875369C0BF93C59541B023884BDAC684E1EA94487A ] ESRV_SVC_QUEENCREEK C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
07:42:55.0895 0x2a18 ESRV_SVC_QUEENCREEK - ok
07:42:55.0908 0x2a18 [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem C:\WINDOWS\system32\es.dll
07:42:55.0936 0x2a18 EventSystem - ok
07:42:55.0945 0x2a18 [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat C:\WINDOWS\system32\drivers\exfat.sys
07:42:55.0967 0x2a18 exfat - ok
07:42:55.0978 0x2a18 [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
07:42:55.0994 0x2a18 fastfat - ok
07:42:56.0009 0x2a18 [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax C:\WINDOWS\system32\fxssvc.exe
07:42:56.0037 0x2a18 Fax - ok
07:42:56.0041 0x2a18 [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
07:42:56.0053 0x2a18 fdc - ok
07:42:56.0056 0x2a18 [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
07:42:56.0075 0x2a18 fdPHost - ok
07:42:56.0080 0x2a18 [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub C:\WINDOWS\system32\fdrespub.dll
07:42:56.0092 0x2a18 FDResPub - ok
07:42:56.0097 0x2a18 [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc C:\WINDOWS\system32\fhsvc.dll
07:42:56.0115 0x2a18 fhsvc - ok
07:42:56.0119 0x2a18 [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
07:42:56.0132 0x2a18 FileCrypt - ok
07:42:56.0136 0x2a18 [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
07:42:56.0145 0x2a18 FileInfo - ok
07:42:56.0148 0x2a18 [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
07:42:56.0161 0x2a18 Filetrace - ok
07:42:56.0164 0x2a18 [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
07:42:56.0175 0x2a18 flpydisk - ok
07:42:56.0184 0x2a18 [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
07:42:56.0198 0x2a18 FltMgr - ok
07:42:56.0232 0x2a18 [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache C:\WINDOWS\system32\FntCache.dll
07:42:56.0294 0x2a18 FontCache - ok
07:42:56.0300 0x2a18 [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:42:56.0308 0x2a18 FontCache3.0.0.0 - ok
07:42:56.0324 0x2a18 [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
07:42:56.0358 0x2a18 FrameServer - ok
07:42:56.0362 0x2a18 [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
07:42:56.0371 0x2a18 FsDepends - ok
07:42:56.0374 0x2a18 [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:42:56.0382 0x2a18 Fs_Rec - ok
07:42:56.0395 0x2a18 [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
07:42:56.0420 0x2a18 fvevol - ok
07:42:56.0425 0x2a18 [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
07:42:56.0436 0x2a18 gencounter - ok
07:42:56.0440 0x2a18 [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
07:42:56.0451 0x2a18 genericusbfn - ok
07:42:56.0457 0x2a18 [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
07:42:56.0468 0x2a18 GPIOClx0101 - ok
07:42:56.0490 0x2a18 [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
07:42:56.0549 0x2a18 gpsvc - ok
07:42:56.0557 0x2a18 [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
07:42:56.0571 0x2a18 GpuEnergyDrv - ok
07:42:56.0577 0x2a18 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:56.0587 0x2a18 gupdate - ok
07:42:56.0593 0x2a18 [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:56.0602 0x2a18 gupdatem - ok
07:42:56.0607 0x2a18 [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
07:42:56.0623 0x2a18 HDAudBus - ok
07:42:56.0627 0x2a18 [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
07:42:56.0638 0x2a18 HidBatt - ok
07:42:56.0643 0x2a18 [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
07:42:56.0659 0x2a18 HidBth - ok
07:42:56.0663 0x2a18 [ 81E52ADEA1D8B051DC1E3FC97C044C28, 494C9BAEE00F2BFD88485FB4F3521AD903A6500DB3844017FE56335D37760953 ] HidEventFilter C:\WINDOWS\System32\drivers\HidEventFilter.sys
07:42:56.0672 0x2a18 HidEventFilter - ok
07:42:56.0676 0x2a18 [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
07:42:56.0690 0x2a18 hidi2c - ok
07:42:56.0694 0x2a18 [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
07:42:56.0706 0x2a18 hidinterrupt - ok
07:42:56.0710 0x2a18 [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
07:42:56.0725 0x2a18 HidIr - ok
07:42:56.0729 0x2a18 [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv C:\WINDOWS\system32\hidserv.dll
07:42:56.0743 0x2a18 hidserv - ok
07:42:56.0750 0x2a18 [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
07:42:56.0766 0x2a18 HidUsb - ok
07:42:56.0776 0x2a18 [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
07:42:56.0804 0x2a18 HomeGroupListener - ok
07:42:56.0821 0x2a18 [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
07:42:56.0853 0x2a18 HomeGroupProvider - ok
07:42:56.0858 0x2a18 [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
07:42:56.0870 0x2a18 HpSAMD - ok
07:42:56.0897 0x2a18 [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
07:42:56.0937 0x2a18 HTTP - ok
07:42:56.0943 0x2a18 [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
07:42:56.0954 0x2a18 HvHost - ok
07:42:56.0958 0x2a18 [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
07:42:56.0968 0x2a18 hvservice - ok
07:42:56.0972 0x2a18 [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
07:42:56.0980 0x2a18 hwpolicy - ok
07:42:56.0983 0x2a18 [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
07:42:56.0994 0x2a18 hyperkbd - ok
07:42:56.0998 0x2a18 [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
07:42:57.0011 0x2a18 i8042prt - ok
07:42:57.0015 0x2a18 [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio C:\WINDOWS\System32\drivers\iagpio.sys
07:42:57.0027 0x2a18 iagpio - ok
07:42:57.0031 0x2a18 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
07:42:57.0044 0x2a18 iai2c - ok
07:42:57.0048 0x2a18 [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2 C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
07:42:57.0059 0x2a18 iaLPSS2i_GPIO2 - ok
07:42:57.0064 0x2a18 [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
07:42:57.0074 0x2a18 iaLPSS2i_I2C - ok
07:42:57.0081 0x2a18 [ E2C14D6C31F27C4C370E41484674BD81, 73AEB6E4A3F43F0EC33576DBC75C3259D5D4F9302C2D79871B66C47DE7D03C40 ] iaLPSS2_I2C C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys
07:42:57.0090 0x2a18 iaLPSS2_I2C - ok
07:42:57.0093 0x2a18 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
07:42:57.0100 0x2a18 iaLPSSi_GPIO - ok
07:42:57.0105 0x2a18 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
07:42:57.0117 0x2a18 iaLPSSi_I2C - ok
07:42:57.0138 0x2a18 [ 4E3C0C534D873FCCC31E0538C548710F, DE1E0530DB1EA8198E99EC5AA41E4C5E7A5CBFBAD98C017D13D56DD7B3C38317 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
07:42:57.0175 0x2a18 iaStorA - ok
07:42:57.0201 0x2a18 [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
07:42:57.0253 0x2a18 iaStorAV - ok
07:42:57.0260 0x2a18 [ 676699B87BF75E5A423E96C58A402905, 582D68FBEE947A39EDD29596822F3153E0F8448B52AA7A75EB7380C7EF8B0690 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:42:57.0272 0x2a18 IAStorDataMgrSvc - ok
07:42:57.0284 0x2a18 [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
07:42:57.0305 0x2a18 iaStorV - ok
07:42:57.0318 0x2a18 [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
07:42:57.0341 0x2a18 ibbus - ok
07:42:57.0349 0x2a18 [ A54B6E75CA5A3C9E39200FE305649FB7, F86DCE0DAB3CF20149CEFD1D2BE215FAEC68FB6F0CD6F1B7C573FBAC363E0A2B ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
07:42:57.0361 0x2a18 ICCS - ok
07:42:57.0365 0x2a18 [ 1B904E09172A2D63CB728F56B9DC72AA, E83D8A55319B378EB76A88EF778F69F560C8F2541BBD58151754509008D1A2C5 ] ICCWDT C:\WINDOWS\System32\drivers\ICCWDT.sys
07:42:57.0373 0x2a18 ICCWDT - ok
07:42:57.0380 0x2a18 [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc C:\WINDOWS\System32\tetheringservice.dll
07:42:57.0400 0x2a18 icssvc - ok
07:42:57.0532 0x2a18 [ 35304583BA4C0C9E78487C0CFD6764DE, ED3FF3F6E9CBFBEC0A787771D34382C4E79EEE2A6A6520E16A22E8E973384CC7 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
07:42:57.0666 0x2a18 igfx - ok
07:42:57.0682 0x2a18 [ BB8FCF2D6134C8D13A901B9B23DB483A, A1533BB22476266A3CA5ED99D9E48C3E36ACAC0D84069AD06DBA128508FC3404 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
07:42:57.0695 0x2a18 igfxCUIService2.0.0.0 - ok
07:42:57.0711 0x2a18 [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT C:\WINDOWS\System32\ikeext.dll
07:42:57.0743 0x2a18 IKEEXT - ok
07:42:57.0747 0x2a18 [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd C:\WINDOWS\System32\drivers\IndirectKmd.sys
07:42:57.0758 0x2a18 IndirectKmd - ok
07:42:57.0765 0x2a18 [ 7D38E9F9574A6B9B89379708DF9820DA, 100DFB2BC4C28DD59323EBB0900BEC38CCF38D5BE1C02FA605CB35FD135E03CE ] IntcAudioBus C:\WINDOWS\System32\drivers\IntcAudioBus.sys
07:42:57.0777 0x2a18 IntcAudioBus - ok
07:42:57.0852 0x2a18 [ 5455252E556F4BBDA7874F5A9DF88BBD, C81436052E5514FC7616939BEB2C8C15185B9A372C52F0E32EDDB43A5AB22E7D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
07:42:57.0942 0x2a18 IntcAzAudAddService - ok
07:42:57.0969 0x2a18 [ 947360145F94C61E17EECD4BD3516AA9, F55A9EC31FE253E063D34B0118070B14156567B2E3B4ED74B697CA656D7789A0 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
07:42:58.0020 0x2a18 IntcDAud - ok
07:42:58.0056 0x2a18 [ E3D3DB60FED00183A59EF71C4A831326, 9F61734F2FC1954848CDBE51A3408104E539F27B2C81F30634796EC4644649EC ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
07:42:58.0263 0x2a18 Intel(R) Capability Licensing Service TCP IP Interface - ok
07:42:58.0272 0x2a18 [ 8213094EA736A9C575AB0E22AD09B0BA, 12670A466B5AA37283BD4CB481D000DE3AE2A8D1BD159F67A41703A6FE5675EC ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
07:42:58.0285 0x2a18 Intel(R) Security Assist - detected UnsignedFile.Multi.Generic ( 1 )
07:42:58.0570 0x2a18 Detect skipped due to KSN trusted
07:42:58.0570 0x2a18 Intel(R) Security Assist - ok
07:42:58.0582 0x2a18 [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide C:\WINDOWS\system32\drivers\intelide.sys
07:42:58.0606 0x2a18 intelide - ok
07:42:58.0615 0x2a18 [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
07:42:58.0642 0x2a18 intelpep - ok
07:42:58.0653 0x2a18 [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
07:42:58.0678 0x2a18 intelppm - ok
07:42:58.0684 0x2a18 [ 1619EE2C1FC5684C526D6F0D7DD40F50, B771ED85A4596A5C3D137AA440FB1B1F12CA8091E5304C741B8840C24DF1B35F ] iocbios2 C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
07:42:58.0697 0x2a18 iocbios2 - ok
07:42:58.0704 0x2a18 [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate C:\WINDOWS\system32\drivers\iorate.sys
07:42:58.0721 0x2a18 iorate - ok
07:42:58.0729 0x2a18 [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:42:58.0754 0x2a18 IpFilterDriver - ok
07:42:58.0788 0x2a18 [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
07:42:58.0871 0x2a18 iphlpsvc - ok
07:42:58.0879 0x2a18 [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
07:42:58.0897 0x2a18 IPMIDRV - ok
07:42:58.0907 0x2a18 [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
07:42:58.0929 0x2a18 IPNAT - ok
07:42:58.0934 0x2a18 [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda C:\WINDOWS\system32\drivers\irda.sys
07:42:58.0950 0x2a18 irda - ok
07:42:58.0954 0x2a18 [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
07:42:58.0966 0x2a18 IRENUM - ok
07:42:58.0970 0x2a18 [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon C:\WINDOWS\System32\irmon.dll
07:42:58.0984 0x2a18 irmon - ok
07:42:58.0986 0x2a18 [ 1DFC3CCA51785254C5604238BB1A5467, 31451A90A91AEE14C6B24F84CB9816E5C77179D411B8B3E8547F538235BEEFB0 ] isaHelperSvc C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
07:42:59.0020 0x2a18 isaHelperSvc - detected UnsignedFile.Multi.Generic ( 1 )
07:42:59.0786 0x2a18 Detect skipped due to KSN trusted
07:42:59.0786 0x2a18 isaHelperSvc - ok
07:42:59.0797 0x2a18 [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
07:42:59.0822 0x2a18 isapnp - ok
07:42:59.0842 0x2a18 [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
07:42:59.0882 0x2a18 iScsiPrt - ok
07:42:59.0892 0x2a18 [ A6A25432D71931AC7424C1E322C83628, 3D5807C5F0375B0DB60C474A15EAFF8016342CBCF4D9A2ECBACE57530C8F3639 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
07:42:59.0910 0x2a18 jhi_service - ok
07:42:59.0917 0x2a18 [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
07:42:59.0933 0x2a18 kbdclass - ok
07:42:59.0939 0x2a18 [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
07:42:59.0964 0x2a18 kbdhid - ok
07:42:59.0969 0x2a18 [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
07:42:59.0989 0x2a18 kdnic - ok
07:42:59.0999 0x2a18 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso C:\WINDOWS\system32\lsass.exe
07:43:00.0016 0x2a18 KeyIso - ok
07:43:00.0025 0x2a18 [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
07:43:00.0055 0x2a18 KSecDD - ok
07:43:00.0066 0x2a18 [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
07:43:00.0088 0x2a18 KSecPkg - ok
07:43:00.0100 0x2a18 [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
07:43:00.0144 0x2a18 ksthunk - ok
07:43:00.0162 0x2a18 [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
07:43:00.0205 0x2a18 KtmRm - ok
07:43:00.0219 0x2a18 [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
07:43:00.0252 0x2a18 LanmanServer - ok
07:43:00.0262 0x2a18 [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
07:43:00.0290 0x2a18 LanmanWorkstation - ok
07:43:00.0296 0x2a18 [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc C:\WINDOWS\System32\lfsvc.dll
07:43:00.0311 0x2a18 lfsvc - ok
07:43:00.0315 0x2a18 [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
07:43:00.0335 0x2a18 LicenseManager - ok
07:43:00.0340 0x2a18 [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
07:43:00.0355 0x2a18 lltdio - ok
07:43:00.0364 0x2a18 [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
07:43:00.0387 0x2a18 lltdsvc - ok
07:43:00.0392 0x2a18 [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
07:43:00.0408 0x2a18 lmhosts - ok
07:43:00.0419 0x2a18 [ 7EE651D92EFCA0CEA1115D03C0714495, 4B169368269824E92A86A7254399554FC87868B4E343C3AC03CA9C625B939EEC ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:43:00.0437 0x2a18 LMS - ok
07:43:00.0445 0x2a18 [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
07:43:00.0458 0x2a18 LSI_SAS - ok
07:43:00.0464 0x2a18 [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
07:43:00.0477 0x2a18 LSI_SAS2i - ok
07:43:00.0482 0x2a18 [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
07:43:00.0495 0x2a18 LSI_SAS3i - ok
07:43:00.0499 0x2a18 [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
07:43:00.0510 0x2a18 LSI_SSS - ok
07:43:00.0525 0x2a18 [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM C:\WINDOWS\System32\lsm.dll
07:43:00.0556 0x2a18 LSM - ok
07:43:00.0561 0x2a18 [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
07:43:00.0576 0x2a18 luafv - ok
07:43:00.0580 0x2a18 [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker C:\WINDOWS\System32\moshost.dll
07:43:00.0595 0x2a18 MapsBroker - ok
07:43:00.0599 0x2a18 [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas C:\WINDOWS\system32\drivers\megasas.sys
07:43:00.0608 0x2a18 megasas - ok
07:43:00.0611 0x2a18 [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i C:\WINDOWS\system32\drivers\MegaSas2i.sys
07:43:00.0620 0x2a18 megasas2i - ok
07:43:00.0632 0x2a18 [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr C:\WINDOWS\system32\drivers\megasr.sys
07:43:00.0651 0x2a18 megasr - ok
07:43:00.0659 0x2a18 [ 43DB6A9CFC704F48D362B13E05926276, 300AF81F71E808F7B611B91BB65754E41FB60D93EBDB548D06D7829138E78DD4 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
07:43:00.0670 0x2a18 MEIx64 - ok
07:43:00.0674 0x2a18 [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
07:43:00.0686 0x2a18 MessagingService - ok
07:43:00.0703 0x2a18 [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
07:43:00.0731 0x2a18 mlx4_bus - ok
07:43:00.0736 0x2a18 [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
07:43:00.0749 0x2a18 MMCSS - ok
07:43:00.0753 0x2a18 [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem C:\WINDOWS\system32\drivers\modem.sys
07:43:00.0774 0x2a18 Modem - ok
07:43:00.0777 0x2a18 [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor C:\WINDOWS\System32\drivers\monitor.sys
07:43:00.0787 0x2a18 monitor - ok
07:43:00.0790 0x2a18 [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
07:43:00.0798 0x2a18 mouclass - ok
07:43:00.0801 0x2a18 [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
07:43:00.0812 0x2a18 mouhid - ok
07:43:00.0816 0x2a18 [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
07:43:00.0826 0x2a18 mountmgr - ok
07:43:00.0831 0x2a18 [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:43:00.0841 0x2a18 MozillaMaintenance - ok
07:43:00.0846 0x2a18 [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
07:43:00.0858 0x2a18 mpsdrv - ok
07:43:00.0878 0x2a18 [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
07:43:00.0913 0x2a18 MpsSvc - ok
07:43:00.0919 0x2a18 [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
07:43:00.0941 0x2a18 MRxDAV - ok
07:43:00.0952 0x2a18 [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:43:00.0968 0x2a18 mrxsmb - ok
07:43:00.0977 0x2a18 [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
07:43:01.0009 0x2a18 mrxsmb10 - ok
07:43:01.0023 0x2a18 [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
07:43:01.0048 0x2a18 mrxsmb20 - ok
07:43:01.0057 0x2a18 [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
07:43:01.0087 0x2a18 MsBridge - ok
07:43:01.0101 0x2a18 [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC C:\WINDOWS\System32\msdtc.exe
07:43:01.0144 0x2a18 MSDTC - ok
07:43:01.0159 0x2a18 [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:43:01.0191 0x2a18 Msfs - ok
07:43:01.0201 0x2a18 [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
07:43:01.0227 0x2a18 msgpiowin32 - ok
07:43:01.0232 0x2a18 [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
07:43:01.0253 0x2a18 mshidkmdf - ok
07:43:01.0258 0x2a18 [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
07:43:01.0277 0x2a18 mshidumdf - ok
07:43:01.0283 0x2a18 [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
07:43:01.0299 0x2a18 msisadrv - ok
07:43:01.0309 0x2a18 [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
07:43:01.0336 0x2a18 MSiSCSI - ok
07:43:01.0340 0x2a18 msiserver - ok
07:43:01.0344 0x2a18 [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
07:43:01.0363 0x2a18 MSKSSRV - ok
07:43:01.0369 0x2a18 [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
07:43:01.0385 0x2a18 MsLldp - ok
07:43:01.0390 0x2a18 [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
07:43:01.0410 0x2a18 MSPCLOCK - ok
07:43:01.0413 0x2a18 [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
07:43:01.0433 0x2a18 MSPQM - ok
07:43:01.0445 0x2a18 [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
07:43:01.0465 0x2a18 MsRPC - ok
07:43:01.0472 0x2a18 [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
07:43:01.0484 0x2a18 mssmbios - ok
07:43:01.0488 0x2a18 [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
07:43:01.0507 0x2a18 MSTEE - ok
07:43:01.0511 0x2a18 [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
07:43:01.0525 0x2a18 MTConfig - ok
07:43:01.0532 0x2a18 [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
07:43:01.0559 0x2a18 Mup - ok
07:43:01.0565 0x2a18 [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
07:43:01.0581 0x2a18 mvumis - ok
07:43:01.0601 0x2a18 [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
07:43:01.0639 0x2a18 NativeWifiP - ok
07:43:01.0646 0x2a18 [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
07:43:01.0663 0x2a18 NcaSvc - ok
07:43:01.0673 0x2a18 [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService C:\WINDOWS\System32\ncbservice.dll
07:43:01.0696 0x2a18 NcbService - ok
07:43:01.0701 0x2a18 [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
07:43:01.0730 0x2a18 NcdAutoSetup - ok
07:43:01.0734 0x2a18 [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
07:43:01.0747 0x2a18 ndfltr - ok
07:43:01.0771 0x2a18 [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
07:43:01.0807 0x2a18 NDIS - ok
07:43:01.0812 0x2a18 [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
07:43:01.0826 0x2a18 NdisCap - ok
07:43:01.0831 0x2a18 [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
07:43:01.0850 0x2a18 NdisImPlatform - ok
07:43:01.0854 0x2a18 [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:43:01.0870 0x2a18 NdisTapi - ok
07:43:01.0874 0x2a18 [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
07:43:01.0888 0x2a18 Ndisuio - ok
07:43:01.0891 0x2a18 [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
07:43:01.0903 0x2a18 NdisVirtualBus - ok
07:43:01.0909 0x2a18 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
07:43:01.0931 0x2a18 NdisWan - ok
07:43:01.0937 0x2a18 [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:43:01.0956 0x2a18 ndiswanlegacy - ok
07:43:01.0961 0x2a18 [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
07:43:01.0977 0x2a18 ndproxy - ok
07:43:01.0982 0x2a18 [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
07:43:01.0997 0x2a18 Ndu - ok
07:43:02.0001 0x2a18 [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx C:\WINDOWS\system32\drivers\NetAdapterCx.sys
07:43:02.0015 0x2a18 NetAdapterCx - ok
07:43:02.0019 0x2a18 [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
07:43:02.0028 0x2a18 NetBIOS - ok
07:43:02.0036 0x2a18 [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:43:02.0053 0x2a18 NetBT - ok
07:43:02.0059 0x2a18 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:43:02.0067 0x2a18 Netlogon - ok
07:43:02.0073 0x2a18 [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman C:\WINDOWS\System32\netman.dll
07:43:02.0091 0x2a18 Netman - ok
07:43:02.0104 0x2a18 [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
07:43:02.0127 0x2a18 netprofm - ok
07:43:02.0135 0x2a18 [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
07:43:02.0156 0x2a18 NetSetupSvc - ok
07:43:02.0162 0x2a18 [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:02.0174 0x2a18 NetTcpPortSharing - ok
07:43:02.0184 0x2a18 [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
07:43:02.0203 0x2a18 NgcCtnrSvc - ok
07:43:02.0221 0x2a18 [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
07:43:02.0266 0x2a18 NgcSvc - ok
07:43:02.0277 0x2a18 [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
07:43:02.0295 0x2a18 NlaSvc - ok
07:43:02.0300 0x2a18 [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:43:02.0310 0x2a18 Npfs - ok
07:43:02.0313 0x2a18 [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
07:43:02.0324 0x2a18 npsvctrig - ok
07:43:02.0328 0x2a18 [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi C:\WINDOWS\system32\nsisvc.dll
07:43:02.0339 0x2a18 nsi - ok
07:43:02.0342 0x2a18 [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
07:43:02.0351 0x2a18 nsiproxy - ok
07:43:02.0391 0x2a18 [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
07:43:02.0478 0x2a18 NTFS - ok
07:43:02.0484 0x2a18 [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null C:\WINDOWS\system32\drivers\Null.sys
07:43:02.0494 0x2a18 Null - ok
07:43:02.0504 0x2a18 [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
07:43:02.0517 0x2a18 NvContainerLocalSystem - ok
07:43:02.0527 0x2a18 [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
07:43:02.0539 0x2a18 NvContainerNetworkService - ok
07:43:02.0542 0x2a18 NVIDIA Wireless Controller Service - ok
07:43:02.0820 0x2a18 [ 9337A5F17702A0FFE1E6C6978619B872, 8D4505BA62977BFE8C01F1ABD027AFBAEAA0D3EA6336865E46C28818471B196E ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys
07:43:03.0083 0x2a18 nvlddmkm - ok
07:43:03.0104 0x2a18 [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
07:43:03.0114 0x2a18 nvraid - ok
07:43:03.0119 0x2a18 [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
07:43:03.0130 0x2a18 nvstor - ok
07:43:03.0135 0x2a18 [ 6C672A80B4FBF160E2814EAE0AB3020B, FD5BDE067D29AA9FC20D7C571607D3AC351BFD65EF6E0C75374A2D9C0B17FED3 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
07:43:03.0140 0x2a18 NvStreamKms - ok
07:43:03.0150 0x2a18 [ 282423AA3B0648082647103A5C42B66C, 5C8DBE5A95C1232E7D0F84E6A8749550C0026F2139D136E94347C2FB2E772950 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
07:43:03.0162 0x2a18 NvTelemetryContainer - ok
07:43:03.0168 0x2a18 [ 54ABC4EA39DDE92977DCE644D325213A, D754E5D0418B3C48AD9988D1A2705975C78C8B87990E211651C388A76FB17E51 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
07:43:03.0174 0x2a18 nvvad_WaveExtensible - ok
07:43:03.0178 0x2a18 [ 61BD2E2560FD1C5E0A8B8738816A0B93, 1057A6C4F7D04E81BFFD5B806295B3A5D12DE4D13F66E8542426D83D97E68C97 ] nvvhci C:\WINDOWS\System32\drivers\nvvhci.sys
07:43:03.0184 0x2a18 nvvhci - ok
07:43:03.0192 0x2a18 [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
07:43:03.0212 0x2a18 OneSyncSvc - ok
07:43:03.0265 0x2a18 [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service C:\games\Origin\OriginClientService.exe
07:43:03.0368 0x2a18 Origin Client Service - ok
07:43:03.0429 0x2a18 [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service C:\games\Origin\OriginWebHelperService.exe
07:43:03.0478 0x2a18 Origin Web Helper Service - ok
07:43:03.0487 0x2a18 [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:03.0497 0x2a18 ose - ok
07:43:03.0507 0x2a18 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
07:43:03.0529 0x2a18 p2pimsvc - ok
07:43:03.0540 0x2a18 [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc C:\WINDOWS\system32\p2psvc.dll
07:43:03.0561 0x2a18 p2psvc - ok
07:43:03.0567 0x2a18 [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport C:\WINDOWS\System32\drivers\parport.sys
07:43:03.0580 0x2a18 Parport - ok
07:43:03.0584 0x2a18 [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
07:43:03.0595 0x2a18 partmgr - ok
07:43:03.0606 0x2a18 [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
07:43:03.0624 0x2a18 PcaSvc - ok
07:43:03.0633 0x2a18 [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci C:\WINDOWS\system32\drivers\pci.sys
07:43:03.0647 0x2a18 pci - ok
07:43:03.0651 0x2a18 [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide C:\WINDOWS\system32\drivers\pciide.sys
07:43:03.0658 0x2a18 pciide - ok
07:43:03.0663 0x2a18 [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
07:43:03.0673 0x2a18 pcmcia - ok
07:43:03.0676 0x2a18 [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
07:43:03.0684 0x2a18 pcw - ok
07:43:03.0689 0x2a18 [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc C:\WINDOWS\system32\drivers\pdc.sys
07:43:03.0698 0x2a18 pdc - ok
07:43:03.0713 0x2a18 [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
07:43:03.0745 0x2a18 PEAUTH - ok
07:43:03.0751 0x2a18 [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
07:43:03.0759 0x2a18 percsas2i - ok
07:43:03.0766 0x2a18 [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
07:43:03.0775 0x2a18 percsas3i - ok
07:43:03.0788 0x2a18 [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
07:43:03.0802 0x2a18 PerfHost - ok
07:43:03.0813 0x2a18 [ F592A0A7F467B06660C69D102B726382, BA5ABA47B04C37E36B3557D434D68867CBEF861E1DB0047377E379D0B6F3E428 ] pfmfs_180 C:\WINDOWS\system32\Drivers\pfmfs_180.sys
07:43:03.0837 0x2a18 pfmfs_180 - ok
07:43:03.0854 0x2a18 [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
07:43:03.0885 0x2a18 PhoneSvc - ok
07:43:03.0894 0x2a18 [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
07:43:03.0912 0x2a18 PimIndexMaintenanceSvc - ok
07:43:03.0948 0x2a18 [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla C:\WINDOWS\system32\pla.dll
07:43:04.0000 0x2a18 pla - ok
07:43:04.0007 0x2a18 [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
07:43:04.0024 0x2a18 PlugPlay - ok
07:43:04.0028 0x2a18 [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
07:43:04.0039 0x2a18 PNRPAutoReg - ok
07:43:04.0048 0x2a18 [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
07:43:04.0065 0x2a18 PNRPsvc - ok
07:43:04.0076 0x2a18 [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
07:43:04.0096 0x2a18 PolicyAgent - ok
07:43:04.0104 0x2a18 [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power C:\WINDOWS\system32\umpo.dll
07:43:04.0119 0x2a18 Power - ok
07:43:04.0123 0x2a18 [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
07:43:04.0139 0x2a18 PptpMiniport - ok
07:43:04.0197 0x2a18 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
07:43:04.0302 0x2a18 PrintNotify - ok
07:43:04.0311 0x2a18 [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor C:\WINDOWS\System32\drivers\processr.sys
07:43:04.0325 0x2a18 Processor - ok
07:43:04.0330 0x2a18 [ AAA31951B1D669EF912E42744095D6AD, 71F39A1582A23761DE64E1E9B400AC2B17582CD0681446EE442C755F6C7B4784 ] Product Registration C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
07:43:04.0335 0x2a18 Product Registration - ok
07:43:04.0344 0x2a18 [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
07:43:04.0365 0x2a18 ProfSvc - ok
07:43:04.0371 0x2a18 [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched C:\WINDOWS\system32\drivers\pacer.sys
07:43:04.0381 0x2a18 Psched - ok
07:43:04.0387 0x2a18 [ B1339478235245E632C327F2C3BA0A43, C4D872B816F75F65863911BB4393F1A1724765E3BFB0863C69EE5E49DB54CAE4 ] PTPFilter C:\WINDOWS\System32\drivers\PTPFilter.sys
07:43:04.0397 0x2a18 PTPFilter - ok
07:43:04.0402 0x2a18 [ CCF9C9277BDD7696647BE79F4A3F532E, AEBAAE7E63C4C51C668BC91B1A68CCE582F0091E0F64EABEF24AB79CB03EABE2 ] ptsysexec C:\WINDOWS\ptsysexec.exe
07:43:04.0491 0x2a18 ptsysexec - ok
07:43:04.0498 0x2a18 [ C8C181E917B78475A52C1C47E3C33830, F7DA22736D606A981B1DF783205A3EA684526E16970B214FFA637E9060EE577C ] ptun0901 C:\WINDOWS\System32\drivers\ptun0901.sys
07:43:04.0539 0x2a18 ptun0901 - ok
07:43:04.0545 0x2a18 [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64 C:\WINDOWS\system32\Drivers\PxHlpa64.sys
07:43:04.0557 0x2a18 PxHlpa64 - ok
07:43:04.0582 0x2a18 [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE C:\WINDOWS\system32\qwave.dll
07:43:04.0641 0x2a18 QWAVE - ok
07:43:04.0652 0x2a18 [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
07:43:04.0682 0x2a18 QWAVEdrv - ok
07:43:04.0691 0x2a18 [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:43:04.0720 0x2a18 RasAcd - ok
07:43:04.0732 0x2a18 [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
07:43:04.0777 0x2a18 RasAgileVpn - ok
07:43:04.0790 0x2a18 [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:43:04.0831 0x2a18 RasAuto - ok
07:43:04.0843 0x2a18 [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
07:43:04.0891 0x2a18 Rasl2tp - ok
07:43:04.0916 0x2a18 [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan C:\WINDOWS\System32\rasmans.dll
07:43:04.0986 0x2a18 RasMan - ok
07:43:04.0995 0x2a18 [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:43:05.0017 0x2a18 RasPppoe - ok
07:43:05.0024 0x2a18 [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
07:43:05.0054 0x2a18 RasSstp - ok
07:43:05.0072 0x2a18 [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:43:05.0101 0x2a18 rdbss - ok
07:43:05.0108 0x2a18 [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
07:43:05.0122 0x2a18 rdpbus - ok
07:43:05.0128 0x2a18 [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
07:43:05.0145 0x2a18 RDPDR - ok
07:43:05.0152 0x2a18 [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
07:43:05.0162 0x2a18 RdpVideoMiniport - ok
07:43:05.0171 0x2a18 [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
07:43:05.0186 0x2a18 rdyboost - ok
07:43:05.0208 0x2a18 [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
07:43:05.0242 0x2a18 ReFSv1 - ok
07:43:05.0256 0x2a18 [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:43:05.0282 0x2a18 RemoteAccess - ok
07:43:05.0288 0x2a18 [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
07:43:05.0306 0x2a18 RemoteRegistry - ok
07:43:05.0320 0x2a18 [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo C:\WINDOWS\system32\RDXService.dll
07:43:05.0351 0x2a18 RetailDemo - ok
07:43:05.0357 0x2a18 [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc C:\WINDOWS\System32\RMapi.dll
07:43:05.0370 0x2a18 RmSvc - ok
07:43:05.0375 0x2a18 [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
07:43:05.0386 0x2a18 RpcEptMapper - ok
07:43:05.0390 0x2a18 [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator C:\WINDOWS\system32\locator.exe
07:43:05.0399 0x2a18 RpcLocator - ok
07:43:05.0416 0x2a18 [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:43:05.0478 0x2a18 RpcSs - ok
07:43:05.0494 0x2a18 [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
07:43:05.0524 0x2a18 rspndr - ok
07:43:05.0543 0x2a18 [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
07:43:05.0566 0x2a18 RTSUER - ok
07:43:05.0573 0x2a18 [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
07:43:05.0592 0x2a18 s3cap - ok
07:43:05.0598 0x2a18 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs C:\WINDOWS\system32\lsass.exe
07:43:05.0613 0x2a18 SamSs - ok
07:43:05.0619 0x2a18 [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
07:43:05.0632 0x2a18 sbp2port - ok
07:43:05.0642 0x2a18 [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
07:43:05.0665 0x2a18 SCardSvr - ok
07:43:05.0673 0x2a18 [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
07:43:05.0693 0x2a18 ScDeviceEnum - ok
07:43:05.0698 0x2a18 [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
07:43:05.0711 0x2a18 scfilter - ok
07:43:05.0737 0x2a18 [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:43:05.0790 0x2a18 Schedule - ok
07:43:05.0795 0x2a18 [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus C:\WINDOWS\system32\drivers\scmbus.sys
07:43:05.0804 0x2a18 scmbus - ok
07:43:05.0809 0x2a18 [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101 C:\WINDOWS\System32\drivers\scmdisk0101.sys
07:43:05.0824 0x2a18 scmdisk0101 - ok
07:43:05.0829 0x2a18 [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
07:43:05.0842 0x2a18 SCPolicySvc - ok
07:43:05.0850 0x2a18 [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
07:43:05.0863 0x2a18 sdbus - ok
07:43:05.0870 0x2a18 [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
07:43:05.0885 0x2a18 SDRSVC - ok
07:43:05.0890 0x2a18 [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
07:43:05.0900 0x2a18 sdstor - ok
07:43:05.0903 0x2a18 [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon C:\WINDOWS\system32\seclogon.dll
07:43:05.0916 0x2a18 seclogon - ok
07:43:05.0920 0x2a18 [ 07F83829E7429E60298440CD1E601A6A, 9F1229CD8DD9092C27A01F5D56E3C0D59C2BB9F0139ABF042E56F343637FDA33 ] semav6msr64 C:\WINDOWS\system32\drivers\semav6msr64.sys
07:43:05.0926 0x2a18 semav6msr64 - ok
07:43:05.0931 0x2a18 [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS C:\WINDOWS\System32\sens.dll
07:43:05.0950 0x2a18 SENS - ok
07:43:05.0973 0x2a18 [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
07:43:06.0042 0x2a18 SensorDataService - ok
07:43:06.0063 0x2a18 [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService C:\WINDOWS\system32\SensorService.dll
07:43:06.0119 0x2a18 SensorService - ok
07:43:06.0130 0x2a18 [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
07:43:06.0159 0x2a18 SensrSvc - ok
07:43:06.0167 0x2a18 [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
07:43:06.0182 0x2a18 SerCx - ok
07:43:06.0189 0x2a18 [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
07:43:06.0202 0x2a18 SerCx2 - ok
07:43:06.0206 0x2a18 [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
07:43:06.0218 0x2a18 Serenum - ok
07:43:06.0224 0x2a18 [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial C:\WINDOWS\System32\drivers\serial.sys
07:43:06.0237 0x2a18 Serial - ok
07:43:06.0240 0x2a18 [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
07:43:06.0253 0x2a18 sermouse - ok
07:43:06.0269 0x2a18 [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
07:43:06.0299 0x2a18 SessionEnv - ok
07:43:06.0306 0x2a18 [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
07:43:06.0324 0x2a18 sfloppy - ok
07:43:06.0338 0x2a18 [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:43:06.0369 0x2a18 SharedAccess - ok
07:43:06.0388 0x2a18 [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:43:06.0428 0x2a18 ShellHWDetection - ok
07:43:06.0436 0x2a18 [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
07:43:06.0451 0x2a18 shpamsvc - ok
07:43:06.0455 0x2a18 [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
07:43:06.0464 0x2a18 SiSRaid2 - ok
07:43:06.0468 0x2a18 [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
07:43:06.0477 0x2a18 SiSRaid4 - ok
07:43:06.0481 0x2a18 [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost C:\WINDOWS\System32\smphost.dll
07:43:06.0498 0x2a18 smphost - ok
07:43:06.0511 0x2a18 [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
07:43:06.0542 0x2a18 SmsRouter - ok
07:43:06.0549 0x2a18 [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
07:43:06.0561 0x2a18 SNMPTRAP - ok
07:43:06.0573 0x2a18 [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
07:43:06.0592 0x2a18 spaceport - ok
07:43:06.0597 0x2a18 [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
07:43:06.0606 0x2a18 SpbCx - ok
07:43:06.0622 0x2a18 [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler C:\WINDOWS\System32\spoolsv.exe
07:43:06.0658 0x2a18 Spooler - ok
07:43:06.0743 0x2a18 [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
07:43:06.0911 0x2a18 sppsvc - ok
07:43:06.0927 0x2a18 [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:43:06.0945 0x2a18 srv - ok
07:43:06.0959 0x2a18 [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
07:43:06.0989 0x2a18 srv2 - ok
07:43:06.0996 0x2a18 [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
07:43:07.0011 0x2a18 srvnet - ok
07:43:07.0017 0x2a18 [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:43:07.0033 0x2a18 SSDPSRV - ok
07:43:07.0039 0x2a18 [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
07:43:07.0055 0x2a18 SstpSvc - ok
07:43:07.0144 0x2a18 [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
07:43:07.0302 0x2a18 StateRepository - ok
07:43:07.0340 0x2a18 [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
07:43:07.0406 0x2a18 Steam Client Service - ok
07:43:07.0412 0x2a18 [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
07:43:07.0422 0x2a18 stexstor - ok
07:43:07.0438 0x2a18 [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc C:\WINDOWS\System32\wiaservc.dll
07:43:07.0474 0x2a18 stisvc - ok
07:43:07.0480 0x2a18 [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
07:43:07.0492 0x2a18 storahci - ok
07:43:07.0496 0x2a18 [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
07:43:07.0505 0x2a18 storflt - ok
07:43:07.0508 0x2a18 [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
07:43:07.0517 0x2a18 stornvme - ok
07:43:07.0522 0x2a18 [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
07:43:07.0534 0x2a18 storqosflt - ok
07:43:07.0543 0x2a18 [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc C:\WINDOWS\system32\storsvc.dll
07:43:07.0566 0x2a18 StorSvc - ok
07:43:07.0571 0x2a18 [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
07:43:07.0579 0x2a18 storufs - ok
07:43:07.0583 0x2a18 [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
07:43:07.0593 0x2a18 storvsc - ok
07:43:07.0596 0x2a18 [ 4BBD324372664F7EC73E93553A92CD2C, 43DE2A7C3A8B64535E104E4FB8AB32AD93EFC10F2EAE3BF287A06A89C5998124 ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
07:43:07.0600 0x2a18 SupportAssistAgent - ok
07:43:07.0604 0x2a18 [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc C:\WINDOWS\system32\svsvc.dll
07:43:07.0617 0x2a18 svsvc - ok
07:43:07.0620 0x2a18 [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum C:\WINDOWS\System32\drivers\swenum.sys
|
|
22.02.2017, 01:51
| #5 |
| | Werbebanner im Steamclient Part 2 Code:
ATTFilter 07:43:07.0628 0x2a18 swenum - ok
07:43:07.0638 0x2a18 [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv C:\WINDOWS\System32\swprv.dll
07:43:07.0663 0x2a18 swprv - ok
07:43:07.0668 0x2a18 [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
07:43:07.0677 0x2a18 Synth3dVsc - ok
07:43:07.0699 0x2a18 [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain C:\WINDOWS\system32\sysmain.dll
07:43:07.0740 0x2a18 SysMain - ok
07:43:07.0750 0x2a18 [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
07:43:07.0769 0x2a18 SystemEventsBroker - ok
07:43:07.0774 0x2a18 [ 48D2B8AA8C2F1C3360EC33554EC4E6D2, 0F66A9CBED9E70DA3CED6E009795000D41259AD345E3BD3C2EA2F2969588BB04 ] SystemUsageReportSvc_QUEENCREEK C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
07:43:07.0782 0x2a18 SystemUsageReportSvc_QUEENCREEK - ok
07:43:07.0787 0x2a18 [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
07:43:07.0803 0x2a18 TabletInputService - ok
07:43:07.0806 0x2a18 [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901 C:\WINDOWS\System32\drivers\tap0901.sys
07:43:07.0826 0x2a18 tap0901 - ok
07:43:07.0829 0x2a18 [ E790E904BB06081F5A3DAFE87F20D06B, F09F574A134E87B9578B914ACD028AF49031CDC788989A073197774A49FFFD17 ] taphss6 C:\WINDOWS\System32\drivers\taphss6.sys
07:43:07.0834 0x2a18 taphss6 - ok
07:43:07.0842 0x2a18 [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:43:07.0861 0x2a18 TapiSrv - ok
07:43:07.0902 0x2a18 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
07:43:07.0957 0x2a18 Tcpip - ok
07:43:08.0000 0x2a18 [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
07:43:08.0055 0x2a18 Tcpip6 - ok
07:43:08.0063 0x2a18 [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
07:43:08.0074 0x2a18 tcpipreg - ok
07:43:08.0080 0x2a18 [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
07:43:08.0090 0x2a18 tdx - ok
07:43:08.0235 0x2a18 [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
07:43:08.0359 0x2a18 TeamViewer - ok
07:43:08.0373 0x2a18 [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
07:43:08.0383 0x2a18 terminpt - ok
07:43:08.0402 0x2a18 [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService C:\WINDOWS\System32\termsrv.dll
07:43:08.0438 0x2a18 TermService - ok
07:43:08.0443 0x2a18 [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes C:\WINDOWS\system32\themeservice.dll
07:43:08.0459 0x2a18 Themes - ok
07:43:08.0488 0x2a18 [ 5835A845C5991E502C10F92D23EA08AB, 7EB166A43AD748544852C2E2673A6E7F6D883302FD4EF3F7F45414CB848FF767 ] ThunderboltService C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
07:43:08.0635 0x2a18 ThunderboltService - ok
07:43:08.0645 0x2a18 [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
07:43:08.0666 0x2a18 TieringEngineService - ok
07:43:08.0680 0x2a18 [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
07:43:08.0707 0x2a18 tiledatamodelsvc - ok
07:43:08.0713 0x2a18 [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc C:\WINDOWS\System32\TimeBrokerServer.dll
07:43:08.0727 0x2a18 TimeBrokerSvc - ok
07:43:08.0734 0x2a18 [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
07:43:08.0746 0x2a18 TPM - ok
07:43:08.0751 0x2a18 [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks C:\WINDOWS\System32\trkwks.dll
07:43:08.0765 0x2a18 TrkWks - ok
07:43:08.0769 0x2a18 [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
07:43:08.0787 0x2a18 TrustedInstaller - ok
07:43:08.0793 0x2a18 [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
07:43:08.0806 0x2a18 tsusbflt - ok
07:43:08.0810 0x2a18 [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
07:43:08.0820 0x2a18 TsUsbGD - ok
07:43:08.0829 0x2a18 [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
07:43:08.0844 0x2a18 tunnel - ok
07:43:08.0849 0x2a18 [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
07:43:08.0866 0x2a18 tzautoupdate - ok
07:43:08.0873 0x2a18 [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
07:43:08.0881 0x2a18 UASPStor - ok
07:43:08.0885 0x2a18 [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
07:43:08.0900 0x2a18 UcmCx0101 - ok
07:43:08.0904 0x2a18 [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
07:43:08.0915 0x2a18 UcmTcpciCx0101 - ok
07:43:08.0923 0x2a18 [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
07:43:08.0935 0x2a18 UcmUcsi - ok
07:43:08.0942 0x2a18 [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
07:43:08.0954 0x2a18 Ucx01000 - ok
07:43:08.0958 0x2a18 [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
07:43:08.0970 0x2a18 UdeCx - ok
07:43:08.0978 0x2a18 [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
07:43:09.0002 0x2a18 udfs - ok
07:43:09.0006 0x2a18 [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
07:43:09.0014 0x2a18 UEFI - ok
07:43:09.0021 0x2a18 [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
07:43:09.0034 0x2a18 Ufx01000 - ok
07:43:09.0039 0x2a18 [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
07:43:09.0049 0x2a18 UfxChipidea - ok
07:43:09.0054 0x2a18 [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
07:43:09.0064 0x2a18 ufxsynopsys - ok
07:43:09.0070 0x2a18 [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
07:43:09.0084 0x2a18 UI0Detect - ok
07:43:09.0088 0x2a18 [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus C:\WINDOWS\System32\drivers\umbus.sys
07:43:09.0100 0x2a18 umbus - ok
07:43:09.0104 0x2a18 [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
07:43:09.0112 0x2a18 UmPass - ok
07:43:09.0120 0x2a18 [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
07:43:09.0137 0x2a18 UmRdpService - ok
07:43:09.0173 0x2a18 [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
07:43:09.0225 0x2a18 UnistoreSvc - ok
07:43:09.0240 0x2a18 [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:43:09.0265 0x2a18 upnphost - ok
07:43:09.0269 0x2a18 [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
07:43:09.0278 0x2a18 UrsChipidea - ok
07:43:09.0282 0x2a18 [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
07:43:09.0291 0x2a18 UrsCx01000 - ok
07:43:09.0294 0x2a18 [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
07:43:09.0302 0x2a18 UrsSynopsys - ok
07:43:09.0308 0x2a18 [ 93F169DE94DBAC5DAF4755AFF10193DD, 381E6751EB97426B9BF30929E4B82A665D1ED985DA60BE18D3C17CF2BB41F848 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:43:09.0321 0x2a18 usbaudio - ok
07:43:09.0327 0x2a18 [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
07:43:09.0337 0x2a18 usbccgp - ok
07:43:09.0342 0x2a18 [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
07:43:09.0353 0x2a18 usbcir - ok
07:43:09.0358 0x2a18 [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
07:43:09.0367 0x2a18 usbehci - ok
07:43:09.0379 0x2a18 [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
07:43:09.0398 0x2a18 usbhub - ok
07:43:09.0410 0x2a18 [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
07:43:09.0429 0x2a18 USBHUB3 - ok
07:43:09.0432 0x2a18 [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
07:43:09.0442 0x2a18 usbohci - ok
07:43:09.0445 0x2a18 [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
07:43:09.0455 0x2a18 usbprint - ok
07:43:09.0459 0x2a18 [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
07:43:09.0469 0x2a18 usbser - ok
07:43:09.0474 0x2a18 [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
07:43:09.0483 0x2a18 USBSTOR - ok
07:43:09.0487 0x2a18 [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
07:43:09.0496 0x2a18 usbuhci - ok
07:43:09.0505 0x2a18 [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
07:43:09.0520 0x2a18 USBXHCI - ok
07:43:09.0557 0x2a18 [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
07:43:09.0650 0x2a18 UserDataSvc - ok
07:43:09.0677 0x2a18 [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager C:\WINDOWS\System32\usermgr.dll
07:43:09.0725 0x2a18 UserManager - ok
07:43:09.0745 0x2a18 [ 8842ED1E87D7662F249B5B63501E693B, A6D71351C2F32295926664875369C0BF93C59541B023884BDAC684E1EA94487A ] USER_ESRV_SVC_QUEENCREEK C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
07:43:09.0770 0x2a18 USER_ESRV_SVC_QUEENCREEK - ok
07:43:09.0796 0x2a18 [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc C:\WINDOWS\system32\usocore.dll
07:43:09.0853 0x2a18 UsoSvc - ok
07:43:09.0860 0x2a18 [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc C:\WINDOWS\system32\lsass.exe
07:43:09.0876 0x2a18 VaultSvc - ok
07:43:09.0908 0x2a18 [ 778326796B64809765151DB97A7494A1, E6104C3AB34CB88F0DF19C697DDD53E3785CD2FD42042B1BC655064A617B3F4E ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
07:43:09.0951 0x2a18 VBoxDrv - ok
07:43:09.0960 0x2a18 [ EA1E84950229EF42D4C1B0E9CB54CDA2, 63B4A5A4EF3A04ED415B11CDB66661A1E4FFF2E459EF4469EECD3008AA9A1CE9 ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys
07:43:09.0968 0x2a18 VBoxNetAdp - ok
07:43:09.0975 0x2a18 [ 37A0640F1B21E870DF6F4D634DFF6EF0, 9B200FC803E1C56172FF228DF9B508572349FEEBE9125995807F5937CF7B7145 ] VBoxNetLwf C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys
07:43:09.0985 0x2a18 VBoxNetLwf - ok
07:43:09.0991 0x2a18 [ 28C4EB89F3ABD3147A31FA25AFA48791, 89ECF76A30DE8718AED39C8FA2D442128C8C4D1F43816D167836421B7064B11E ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
07:43:09.0998 0x2a18 VBoxUSBMon - ok
07:43:10.0002 0x2a18 [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
07:43:10.0011 0x2a18 vdrvroot - ok
07:43:10.0024 0x2a18 [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds C:\WINDOWS\System32\vds.exe
07:43:10.0054 0x2a18 vds - ok
07:43:10.0061 0x2a18 [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
07:43:10.0073 0x2a18 VerifierExt - ok
07:43:10.0078 0x2a18 [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt C:\WINDOWS\system32\DRIVERS\vfilter.sys
07:43:10.0083 0x2a18 vflt - detected UnsignedFile.Multi.Generic ( 1 )
07:43:10.0342 0x2a18 Detect skipped due to KSN trusted
07:43:10.0342 0x2a18 vflt - ok
07:43:10.0387 0x2a18 [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
07:43:10.0451 0x2a18 vhdmp - ok
07:43:10.0458 0x2a18 [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
07:43:10.0474 0x2a18 vhf - ok
07:43:10.0479 0x2a18 [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
07:43:10.0491 0x2a18 vmbus - ok
07:43:10.0495 0x2a18 [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
07:43:10.0507 0x2a18 VMBusHID - ok
07:43:10.0511 0x2a18 [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
07:43:10.0521 0x2a18 vmgid - ok
07:43:10.0531 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
07:43:10.0557 0x2a18 vmicguestinterface - ok
07:43:10.0567 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat C:\WINDOWS\System32\icsvc.dll
07:43:10.0587 0x2a18 vmicheartbeat - ok
07:43:10.0595 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
07:43:10.0615 0x2a18 vmickvpexchange - ok
07:43:10.0624 0x2a18 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv C:\WINDOWS\System32\icsvcext.dll
07:43:10.0645 0x2a18 vmicrdv - ok
07:43:10.0653 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown C:\WINDOWS\System32\icsvc.dll
07:43:10.0668 0x2a18 vmicshutdown - ok
07:43:10.0675 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync C:\WINDOWS\System32\icsvc.dll
07:43:10.0690 0x2a18 vmictimesync - ok
07:43:10.0696 0x2a18 [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession C:\WINDOWS\System32\icsvc.dll
07:43:10.0712 0x2a18 vmicvmsession - ok
07:43:10.0721 0x2a18 [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss C:\WINDOWS\System32\icsvcext.dll
07:43:10.0738 0x2a18 vmicvss - ok
07:43:10.0742 0x2a18 [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet C:\WINDOWS\System32\drivers\virtualnet.sys
07:43:10.0746 0x2a18 vnet - detected UnsignedFile.Multi.Generic ( 1 )
07:43:11.0002 0x2a18 Detect skipped due to KSN trusted
07:43:11.0002 0x2a18 vnet - ok
07:43:11.0016 0x2a18 [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
07:43:11.0052 0x2a18 volmgr - ok
07:43:11.0080 0x2a18 [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
07:43:11.0127 0x2a18 volmgrx - ok
07:43:11.0144 0x2a18 [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
07:43:11.0173 0x2a18 volsnap - ok
07:43:11.0180 0x2a18 [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume C:\WINDOWS\system32\drivers\volume.sys
07:43:11.0194 0x2a18 volume - ok
07:43:11.0203 0x2a18 [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
07:43:11.0219 0x2a18 vpci - ok
07:43:11.0223 0x2a18 [ 57A9E69BF96F7A22D7256C3E6295A8DB, EC54CA7C2D8AF80EBD5D6FF05C6A8D217D0FCD800F32E84EA128C64621DB0765 ] VPNManager C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
07:43:11.0228 0x2a18 VPNManager - detected UnsignedFile.Multi.Generic ( 1 )
07:43:11.0603 0x2a18 VPNManager ( UnsignedFile.Multi.Generic ) - warning
07:43:11.0993 0x2a18 [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
07:43:12.0027 0x2a18 vsmraid - ok
07:43:12.0075 0x2a18 [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS C:\WINDOWS\system32\vssvc.exe
07:43:12.0136 0x2a18 VSS - ok
07:43:12.0145 0x2a18 [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
07:43:12.0158 0x2a18 VSTXRAID - ok
07:43:12.0161 0x2a18 [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
07:43:12.0170 0x2a18 vwifibus - ok
07:43:12.0174 0x2a18 [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
07:43:12.0183 0x2a18 vwififlt - ok
07:43:12.0187 0x2a18 [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
07:43:12.0196 0x2a18 vwifimp - ok
07:43:12.0207 0x2a18 [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time C:\WINDOWS\system32\w32time.dll
07:43:12.0233 0x2a18 W32Time - ok
07:43:12.0237 0x2a18 [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
07:43:12.0248 0x2a18 WacomPen - ok
07:43:12.0258 0x2a18 [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService C:\WINDOWS\system32\WalletService.dll
07:43:12.0278 0x2a18 WalletService - ok
07:43:12.0283 0x2a18 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:12.0297 0x2a18 wanarp - ok
07:43:12.0300 0x2a18 [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:12.0314 0x2a18 wanarpv6 - ok
07:43:12.0341 0x2a18 [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine C:\WINDOWS\system32\wbengine.exe
07:43:12.0390 0x2a18 wbengine - ok
07:43:12.0409 0x2a18 [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
07:43:12.0442 0x2a18 WbioSrvc - ok
07:43:12.0447 0x2a18 [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs C:\WINDOWS\system32\drivers\wcifs.sys
07:43:12.0457 0x2a18 wcifs - ok
07:43:12.0470 0x2a18 [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
07:43:12.0512 0x2a18 Wcmsvc - ok
07:43:12.0524 0x2a18 [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
07:43:12.0545 0x2a18 wcncsvc - ok
07:43:12.0551 0x2a18 [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs C:\WINDOWS\system32\drivers\wcnfs.sys
07:43:12.0562 0x2a18 wcnfs - ok
07:43:12.0566 0x2a18 [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
07:43:12.0575 0x2a18 WdBoot - ok
07:43:12.0591 0x2a18 [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
07:43:12.0616 0x2a18 Wdf01000 - ok
07:43:12.0625 0x2a18 [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
07:43:12.0638 0x2a18 WdFilter - ok
07:43:12.0642 0x2a18 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
07:43:12.0657 0x2a18 WdiServiceHost - ok
07:43:12.0661 0x2a18 [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
07:43:12.0674 0x2a18 WdiSystemHost - ok
07:43:12.0689 0x2a18 [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
07:43:12.0716 0x2a18 wdiwifi - ok
07:43:12.0722 0x2a18 [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
07:43:12.0731 0x2a18 WdNisDrv - ok
07:43:12.0733 0x2a18 WdNisSvc - ok
07:43:12.0740 0x2a18 [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:43:12.0758 0x2a18 WebClient - ok
07:43:12.0764 0x2a18 [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
07:43:12.0782 0x2a18 Wecsvc - ok
07:43:12.0787 0x2a18 [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
07:43:12.0798 0x2a18 WEPHOSTSVC - ok
07:43:12.0803 0x2a18 [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
07:43:12.0821 0x2a18 wercplsupport - ok
07:43:12.0828 0x2a18 [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
07:43:12.0843 0x2a18 WerSvc - ok
07:43:12.0848 0x2a18 [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
07:43:12.0859 0x2a18 WFPLWFS - ok
07:43:12.0863 0x2a18 [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
07:43:12.0874 0x2a18 WiaRpc - ok
07:43:12.0878 0x2a18 [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
07:43:12.0886 0x2a18 WIMMount - ok
07:43:12.0888 0x2a18 WinDefend - ok
07:43:12.0897 0x2a18 [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
07:43:12.0909 0x2a18 WindowsTrustedRT - ok
07:43:12.0913 0x2a18 [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
07:43:12.0921 0x2a18 WindowsTrustedRTProxy - ok
07:43:12.0938 0x2a18 [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
07:43:12.0970 0x2a18 WinHttpAutoProxySvc - ok
07:43:12.0975 0x2a18 [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
07:43:12.0983 0x2a18 WinMad - ok
07:43:12.0997 0x2a18 [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:43:13.0036 0x2a18 Winmgmt - ok
07:43:13.0132 0x2a18 [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
07:43:13.0238 0x2a18 WinRM - ok
07:43:13.0250 0x2a18 [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
07:43:13.0262 0x2a18 WINUSB - ok
07:43:13.0266 0x2a18 [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
07:43:13.0275 0x2a18 WinVerbs - ok
07:43:13.0288 0x2a18 [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc C:\WINDOWS\system32\flightsettings.dll
07:43:13.0318 0x2a18 wisvc - ok
07:43:13.0372 0x2a18 [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
07:43:13.0455 0x2a18 WlanSvc - ok
07:43:13.0530 0x2a18 [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
07:43:13.0602 0x2a18 wlidsvc - ok
07:43:13.0609 0x2a18 [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
07:43:13.0617 0x2a18 WmiAcpi - ok
07:43:13.0625 0x2a18 [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
07:43:13.0638 0x2a18 wmiApSrv - ok
07:43:13.0641 0x2a18 WMPNetworkSvc - ok
07:43:13.0647 0x2a18 [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
07:43:13.0659 0x2a18 Wof - ok
07:43:13.0692 0x2a18 [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
07:43:13.0749 0x2a18 workfolderssvc - ok
07:43:13.0756 0x2a18 [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
07:43:13.0768 0x2a18 WPDBusEnum - ok
07:43:13.0772 0x2a18 [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
07:43:13.0779 0x2a18 WpdUpFltr - ok
07:43:13.0786 0x2a18 [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService C:\WINDOWS\system32\WpnService.dll
07:43:13.0803 0x2a18 WpnService - ok
07:43:13.0807 0x2a18 [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService C:\WINDOWS\System32\WpnUserService.dll
07:43:13.0818 0x2a18 WpnUserService - ok
07:43:13.0824 0x2a18 [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
07:43:13.0833 0x2a18 ws2ifsl - ok
07:43:13.0839 0x2a18 [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
07:43:13.0858 0x2a18 wscsvc - ok
07:43:13.0862 0x2a18 [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
07:43:13.0871 0x2a18 WSDPrintDevice - ok
07:43:13.0875 0x2a18 [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
07:43:13.0883 0x2a18 WSDScan - ok
07:43:13.0887 0x2a18 WSearch - ok
07:43:13.0942 0x2a18 [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv C:\WINDOWS\system32\wuaueng.dll
07:43:14.0031 0x2a18 wuauserv - ok
07:43:14.0038 0x2a18 [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
07:43:14.0050 0x2a18 WudfPf - ok
07:43:14.0057 0x2a18 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0072 0x2a18 WUDFRd - ok
07:43:14.0077 0x2a18 [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
07:43:14.0091 0x2a18 wudfsvc - ok
07:43:14.0097 0x2a18 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0111 0x2a18 WUDFWpdFs - ok
07:43:14.0117 0x2a18 [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0131 0x2a18 WUDFWpdMtp - ok
07:43:14.0152 0x2a18 [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
07:43:14.0240 0x2a18 WwanSvc - ok
07:43:14.0264 0x2a18 [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
07:43:14.0308 0x2a18 XblAuthManager - ok
07:43:14.0334 0x2a18 [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
07:43:14.0383 0x2a18 XblGameSave - ok
07:43:14.0392 0x2a18 [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
07:43:14.0424 0x2a18 xboxgip - ok
07:43:14.0444 0x2a18 [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
07:43:14.0483 0x2a18 XboxNetApiSvc - ok
07:43:14.0489 0x2a18 [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
07:43:14.0507 0x2a18 xinputhid - ok
07:43:14.0512 0x2a18 [ 41B44BB3C8795E7B2E800BA812D91AA7, F798456DA72AEE77D0640A818A03FEB046428BD9AC21AF6E0B5D79C45F69CB7D ] XTU3SERVICE C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
07:43:14.0519 0x2a18 XTU3SERVICE - ok
07:43:14.0536 0x2a18 ================ Scan global ===============================
07:43:14.0542 0x2a18 [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
07:43:14.0549 0x2a18 [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
07:43:14.0556 0x2a18 [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
07:43:14.0568 0x2a18 [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
07:43:14.0575 0x2a18 [ Global ] - ok
07:43:14.0576 0x2a18 ================ Scan MBR ==================================
07:43:14.0578 0x2a18 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
07:43:14.0628 0x2a18 \Device\Harddisk0\DR0 - ok
07:43:14.0628 0x2a18 ================ Scan VBR ==================================
07:43:14.0629 0x2a18 [ 6DBC9C111D5E4473958A88B19C2BCE37 ] \Device\Harddisk0\DR0\Partition1
07:43:14.0630 0x2a18 \Device\Harddisk0\DR0\Partition1 - ok
07:43:14.0631 0x2a18 [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
07:43:14.0631 0x2a18 \Device\Harddisk0\DR0\Partition2 - ok
07:43:14.0634 0x2a18 [ 1D03FB51706492D56D9B8122F0C7F4F1 ] \Device\Harddisk0\DR0\Partition3
07:43:14.0635 0x2a18 \Device\Harddisk0\DR0\Partition3 - ok
07:43:14.0636 0x2a18 [ 74E36C83F7C7F59A2BC36A13CA10C585 ] \Device\Harddisk0\DR0\Partition4
07:43:14.0637 0x2a18 \Device\Harddisk0\DR0\Partition4 - ok
07:43:14.0640 0x2a18 [ E8F21394727A2212A12935B2EEE4A600 ] \Device\Harddisk0\DR0\Partition5
07:43:14.0643 0x2a18 \Device\Harddisk0\DR0\Partition5 - ok
07:43:14.0644 0x2a18 ================ Scan generic autorun ======================
07:43:14.0755 0x2a18 [ 0C5B1BCBB3BA51E400B9F22675B123D8, 97FF3A5F10609EE25C151F2357E60D543574432E8F360673CC84F0F5E6B0BE78 ] C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe
07:43:14.0854 0x2a18 PremierColor - ok
07:43:14.0906 0x2a18 [ 835A9D81B037F49CCCD09EADDCC2E20A, 471C1993ECBE80DD08BE9DD434FC37CC840067B868A9C69E796966307022DC60 ] C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
07:43:15.0001 0x2a18 Dell Unifying Software Launcher - ok
07:43:15.0008 0x2a18 [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\WINDOWS\system32\rundll32.exe
07:43:15.0027 0x2a18 ShadowPlay - ok
07:43:15.0028 0x2a18 WindowsDefender - ok
07:43:15.0040 0x2a18 [ 63B913AAB1244D8DED54CF0EFC8A56BD, 639830E9ECB004F09EA968EDF68C0037B5DFF7CCFF007DE5D11DEF2166707341 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
07:43:15.0057 0x2a18 AdobeAAMUpdater-1.0 - ok
07:43:15.0062 0x2a18 [ 66F07417A2E9E5E3E358CD35EB994B1E, A689B3E93554504FC84A80D654A4178FFCBFEF88A9D75572A9B7382CD5BE87F2 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
07:43:15.0098 0x2a18 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
07:43:15.0862 0x2a18 Detect skipped due to KSN trusted
07:43:15.0862 0x2a18 IAStorIcon - ok
07:43:15.0881 0x2a18 [ ED13374E76D833772A687EA3594C1120, 3A2A0C41DED8555ACEB9CAAE7F9C0053B11CEE1877B06D993BDCA0E491DB6CE6 ] C:\Program Files (x86)\Drakonia Configurator\hid.exe
07:43:15.0908 0x2a18 GamingMouse - detected UnsignedFile.Multi.Generic ( 1 )
07:43:16.0181 0x2a18 GamingMouse ( UnsignedFile.Multi.Generic ) - warning
07:43:16.0567 0x2a18 [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:43:16.0585 0x2a18 APSDaemon - ok
07:43:16.0786 0x2a18 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:43:16.0935 0x2a18 OneDriveSetup - ok
07:43:17.0107 0x2a18 [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:43:17.0251 0x2a18 OneDriveSetup - ok
07:43:17.0287 0x2a18 [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\ezztr\AppData\Local\Microsoft\OneDrive\OneDrive.exe
07:43:17.0318 0x2a18 OneDrive - ok
07:43:17.0346 0x2a18 [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
07:43:17.0387 0x2a18 Spotify Web Helper - ok
07:43:17.0550 0x2a18 [ D698C43D244DD4520BBABC381C0B8C21, A2F0173F60CD2B44C8665CD3C53847BD15A408CF598014291EC2B6A82D60346B ] C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe
07:43:17.0711 0x2a18 Spotify - ok
07:43:17.0731 0x2a18 [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
07:43:17.0747 0x2a18 Google Update - ok
07:43:17.0857 0x2a18 [ 325A61467166B0E2CF089BF4EA9DE18E, 3774B1DB0091BD5CED0F3BAA6BE50D2E8751E82E1A053C6B1B827770D4AEB1EF ] C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
07:43:18.0076 0x2a18 MusicManager - detected UnsignedFile.Multi.Generic ( 1 )
07:43:18.0343 0x2a18 Detect skipped due to KSN trusted
07:43:18.0343 0x2a18 MusicManager - ok
07:43:18.0353 0x2a18 [ 406E7DF08CE79BE3016CC6D15E2ED956, 9DA8D10AE642B9411A3EB253F97918A6F470F1772F0057964267497CE0BDA53A ] C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
07:43:18.0369 0x2a18 Dxtory Update Checker 2.0 - detected UnsignedFile.Multi.Generic ( 1 )
07:43:19.0035 0x2a18 Detect skipped due to KSN trusted
07:43:19.0035 0x2a18 Dxtory Update Checker 2.0 - ok
07:43:19.0041 0x2a18 GoogleDriveSync - ok
07:43:19.0114 0x2a18 [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\elsia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
07:43:19.0188 0x2a18 OneDrive - ok
07:43:19.0191 0x2a18 Waiting for KSN requests completion. In queue: 260
07:43:20.0215 0x2a18 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
07:43:20.0223 0x2a18 Win FW state via NFP2: enabled ( trusted )
07:43:20.0604 0x2a18 ============================================================
07:43:20.0604 0x2a18 Scan finished
07:43:20.0604 0x2a18 ============================================================
07:43:20.0618 0x1be8 Detected object count: 2
07:43:20.0618 0x1be8 Actual detected object count: 2
07:43:39.0349 0x1be8 VPNManager ( UnsignedFile.Multi.Generic ) - skipped by user
07:43:39.0349 0x1be8 VPNManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:43:39.0350 0x1be8 GamingMouse ( UnsignedFile.Multi.Generic ) - skipped by user
07:43:39.0350 0x1be8 GamingMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.02.2017, 15:54
| #6 |
| /// TB-Ausbilder | Werbebanner im Steamclient Servus, du bekommst im SteamClient Werbung? Ist sowas nicht normal? Ich kenne mich mit Steam nicht aus, aber du bist der erste hier auf TB, den ich betreue und der sich wegen Werbung im Steam beschwert. Ich bezweifle stark, dass Adware der Grund dafür ist, aber wir kontrollieren alles.  Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
22.02.2017, 16:59
| #7 |
| | Werbebanner im Steamclient Hi, doch, dass ist schon so ein Werbemüll, denn die Banner legen sich dann über die Steammenues, verdecken die. Will man das Menu nutzen, muss man den Banner klicken, der dann den Browser öffnet und irgendwelche Schrottseiten anzeigt. Hier die Logs, über mehrere Postings verteilt. Code:
ATTFilter # AdwCleaner v6.043 - Logfile created 22/02/2017 at 22:37:07
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 10 Home (X64)
# Username : ezztr - DESKTOP-CSVQ63S
# Running from : C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\ProgramData\388823c3-63a5-43ef-be14-ec1b33989cb3
[-] Folder deleted: C:\ProgramData\b2be0afe-3170-49d3-800b-210c58fb3efb
[-] Folder deleted: C:\ProgramData\b4e0b8d6-d0b6-4d79-ad59-5c166e004094
[-] Folder deleted: C:\ProgramData\be9bd390-dc7f-4230-a0c9-14deb1a6e250
[-] Folder deleted: C:\ProgramData\d42520c4-e774-4a47-b141-f90f32bef41a
[-] Folder deleted: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh
***** [ Files ] *****
[-] File deleted: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nknonnojlmhnmjhpeokdbeineeajcemh_0.localstorage
[-] File deleted: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nknonnojlmhnmjhpeokdbeineeajcemh_0.localstorage-journal
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
[-] [C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: k-lite-codec-pack.softonic.de
[-] [C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: total-network-monitor.de.softonic.com
[-] [C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nknonnojlmhnmjhpeokdbeineeajcemh
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1635 Bytes] - [25/10/2016 17:16:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [2202 Bytes] - [22/02/2017 22:37:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [1619 Bytes] - [25/10/2016 17:15:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [2363 Bytes] - [22/02/2017 22:34:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2421 Bytes] ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 22.02.17
Scan-Zeit: 22:40
Protokolldatei: mbam.txt
Administrator: Ja
-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1064
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-CSVQ63S\ezztr
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 445216
Abgelaufene Zeit: 4 Min., 6 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by ezztr (Administrator) on 22.02.2017 at 22:47:18,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.02.2017 at 22:50:09,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (22-02-2017 22:51:04)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]
FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-22]
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-22] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-22] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:50 - 2017-02-22 22:50 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-22 22:40 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-22 22:40 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-22 22:40 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-22 22:40 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:37 - 2017-02-22 22:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:30 - 2017-02-22 17:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-02-22 17:10 - 2017-02-22 17:10 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouPloader.lnk
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Program Files (x86)\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:41 - 2017-02-22 14:41 - 00046039 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-22 22:51 - 00028227 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-21 14:36 - 00068991 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-22 22:50 - 02422784 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 10:22 - 2016-12-21 14:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:22 - 2016-12-21 11:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 22:51 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-22 22:47 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 22:42 - 2016-08-04 03:47 - 01859228 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-22 22:42 - 2016-08-04 03:47 - 00500004 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-22 22:42 - 2015-12-27 02:15 - 04238682 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:38 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-22 22:38 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:37 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 22:37 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-22 22:37 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-22 22:37 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 22:37 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 22:28 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-22 18:07 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 17:30 - 2016-08-03 12:50 - 05016552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 16:47 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-22 14:56 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-22 14:49 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-22 12:37 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 12:36 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-22 07:51 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-21 21:37 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-21 13:36 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 16:53 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-18 23:32 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 00:05 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 20:44 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-01-27 18:13 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 09:12 - 2016-08-03 12:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-09-22 22:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2015-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-22 14:41 - 2017-02-22 14:41 - 0046039 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Some files in TEMP:
====================
2016-12-30 11:08 - 2016-12-30 11:09 - 2842808 _____ () C:\Users\ezztr\AppData\Local\Temp\npp.7.2.2.Installer.x64.exe
2016-10-29 03:26 - 2016-12-12 01:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvSCPAPI64.dll
2016-11-17 19:56 - 2017-01-20 21:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvStInst.exe
2016-08-29 22:56 - 2016-11-17 20:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetry.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-02-22 17:10 - 2017-02-22 17:10 - 0695808 ____N () C:\Users\ezztr\AppData\Local\Temp\sqlite-3.8.11.2-7c0abcbe-7e8f-45b7-bc90-96a2ae512e86-sqlitejdbc.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-18 12:55
==================== End of FRST.txt ============================
--- --- --- --- --- --- [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by ezztr (22-02-2017 22:51:31)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version: - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version: - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version: - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version: - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version: - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version: - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version: - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
YouPloader Version 0.9.3 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.3 - BeCast)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2015-05-20 00:11 - 2015-05-20 00:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-22 22:39 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-22 22:39 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-22 22:39 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
==================== Restore Points =========================
06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/22/2017 10:47:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (02/22/2017 10:40:05 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [11] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#
Error: (02/22/2017 10:37:55 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-CSVQ63S$ über https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Wed, 22 Feb 2017 15:38:02 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: b9c99a03-66c6-467a-8d49-3d80a5c73d0b
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Methode: GET(1438ms)
Phase: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2017 10:37:49 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-CSVQ63S$ über https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Wed, 22 Feb 2017 15:37:55 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: b34576e8-7d7e-45f2-91ee-5609f103ec65
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Methode: GET(1391ms)
Phase: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2017 10:37:04 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-CSVQ63S$ über https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Wed, 22 Feb 2017 15:37:09 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 6c1ade82-cd3b-44e6-b1a8-60a0887f8fad
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Methode: GET(1188ms)
Phase: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (02/22/2017 05:52:10 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:WINRETOOLS, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/22/2017 05:52:10 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#
Error: (02/22/2017 05:52:10 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/22/2017 05:52:10 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/22/2017 05:52:10 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
System errors:
=============
Error: (02/22/2017 10:47:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Restart the service.
Error: (02/22/2017 10:40:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
und der APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 10:37:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 10:37:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "USER_ESRV_SVC_QUEENCREEK" wurde mit folgendem Fehler beendet:
%%497
Error: (02/22/2017 10:37:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Error: (02/22/2017 10:37:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Error: (02/22/2017 10:37:13 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Error: (02/22/2017 10:37:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
und der APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (02/22/2017 10:36:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/22/2017 10:36:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Security Assist" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===================================
Date: 2017-02-22 22:37:35.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 20:03:30.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-22 17:29:53.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-08 20:01:07.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-07 22:40:22.555
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-07 21:00:35.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-06 20:47:49.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-28 13:57:26.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-28 09:49:07.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-22 17:51:25.453
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 16238.91 MB
Available physical RAM: 12161.15 MB
Total Virtual: 18670.91 MB
Available Virtual: 14256.3 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:228.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)
Partition: GPT.
==================== End of Addition.txt ============================
|
|
22.02.2017, 20:56
| #8 | |
| /// TB-Ausbilder | Werbebanner im Steamclient Servus, hast du eine Idee, welches Programm diese IP nach Indonesien nutzt/erstellt hat bzw. warst/bist du dort unterwegs? Zitat:
|
|
23.02.2017, 02:33
| #9 |
| | Werbebanner im Steamclient Hallo, genau das hatte ich im ersten Postig geschrieben  Ich wohne in Indonesien (Jakarta). Denn damals wurde ich das auch hier gefragt. Aus dem Grund kommen meine Antworten ja auch "mitten in der Nacht", wenn man sich auf MEZ bezieht. 8.8.8.8 der DNS von Google, die anderen 2 sind die DNS vom Provider. Der Google DNS wird aber hier geblockt, den kann ich nur nutzen wenn ich mit VPN aktiv bin. Hier gibt es Internetzensur. Aus dem Grund findest woh lauch VPN Software, in den Logfiles. Und nein, es wird nicht nur Porn geblockt , sondern auch News, Spieleseiten, sogar Websites von Firmen, die hier (bei der Regierung) nicht gut ankommen. |
|
23.02.2017, 15:41
| #10 |
| /// TB-Ausbilder | Werbebanner im Steamclient Servus, das habe ich wohl zwichen den Logdateien deines 1. Posts übersehen, sorry.  wir entfernen die letzten Reste und kontrollieren nochmal alles. Hinweis: Der Suchlauf mit ESET kann länger dauern. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
Schritt 4
Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?Bitte poste mit deiner nächsten Antwort
|
|
23.02.2017, 19:51
| #11 |
| | Werbebanner im Steamclient [CODE] Code:
ATTFilter HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : DESKTOP-CSVQ63S
Windows . . . . . . . : 10.0.0.14393.X64/8
User name . . . . . . : DESKTOP-CSVQ63S\ezztr
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-02-24 01:41:57
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 26s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 3
Objects scanned . . . : 2.316.780
Files scanned . . . . : 71.940
Remnants scanned . . : 670.448 files / 1.574.392 keys
Suspicious files ____________________________________________________________
C:\Users\ezztr\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.422.784 bytes
Age . . . . . . . : 2.5 days (2017-02-21 14:08:15)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 4BABBE3C12A4D22998144EF3C509555CD85876AD8929BEFCF3A3D4BD13E5FA61
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\ezztr\Desktop\FRST-OlderVersion\FRST64.exe
2.1s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170221.140817.144.1.etl
C:\Users\ezztr\Desktop\FRST64.exe
Size . . . . . . . : 2.423.296 bytes
Age . . . . . . . : 0.1 days (2017-02-23 23:34:46)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 40BA37F2A99866027E4368D31967378EAD28FA5DAC0B2156A906375415B06B40
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\ezztr\Desktop\FRST64.exe
0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5F9C92DF7383AC2.dat
8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\F1EBAB2720A710B8.dat
19.6s C:\Users\ezztr\Desktop\Fixlog.txt
20.6s C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\prefs.js
21.1s C:\Windows\Prefetch\DLLHOST.EXE-C7F45418.pf
21.2s C:\Windows\Prefetch\BITSADMIN.EXE-61856B04.pf
21.2s C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf
24.0s C:\Windows\Prefetch\NETSH.EXE-A596235F.pf
24.7s C:\ProgramData\NVIDIA\MessageBus_11168_0x1DAE6BE4690.log
24.8s C:\ProgramData\NVIDIA\MessageBus_11168_0x1DAE6BF4AC0.log
27.4s C:\ProgramData\NVIDIA\MessageBus_14820_0x65C6E60.log
28.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\F2F5E96A73C632D1.dat
30.0s C:\Windows\Prefetch\CVTRES.EXE-CB8485B0.pf
30.1s C:\Windows\Prefetch\DASHOST.EXE-4B84F273.pf
30.1s C:\Windows\Prefetch\CSC.EXE-F8803EEA.pf
32.5s C:\Windows\Prefetch\RUNTIMEBROKER.EXE-4551A062.pf
46.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\BEA94169A82CEC6B.dat
56.7s C:\Windows\Prefetch\SC.EXE-F4E1A8F7.pf
66.7s C:\Windows\Prefetch\SUPPORTASSISTAGENT.EXE-8317820E.pf
C:\WINDOWS\system32\drivers\iqvw64e.sys
Size . . . . . . . : 37.832 bytes
Age . . . . . . . : 74.7 days (2016-12-11 09:42:05)
Entropy . . . . . : 6.5
SHA-256 . . . . . : F877296E8506E6A1ACBDACDC5085B18C6842320A2775A329D286BAC796F08D54
Product . . . . . : Intel(R) iQVW64.SYS
Publisher . . . . : Intel Corporation
Description . . . : Intel(R) Network Adapter Diagnostic Driver
Version . . . . . : 1.03.1.0
Copyright . . . . : Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 42.0
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by ezztr (23-02-2017 23:35:06) Run:2
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************
Processes closed successfully.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
========= dir "%ProgramFiles%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Program Files
22.02.2017 22:39 <DIR> .
22.02.2017 22:39 <DIR> ..
29.05.2016 10:43 <DIR> 7-Zip
20.11.2016 23:04 <DIR> Adobe
03.08.2016 12:52 <DIR> Common Files
06.02.2017 20:52 <DIR> Dell
01.10.2016 12:18 <DIR> Dell Support Center
16.02.2017 09:21 <DIR> FileZilla FTP Client
20.04.2016 14:30 <DIR> GIMP 2
20.01.2017 23:21 <DIR> Intel
31.12.2016 17:22 <DIR> Intel Driver Update Utility
15.01.2017 18:01 <DIR> Internet Explorer
22.02.2017 22:39 <DIR> Malwarebytes
26.07.2016 13:47 <DIR> MediaInfo
04.02.2017 10:30 <DIR> Microsoft Office 15
30.12.2016 12:42 <DIR> Microsoft SQL Server Compact Edition
30.12.2016 12:42 <DIR> Microsoft Synchronization Services
28.08.2016 13:53 <DIR> MPC-HC
04.08.2016 03:43 <DIR> MSBuild
20.11.2016 17:55 <DIR> Notepad++
27.01.2017 20:51 <DIR> NVIDIA Corporation
01.01.2017 18:19 <DIR> Oracle
21.07.2016 11:34 <DIR> Pismo File Mount Audit Package
27.12.2015 02:16 <DIR> Portrait Displays
03.08.2016 12:50 <DIR> Realtek
04.08.2016 03:43 <DIR> Reference Assemblies
03.08.2016 08:13 <DIR> Shotcut
24.08.2016 22:14 <DIR> ShrewSoft
31.05.2016 11:43 <DIR> Sony
25.10.2016 13:36 <DIR> Transmission
11.10.2016 19:53 <DIR> utvideo
27.12.2015 02:17 <DIR> WIDCOMM
16.09.2016 21:38 <DIR> Windows Defender
13.10.2016 00:41 <DIR> Windows Mail
29.10.2016 03:33 <DIR> Windows Media Player
16.07.2016 18:47 <DIR> Windows Multimedia Platform
16.07.2016 18:47 <DIR> Windows NT
13.10.2016 00:41 <DIR> Windows Photo Viewer
16.07.2016 18:47 <DIR> Windows Portable Devices
16.07.2016 18:47 <DIR> WindowsPowerShell
01.01.2017 19:44 <DIR> WinRAR
0 Datei(en), 0 Bytes
41 Verzeichnis(se), 241.466.912.768 Bytes frei
========= End of CMD: =========
========= dir "%ProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Program Files (x86)
22.02.2017 17:10 <DIR> .
22.02.2017 17:10 <DIR> ..
20.11.2016 19:45 <DIR> Adobe
30.01.2017 00:01 <DIR> Apple Software Update
22.05.2016 10:08 <DIR> ASM104xUSB3
24.05.2016 10:32 <DIR> Audacity
21.07.2016 11:34 <DIR> AviSynth
27.01.2017 18:13 <DIR> Battle.net
06.02.2017 10:26 <DIR> Bitrix24
22.02.2017 17:09 <DIR> Common Files
02.06.2016 12:06 <DIR> DebugMode
13.04.2016 19:49 <DIR> Dell
17.02.2017 00:05 <DIR> Dell Customer Connect
27.12.2015 02:18 <DIR> Dell Digital Delivery
13.01.2017 11:54 <DIR> Dell Dock Update
16.06.2016 13:56 <DIR> Dell Update
16.04.2016 19:02 <DIR> Drakonia Configurator
15.04.2016 18:23 <DIR> Dropbox
06.10.2016 23:55 <DIR> ExKode
22.11.2016 15:27 <DIR> Google
22.05.2016 23:34 <DIR> HearthstoneTracker
30.12.2016 12:43 <DIR> Intel
31.12.2016 17:23 <DIR> Intel Driver Update Utility
15.01.2017 18:01 <DIR> Internet Explorer
16.04.2016 19:18 <DIR> JAM Software
22.02.2017 17:09 <DIR> Java
21.01.2017 17:46 <DIR> MagicYUV
18.11.2016 02:14 <DIR> Malwarebytes Anti-Malware
23.07.2016 14:35 <DIR> Microsoft ASP.NET
06.02.2017 12:16 <DIR> Microsoft Office
30.12.2016 12:42 <DIR> Microsoft SQL Server Compact Edition
30.12.2016 12:42 <DIR> Microsoft Synchronization Services
04.02.2017 10:44 <DIR> Microsoft.NET
06.02.2017 20:47 <DIR> Mozilla Firefox
06.02.2017 20:47 <DIR> Mozilla Maintenance Service
04.08.2016 03:43 <DIR> MSBuild
30.01.2017 09:12 <DIR> MSI Afterburner
20.11.2016 23:04 <DIR> My Company Name
25.01.2017 09:11 <DIR> NVIDIA Corporation
20.04.2016 16:51 <DIR> obs-studio
21.02.2017 17:27 <DIR> OpenVPN Technologies
14.01.2017 18:07 <DIR> Origin Games
19.11.2016 23:24 <DIR> Perfect Privacy VPN Manager
21.01.2017 16:56 <DIR> ProjectLibre
30.01.2017 00:02 <DIR> QuickTime
27.11.2016 14:12 <DIR> Realtek
04.08.2016 03:43 <DIR> Reference Assemblies
20.02.2017 16:57 <DIR> RivaTuner Statistics Server
02.01.2017 23:28 <DIR> SagaraS Scriptmaker
31.05.2016 11:43 <DIR> Sony
27.12.2015 02:15 <DIR> ST Microelectronics
23.02.2017 16:29 <DIR> Steam
28.12.2016 18:40 <DIR> TeamViewer
25.07.2016 20:44 <DIR> UMPlayer
20.06.2016 16:10 <DIR> VideoLAN
17.02.2017 16:34 <DIR> VulkanRT
16.09.2016 21:38 <DIR> Windows Defender
16.09.2016 21:38 <DIR> Windows Mail
29.10.2016 03:33 <DIR> Windows Media Player
16.07.2016 18:47 <DIR> Windows Multimedia Platform
16.07.2016 18:47 <DIR> Windows NT
13.10.2016 00:41 <DIR> Windows Photo Viewer
16.07.2016 18:47 <DIR> Windows Portable Devices
16.07.2016 18:47 <DIR> WindowsPowerShell
19.07.2016 10:05 <DIR> x264vfw
22.02.2017 17:10 <DIR> YouPloader
0 Datei(en), 0 Bytes
66 Verzeichnis(se), 241.466.912.768 Bytes frei
========= End of CMD: =========
========= dir "%ProgramData%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\ProgramData
30.04.2016 15:34 <DIR> .mono
20.11.2016 19:45 <DIR> Adobe
25.07.2016 13:07 <DIR> Apple
30.01.2017 00:02 <DIR> Apple Computer
13.04.2016 03:37 <DIR> Battle.net
13.04.2016 03:38 <DIR> Blizzard Entertainment
20.11.2016 19:43 <DIR> boost_interprocess
16.07.2016 18:47 <DIR> Comms
21.01.2017 10:42 <DIR> Dell
27.12.2015 02:18 <DIR> Dropbox
14.01.2017 18:07 <DIR> Electronic Arts
08.07.2016 14:03 <DIR> GlassWire
30.12.2016 15:39 <DIR> Intel
08.05.2016 19:01 <DIR> LogiShrd
22.02.2017 22:39 <DIR> Malwarebytes
25.10.2016 14:51 <DIR> Malwarebytes' Anti-Malware (portable)
10.04.2016 17:01 <DIR> McAfee
03.08.2016 12:59 <DIR> Microsoft OneDrive
22.05.2016 23:34 98 Microsoft.SqlServer.Compact.400.32.bc
23.02.2017 09:11 <DIR> NVIDIA
17.02.2017 16:35 <DIR> NVIDIA Corporation
09.01.2017 00:14 45.353 NvTelemetryContainer.log
30.12.2016 15:38 10.654 NvTelemetryContainer.log_backup1
22.02.2017 17:09 <DIR> Oracle
14.01.2017 18:07 <DIR> Origin
16.02.2017 14:00 <DIR> Package Cache
01.10.2016 12:18 <DIR> PC-Doctor for Windows
23.12.2016 18:05 <DIR> PC-Doctor, Inc
20.01.2017 22:37 <DIR> PCDr
20.11.2016 23:04 <DIR> regid.1986-12.com.adobe
04.02.2017 10:45 <DIR> regid.1991-06.com.microsoft
22.05.2016 01:46 <DIR> Shrew Soft VPN
18.04.2016 22:33 <DIR> Skype
16.07.2016 18:47 <DIR> SoftwareDistribution
31.05.2016 11:43 <DIR> Sony
04.10.2016 17:00 <DIR> SupportAssistAgent
03.08.2016 12:57 <DIR> USOPrivate
03.08.2016 12:57 <DIR> USOShared
3 Datei(en), 56.105 Bytes
35 Verzeichnis(se), 241.466.908.672 Bytes frei
========= End of CMD: =========
========= dir "%Appdata%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Users\ezztr\AppData\Roaming
22.02.2017 17:09 <DIR> .
22.02.2017 17:09 <DIR> ..
16.10.2016 21:51 <DIR> .mono
06.06.2016 13:47 <DIR> 11bitstudios
20.11.2016 23:04 <DIR> Adobe
25.07.2016 13:11 <DIR> Apple Computer
09.01.2017 01:16 <DIR> Audacity
03.08.2016 08:13 <DIR> Battle.net
06.02.2017 10:26 <DIR> Bitrix
16.10.2016 21:51 <DIR> Blameless
16.04.2016 14:49 <DIR> dekovir
10.04.2016 02:36 <DIR> Dell
26.07.2016 21:06 <DIR> deluge
10.04.2016 02:35 <DIR> DropboxOEM
14.01.2017 15:21 <DIR> Factorio
16.02.2017 15:43 <DIR> FileZilla
21.10.2016 23:41 <DIR> FiraxisLive
23.09.2016 11:00 <DIR> HearthstoneDeckTracker
23.05.2016 01:53 <DIR> InnkeeperUI
10.04.2016 02:37 <DIR> Intel Corporation
16.04.2016 19:18 <DIR> JAM Software
18.09.2016 00:21 <DIR> Kalypso Media
30.04.2016 15:37 <DIR> LibreOffice
10.04.2016 02:37 <DIR> Macromedia
26.07.2016 13:47 <DIR> MediaInfo
16.04.2016 19:02 <DIR> MingGuan
09.07.2016 22:49 <DIR> MMFApplications
25.06.2016 19:25 <DIR> Mozilla
11.10.2016 19:24 <DIR> MPC-HC
30.12.2016 11:11 <DIR> Notepad++
14.01.2017 14:03 <DIR> NVIDIA
17.02.2017 16:47 <DIR> obs-studio
14.01.2017 18:07 <DIR> Origin
13.04.2016 19:49 <DIR> PCDr
28.10.2016 16:35 <DIR> Pegasys Inc
10.04.2016 02:36 <DIR> Portrait Displays
14.10.2016 01:29 <DIR> ProMod
24.05.2016 10:58 <DIR> Publish Providers
18.04.2016 22:32 <DIR> Skype
30.01.2017 01:11 <DIR> Sony
15.09.2016 14:19 <DIR> Sony Creative Software Inc
15.10.2016 20:16 <DIR> Spotify
21.10.2016 23:41 <DIR> Steam
22.02.2017 17:09 <DIR> Sun
13.12.2016 00:58 <DIR> TeamViewer
21.02.2017 21:37 <DIR> transmission
19.12.2016 20:16 <DIR> Tropico 5
23.02.2017 08:14 <DIR> vlc
24.05.2016 08:13 <DIR> Wargaming.net
18.08.2016 01:47 153 WB.CFG
01.01.2017 19:45 <DIR> WinRAR
09.07.2016 22:49 <DIR> xsrs
03.08.2016 08:12 <DIR> {A9A99F12-8CFB-F264-E7CD-D5B63B1F2888}
1 Datei(en), 153 Bytes
52 Verzeichnis(se), 241.466.904.576 Bytes frei
========= End of CMD: =========
========= dir "%LocalAppdata%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Users\ezztr\AppData\Local
23.02.2017 14:07 <DIR> .
23.02.2017 14:07 <DIR> ..
16.10.2016 02:53 <DIR> 2K Games
21.04.2016 03:49 <DIR> ActiveSync
23.02.2017 02:00 <DIR> Adobe
25.07.2016 13:08 <DIR> Apple
25.07.2016 13:36 <DIR> Apple Computer
19.04.2016 13:10 <DIR> Apps
24.05.2016 10:32 <DIR> Audacity
27.01.2017 20:44 <DIR> Battle.net
22.05.2016 23:50 <DIR> Blizzard
13.04.2016 03:38 <DIR> Blizzard Entertainment
10.04.2016 02:36 <DIR> Broadcom
25.07.2016 13:12 <DIR> bunkus.org
11.04.2016 23:09 <DIR> CEF
10.04.2016 02:36 <DIR> ChromaTune_Dell
03.08.2016 07:49 <DIR> chromium
06.02.2017 16:22 <DIR> Citrix
30.04.2016 15:34 <DIR> Colossal Order
22.04.2016 20:14 <DIR> Comms
04.08.2016 08:17 <DIR> ConnectedDevicesPlatform
19.02.2017 16:56 <DIR> CrashDumps
01.10.2016 15:34 <DIR> CrashReportClient
23.08.2016 16:14 <DIR> Deployment
20.01.2017 19:18 <DIR> Diagnostics
10.04.2016 02:35 <DIR> DropboxOEM
12.10.2016 02:47 <DIR> Dxtory Software
01.02.2017 02:50 <DIR> ElevatedDiagnostics
02.01.2017 13:36 <DIR> FileZilla
20.04.2016 16:28 <DIR> fontconfig
20.04.2016 18:55 <DIR> Gameforge4d
20.04.2016 16:28 <DIR> gegl-0.2
08.07.2016 14:04 <DIR> GlassWire
22.11.2016 15:27 <DIR> Google
22.02.2017 14:49 <DIR> gtk-2.0
23.12.2016 02:48 <DIR> HearthSim
13.01.2017 18:25 <DIR> HearthstoneDeckTracker
22.05.2016 23:34 <DIR> HearthstoneTracker
23.12.2016 01:07 <DIR> Innkeeper
28.06.2016 17:04 <DIR> Intel
30.04.2016 15:25 <DIR> Introversion
24.08.2016 22:12 <DIR> JDownloader v2.0
02.08.2016 14:30 <DIR> Macromedia
28.07.2016 10:07 <DIR> Meltytech
06.12.2016 17:04 <DIR> Microsoft
10.04.2016 15:58 <DIR> MicrosoftEdge
25.07.2016 13:37 <DIR> MKVCleaver
25.06.2016 19:31 <DIR> Mozilla
25.07.2016 18:57 <DIR> MPlayer
16.10.2016 00:07 <DIR> My Games
23.12.2016 18:00 <DIR> NVIDIA
23.12.2016 17:59 <DIR> NVIDIA Corporation
14.09.2016 23:20 <DIR> Origin
22.02.2017 12:36 <DIR> Packages
10.04.2016 15:54 <DIR> PackageStaging
19.06.2016 19:49 <DIR> Perfect_Privacy
10.04.2016 02:36 <DIR> Portrait Displays
26.07.2016 01:28 <DIR> Programs
10.04.2016 02:34 <DIR> Publishers
13.10.2016 18:59 <DIR> qBittorrent
23.02.2017 14:07 40.908 recently-used.xbel
30.12.2016 12:59 7.605 Resmon.ResmonCfg
22.05.2016 01:46 <DIR> Shrew Soft VPN
28.10.2016 13:44 <DIR> Sony
15.10.2016 20:16 <DIR> Spotify
13.01.2017 18:25 <DIR> SquirrelTemp
23.12.2016 01:55 <DIR> Steam
23.02.2017 23:35 <DIR> Temp
10.04.2016 02:34 <DIR> TileDataLayer
29.05.2016 23:15 <DIR> transmission
01.10.2016 15:34 <DIR> UnrealEngine
20.04.2016 19:11 <DIR> UWKProcess
08.06.2016 18:24 <DIR> VirtualStore
2 Datei(en), 48.513 Bytes
71 Verzeichnis(se), 241.466.900.480 Bytes frei
========= End of CMD: =========
========= dir "%CommonProgramFiles(x86)%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Program Files (x86)\Common Files
22.02.2017 17:09 <DIR> .
22.02.2017 17:09 <DIR> ..
20.11.2016 22:58 <DIR> Adobe
30.01.2017 00:01 <DIR> Apple
21.02.2017 16:14 <DIR> BattlEye
04.02.2017 10:44 <DIR> DESIGNER
03.08.2016 12:50 <DIR> Intel
23.12.2016 18:09 <DIR> Intel Corporation
22.02.2017 17:09 <DIR> Java
10.04.2016 17:01 <DIR> McAfee
04.02.2017 10:44 <DIR> Microsoft Shared
23.12.2016 18:17 <DIR> PostureAgent
20.11.2016 23:04 <DIR> PX Storage Engine
16.07.2016 18:47 <DIR> Services
20.11.2016 23:04 <DIR> Sonic Shared
20.01.2017 22:56 <DIR> Steam
04.08.2016 03:47 <DIR> System
0 Datei(en), 0 Bytes
17 Verzeichnis(se), 241.466.896.384 Bytes frei
========= End of CMD: =========
========= dir "%CommonProgramW6432%" =========
Datentr„ger in Laufwerk C: ist OS
Volumeseriennummer: DA8B-899D
Verzeichnis von C:\Program Files\Common Files
03.08.2016 12:52 <DIR> .
03.08.2016 12:52 <DIR> ..
20.11.2016 23:04 <DIR> Adobe
08.05.2016 19:01 <DIR> LogiShrd
04.02.2017 10:30 <DIR> microsoft shared
16.07.2016 18:47 <DIR> Services
04.08.2016 03:47 <DIR> System
0 Datei(en), 0 Bytes
7 Verzeichnis(se), 241.466.900.480 Bytes frei
========= End of CMD: =========
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= End of CMD: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 11942139 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 254701300 B
Java, Flash, Steam htmlcache => 689389234 B
Windows/system/drivers => 13738468 B
Edge => 94268064 B
Chrome => 809474520 B
Firefox => 374903994 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 436532 B
ezztr => 1721053910 B
elsia => 46368647 B
RecycleBin => 0 B
EmptyTemp: => 3.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 23:36:20 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# end=init
# utc_time=2017-02-23 04:43:29
# local_time=2017-02-23 11:43:29 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32504
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# end=updated
# utc_time=2017-02-23 04:46:00
# local_time=2017-02-23 11:46:00 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# engine=32504
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-23 06:37:08
# local_time=2017-02-24 01:37:08 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 19205644 0 0
# scanned=424689
# found=0
# cleaned=0
# scan_time=6667
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (24-02-2017 01:46:46)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr & elsia (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\mblctr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Edge:
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]
FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 01:41 - 2017-02-24 01:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-23 23:46 - 2017-02-24 01:41 - 11581544 _____ (SurfRight B.V.) C:\Users\ezztr\Desktop\HitmanPro_x64.exe
2017-02-23 23:43 - 2017-02-23 23:43 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-23 23:41 - 2017-02-23 23:43 - 02870984 _____ (ESET) C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe
2017-02-23 23:37 - 2017-02-23 23:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-02-23 23:35 - 2017-02-23 23:36 - 00019940 _____ C:\Users\ezztr\Desktop\Fixlog.txt
2017-02-23 16:03 - 2017-02-23 16:03 - 60676178 _____ (Inkscape Project) C:\Users\ezztr\Downloads\Inkscape-0.92.1-x64-1.exe
2017-02-23 14:07 - 2017-02-23 14:07 - 00040908 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-23 14:04 - 2017-02-23 14:06 - 02981506 _____ C:\Users\ezztr\Downloads\dejavu-sans.zip
2017-02-23 14:04 - 2017-02-23 14:04 - 00336374 _____ C:\Users\ezztr\Downloads\dejavu_sans1.zip
2017-02-23 11:44 - 2017-02-23 11:44 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-02-23 09:10 - 2017-02-23 09:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-02-23 08:39 - 2017-02-23 08:40 - 77568952 _____ (The GIMP Team ) C:\Users\ezztr\Downloads\gimp-2.8.20-setup.exe
2017-02-22 22:50 - 2017-02-23 23:34 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-23 23:37 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-23 23:37 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:37 - 2017-02-22 22:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:30 - 2017-02-22 17:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-02-22 17:10 - 2017-02-22 17:10 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouPloader.lnk
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Program Files (x86)\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-24 01:46 - 00029576 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-22 23:03 - 00057655 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-23 23:34 - 02423296 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 10:22 - 2016-12-21 14:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:22 - 2016-12-21 11:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 01:46 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-24 01:19 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-24 00:00 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-23 23:41 - 2016-08-04 03:47 - 01907990 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-23 23:41 - 2016-08-04 03:47 - 00514584 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-23 23:41 - 2015-12-27 02:15 - 04336596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-23 23:37 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-23 23:37 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 23:37 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-23 23:37 - 2016-08-03 12:50 - 05016576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 23:37 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-23 23:37 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-23 23:37 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-23 23:36 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-23 23:36 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-23 16:36 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-23 15:07 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 14:10 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-23 10:47 - 2016-04-10 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:42 - 2016-04-10 16:09 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 09:22 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 08:14 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-23 03:28 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-23 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 14:49 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-21 21:37 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 16:53 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 00:05 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 20:44 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-01-27 18:13 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 09:12 - 2016-08-03 12:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-09-22 22:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2015-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories =======
2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-23 14:07 - 2017-02-23 14:07 - 0040908 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-18 12:55
==================== End of FRST.txt ============================
--- --- --- |
|
24.02.2017, 11:16
| #12 |
| | Werbebanner im SteamclientCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by ezztr (24-02-2017 01:47:35)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version: - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version: - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version: - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version: - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Factorio (HKLM\...\Steam App 427520) (Version: - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version: - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version: - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version: - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version: - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version: - )
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version: - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version: - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version: - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version: - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
YouPloader Version 0.9.3 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.3 - BeCast)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {AC24C798-888C-43FA-9D8B-32F5D902E8DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-04-04 14:54 - 2016-04-04 14:54 - 00575432 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 17:54 - 2016-06-03 17:57 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-10 22:30 - 2016-04-10 22:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-02 00:05 - 2017-02-02 00:06 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32api.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pywintypes27.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pythoncom27.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32com.shell.shell.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_hashlib.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._core_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._gdi_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._windows_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._controls_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._misc_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pysqlite2._sqlite.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_ctypes.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\unicodedata.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32file.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32security.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\hashobjs_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\thumbnails_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\usb_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\common.time34.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32event.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32gui.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_socket.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_ssl.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_elementtree.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pyexpat.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32inet.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_psutil_windows.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\windows._lib_cacheinvalidation.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32crypt.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._wizard.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._html2.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_multiprocessing.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_yappi.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32process.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._animate.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32pipe.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\select.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32pdh.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32profile.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32ts.pyd
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-18 18:26 - 2016-03-18 18:26 - 00207872 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-03-18 17:19 - 2016-03-18 17:19 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
==================== Restore Points =========================
06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2017 01:39:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/24/2017 01:39:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/24/2017 01:38:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- [SOSINSTALLER] TRYMOUNT-DELLSUPPORT: mk_dellsupport_lnk can't find DSP! errno=0
at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
at utilities.PartitionHelper.DellSupportFinder.find()
at DellUpdate.sosinstaller.try_mount_dellsupport() #StackInfo#
Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#
Error: (02/23/2017 11:44:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
System errors:
=============
Error: (02/23/2017 11:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (02/23/2017 11:45:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys
Error: (02/23/2017 11:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (02/23/2017 11:45:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys
Error: (02/23/2017 11:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (02/23/2017 11:45:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys
Error: (02/23/2017 11:43:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (02/23/2017 11:43:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys
Error: (02/23/2017 11:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (02/23/2017 11:43:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===================================
Date: 2017-02-23 23:37:02.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-23 14:26:54.213
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-23 09:10:29.592
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 22:37:35.751
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-22 20:03:30.187
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-22 17:29:53.650
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-08 20:01:07.700
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-07 22:40:22.555
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-02-07 21:00:35.766
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-06 20:47:49.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 16238.91 MB
Available physical RAM: 10148.66 MB
Total Virtual: 18670.91 MB
Available Virtual: 11666.2 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:227.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)
Partition: GPT.
==================== End of Addition.txt ============================
Edit. Ist noch da. Gerade tauchte der Banner auch direkt unter der Fav-Leiste des Google Chrome auf. Auch wenn man keine setite aufgerufen hatte, nur den Browser aufgemacht hat. Ich konnte einen Screenshot machen. Genau so sieht es dann auch in Chrome aus. Ist ein Dropbox Link, zum Bild. Edit. Nur als Link, nicht eingebunden, da ich einen 4K Monitor habe und das Bild hier etwas groß aussieht https://dl.dropboxusercontent.com/u/16828681/Banner.PNG Moin. Also, behoben ist es nicht. Es kamen weitere Probleme dazu. Werbebanner nun im Chrome, auch auf Seiten wie zB Tagesschau.de Gerade wollte ich mich in PayPal einloggen, Umleitung auf eine Website, PayPal.de und .com kann ich so nicht aufrufen. Browser Chrome. |
|
24.02.2017, 20:52
| #13 |
| /// TB-Ausbilder | Werbebanner im Steamclient Servus, Bitte setze deine Brower wie folgt zurück: IE ::: Setze folgendermassen den Internet Explorer zurück:
EDGE ::: Edge zurücksetzen FF ::: setze bitte Firefox wie folgt zurück: Firefox zurücksetzen CHR::: Setze Google Chrome nach dieser Anleitung zurück. wie sieht es jetzt aus? |
|
25.02.2017, 16:14
| #14 |
| | Werbebanner im Steamclient Hallo, habe ich mit allen Browser gemacht. Da die Banner nicht immer da sind, arbeite ich nun einige Stunden mit dem Laptop und poste dann hier die Info dazu. |
|
25.02.2017, 16:37
| #15 | |
| /// TB-Ausbilder | Werbebanner im SteamclientZitat:
|
|
| Themen zu Werbebanner im Steamclient |
| .dll, adware, defender, detected, explorer.exe, firefox, ftp, geforce, helper, home, hook, html, logfile, monitor, nvcontainer, nvcontainer.exe, nvidia, office 365, scan, security, software, system32, temp, treiber, updates, usb, virtualbox, warum, windowsapps, wireless, wlan |
und 
und speichere die Logdatei auf Deinem Desktop.
Linear-Darstellung
