|
Log-Analyse und Auswertung: Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.05.2017, 21:44 | #1 |
| Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? Hallo zusammen, ich habe folgendes Problem. Nach 1-2h stürzt bei meinem PC jeweils Chrome ab und es lassen sich auch keine weiteren Browser mehr öffnen. Dabei kann ich auch jeweils 8.8.8.8 nicht mehr anpingen, Netzwerk-Interne Server gehen. Andere Geräte (z.B. am W-LAN) haben keine Probleme ins Netz zu kommen, es ist also nur dieser eine PC. Da bei Firefox plötzlich das neue Tab auf "ww-searchings" gelinkt war habe ich Malwarebytes und Avira ausgeführt, diese haben einige unbedeutende Malwares gefunden, das Problem wurde jedoch noch nicht gelöst. Weiterhin nach ein paar Stunden "stürzt meine Internetleitung ab" und ich muss den PC neustarten. Anbei ein Hijackthis-Protokoll. Hat jemand eine Ahnung, wie ich das Problem möglichst schnell löse? Vielen Dank & Grüsse, rilkar HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:04:00, on 21.05.2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) FIREFOX: 53.0.3 (x86 de) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\System\3DG4me.exe D:\Programs\CrashPlan\CrashPlanTray.exe C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe D:\Programs\AudioSwitcher\switcher.exe C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe C:\Program Files (x86)\PDF24\pdf24.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe D:\Programs\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe H:\jDownloader\HijackThis.exe D:\Programs\Steam\Steam.exe D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\WINDOWS\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\PDF24\pdf24.exe" O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKLM\..\Run: [SDTray] "d:\Programs\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Steam] "D:\Programs\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c O4 - HKCU\..\Run: [Amazon Music] "C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Startup: AudioSwitcher.lnk = D:\Programs\AudioSwitcher\switcher.exe O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: GIGABYTE XTREME GAMING ENGINE.lnk = C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe O4 - Startup: startup-monitor-timeout.lnk = Michael\Documents\startup-monitor-timeout.bat O4 - Startup: Synology Cloud Station Drive.lnk = C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe O4 - Global Startup: FileBox eXtender.lnk = D:\Programs\FileBX\FileBX.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{4a3501c2-f5bb-46aa-a34a-2b67b7ae66fd}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Active File Monitor V14 (AdobeActiveFileMonitor14.0) - Adobe Systems Incorporated - D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cloud Station Drive VSS Service x64 - Unknown owner - C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - D:\Programs\CrashPlan\CrashPlanService.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\SysWOW64\NLSSRV32.EXE O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: tbupddwu - Unknown owner - C:\Program Files\UPDD\tbupddwu.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing) O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe O23 - Service: ZoneAlarm ICM Service - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe -- End of file - 18976 bytes [/CODE] |
22.05.2017, 21:45 | #2 |
| zusätzliches Log Und das FRST-Protokoll:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017 Ran by Michael (administrator) on PHANTOM (22-05-2017 22:36:12) Running from H:\jDownloader Loaded Profiles: Michael (Available Profiles: Michael) Platform: Windows 10 Pro Version 1607 (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> Secure System () C:\Program Files\UPDD\TBUPDDWU.EXE (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE () C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\vmcompute.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AppWork GmbH) C:\Users\Michael\AppData\Local\JDownloader v2.0\JDownloader2.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\System\3DG4me.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe () C:\Program Files\UPDD\TBDAEMON.EXE (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe () C:\Program Files\UPDD\AIDAEMON.EXE (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () D:\Programs\AudioSwitcher\switcher.exe () C:\Program Files\UPDD\TBUPDDWU.EXE (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe (Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDTray.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) D:\Programs\Steam\Steam.exe (Valve Corporation) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe (Adobe Systems Incorporated) D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (hxxp://tortoisesvn.net) D:\Programs\TortoiseSVN\bin\TSVNCache.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.) HKLM\...\Run: [CrashPlanTray] => D:\Programs\CrashPlan\CrashPlanTray.exe HKLM\...\Run: [DisplayLinkUI] => C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe [2152104 2016-12-05] (DisplayLink Corp.) HKLM\...\Run: [tbdaemon] => C:\Program Files\UPDD\tbdaemon.exe [676352 2012-10-10] () HKLM\...\Run: [aidaemon] => C:\Program Files\UPDD\aidaemon.exe [524288 2012-10-10] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [912768 2017-04-28] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [SDTray] => d:\Programs\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM Group Policy restriction on software: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy <====== ATTENTION Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [DAEMON Tools Lite] => D:\Programs\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [Steam] => D:\Programs\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [Dropbox Update] => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {4f3a791b-2841-11e7-9dc9-bc5ff44470d5} - "J:\OnePlus_setup.exe" /s HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {ab5ea47b-e615-11e6-9d62-bc5ff44470d5} - "J:\Lenovo_Suite.exe" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {ab5eb073-e615-11e6-9d62-bc5ff44470d5} - "P:\Lenovo_Suite.exe" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {b007f661-97a2-11e6-9cef-bc5ff44470d5} - "J:\Lenovo_Suite.exe" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {fb39d74c-0cab-11e6-9c38-bc5ff44470d5} - "J:\Lenovo_Suite.exe" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] () ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk [2015-01-10] ShortcutTarget: FileBox eXtender.lnk -> D:\Programs\FileBX\FileBX.exe (Hyperionics Technology LLC) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitcher.lnk [2015-01-06] ShortcutTarget: AudioSwitcher.lnk -> D:\Programs\AudioSwitcher\switcher.exe () Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-05-17] ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017-05-22] ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe () Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-11-21] ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2017-05-22] ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{4a3501c2-f5bb-46aa-a34a-2b67b7ae66fd}: [NameServer] 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1783363258-1944623717-140360357-1000 -> {5CE28901-92B7-477d-1203-852F0B34D8B9} URL = hxxp://ww-searchings.com/s?src=zl&r=6A8F87E4669DB6AAD784DE1507FD9EEC&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation) IE Session Restore: HKU\S-1-5-21-1783363258-1944623717-140360357-1000 -> is enabled. Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lf0ws6wi.default-1489255188019 [2017-05-22] FF Homepage: Mozilla\Firefox\Profiles\lf0ws6wi.default-1489255188019 -> about:home FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-06] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-10] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-10] () FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-05] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2016-09-14] (Nitro PDF) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1420567273&from=cor&uid=WDCXWD10EADS-00L5B1_WD-WCAU4D17672176721 CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2017-05-22] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-08] CHR Extension: (Kostenloser Proxy zum Entsperren von Websites Touch VPN) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-05-16] CHR Extension: (Tab List) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafbjaojfddcknamegleglagibnmhmcm [2015-01-06] CHR Extension: (Calculator) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgccgjmilgadndgigplchopkfhfcphj [2015-02-03] CHR Extension: (iCloud-Lesezeichen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-07] CHR Extension: (Close Tabs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2015-01-06] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-08] CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13] CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-09-15] CHR Extension: (Weather Now) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2015-11-04] CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30] CHR Extension: (OpenIn) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnnnlapfmlljjjbdojfpbeadolmmdo [2015-01-06] CHR Extension: (Mosaic ALPHA) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgmghibdnjjohcapaojljhlihdkpppi [2016-01-07] CHR Extension: (Linkclump) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2016-12-05] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-07] CHR Extension: (Google Maps) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19] CHR Extension: (Video Downloader GetThemAll) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21] CHR Extension: (Open URLs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaoaohlkpbniilomjcodiddmmkehbkl [2015-01-06] CHR Extension: (Hotspot Shield Free VPN Proxy – Entsperrung) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-20] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Stylebot) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2017-01-22] CHR Extension: (Synology Web Clipper) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfbfimijgibligmbglggnbiobgjgmbk [2017-04-11] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1783363258-1944623717-140360357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-05-07] CHR HKU\S-1-5-21-1783363258-1944623717-140360357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor14.0; D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-08-27] (Adobe Systems Incorporated) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1119712 2017-04-28] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [488920 2017-04-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [488920 2017-04-28] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1520680 2017-04-28] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG) S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation) R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287256 2016-12-28] () S3 hns; C:\WINDOWS\System32\HostNetSvc.dll [584192 2017-03-28] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation) R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [181928 2017-01-20] () R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327360 2016-09-14] (Nitro Software, Inc.) R2 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [418496 2016-09-14] () R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SDScannerService; d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; d:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 tbupddwu; C:\Program Files\UPDD\tbupddwu.exe [1059096 2012-10-10] () S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1934336 2017-04-28] (Microsoft Corporation) R2 vmms; C:\WINDOWS\system32\vmms.exe [14423040 2017-04-28] (Microsoft Corporation) R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.) S3 VSStandardCollectorService140; D:\Programs\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation) S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.) R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 3dxhid; C:\WINDOWS\System32\drivers\3dxhid.sys [48560 2016-04-08] (3Dconnexion SAM) R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-06] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] () R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] () S3 KMJHidMini; C:\WINDOWS\System32\drivers\3dxkmj.sys [18944 2016-04-08] (3Dconnextion Inc.) [File not signed] S3 KMJShim; C:\WINDOWS\System32\drivers\3dxshim.sys [7168 2016-04-08] (3Dconnextion Inc.) [File not signed] S3 leusbser; C:\WINDOWS\system32\DRIVERS\leusbser.sys [238080 2015-04-14] (QUALCOMM Incorporated) S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-08-22] (Microsoft Corporation) R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-22] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-22] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-22] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-22] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e69a53b8ddde469c\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-26] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-04-26] (NVIDIA Corporation) S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24576 2016-08-22] (Microsoft Corporation) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [46592 2016-08-22] (Microsoft Corporation) S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-08-22] (Microsoft Corporation) R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation) S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [30720 2016-08-22] (Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103424 2016-08-22] (Microsoft Corporation) R3 tbupddsu; C:\WINDOWS\system32\DRIVERS\tbupddsu.sys [154264 2012-10-10] () R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-05-19] () R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-05-19] () R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 upddvh; C:\WINDOWS\System32\drivers\upddvh.sys [29464 2012-10-10] (Windows (R) Win 7 DDK provider) R3 USBADVAU; C:\WINDOWS\system32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc) R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [988672 2017-03-28] (Microsoft Corporation) S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-08-22] (Microsoft Corporation) R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation) R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33632 2016-08-06] (Microsoft Corporation) S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation) S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation) R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath U3 iswSvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-22 22:36 - 2017-05-22 22:36 - 00000000 ____D C:\FRST 2017-05-21 14:03 - 2017-05-21 14:03 - 00000044 _____ C:\Users\Michael\Documents\adsspy.txt 2017-05-20 15:59 - 2017-05-20 15:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ePaperPress 2017-05-20 15:54 - 2017-05-20 15:56 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTLens.lnk 2017-05-20 15:54 - 2017-05-20 15:54 - 00000000 ____D C:\Program Files\ePaperPress 2017-05-20 11:16 - 2017-05-20 11:16 - 00000000 ____D C:\Program Files\Common Files\AV 2017-05-20 11:16 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2017-05-20 10:54 - 2017-05-20 11:16 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-05-20 10:51 - 2017-05-20 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-05-20 10:51 - 2017-05-20 10:51 - 00001018 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2017-05-20 10:51 - 2017-05-20 10:51 - 00001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2017-05-20 10:51 - 2017-05-20 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2017-05-20 10:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2017-05-20 10:50 - 2017-05-20 10:50 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michael\Downloads\spybot-2.4.exe 2017-05-20 09:01 - 2017-05-21 22:02 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-05-19 21:18 - 2017-05-19 21:18 - 09317408 _____ (Imadio LLC ) C:\Users\Michael\Downloads\SetupHemiVistaWin7.exe 2017-05-19 21:11 - 2017-05-22 22:29 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-05-19 21:11 - 2017-05-22 22:25 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-19 21:11 - 2017-05-22 22:25 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-05-19 21:11 - 2017-05-22 22:25 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-05-19 21:11 - 2017-05-19 21:11 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-05-19 21:11 - 2017-05-19 21:11 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-19 21:11 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-19 21:08 - 2017-05-19 21:10 - 63035592 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-13595.13595-3.1.2.1733.exe 2017-05-19 20:57 - 2017-05-19 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imadio 2017-05-19 20:55 - 2017-05-19 21:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IObit 2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\IObit 2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\ProgramData\ProductData 2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\ProgramData\IObit 2017-05-19 20:54 - 2017-05-19 20:54 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-05-19 20:54 - 2017-05-19 20:54 - 00000000 ____D C:\Program Files (x86)\IObit 2017-05-19 20:53 - 2017-05-19 20:54 - 41773432 _____ (IObit ) C:\Users\Michael\Downloads\IObit-Malware-Fighter-Setup_5.0.2.3804.exe 2017-05-19 20:45 - 2017-05-19 20:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2017-05-19 20:44 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-05-19 20:44 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-05-17 21:41 - 2017-05-17 21:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-05-16 21:17 - 2017-05-16 21:17 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts 2017-05-16 21:16 - 2017-05-16 21:16 - 00441296 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml 2017-05-16 21:16 - 2017-05-16 21:16 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk 2017-05-16 21:16 - 2017-05-16 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point 2017-05-16 20:58 - 2017-05-16 20:58 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Google 2017-05-15 21:38 - 2017-05-15 21:38 - 00000211 _____ C:\Users\Michael\Desktop\Redie.url 2017-05-13 14:14 - 2017-05-20 16:25 - 00000000 ____D C:\Users\Michael\Documents\DxO OpticsPro 11 logs 2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DxO Labs 2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Local\IsolatedStorage 2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Local\DxO_Labs 2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\ProgramData\Reprise 2017-05-13 14:05 - 2017-05-13 14:05 - 00000211 _____ C:\Users\Michael\Desktop\Prey.url 2017-05-10 18:01 - 2017-04-28 03:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-05-10 18:01 - 2017-04-28 02:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-05-10 18:01 - 2017-04-28 02:58 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-05-10 18:01 - 2017-04-28 02:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2017-05-10 18:01 - 2017-04-28 02:56 - 02048488 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-05-10 18:01 - 2017-04-28 02:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys 2017-05-10 18:01 - 2017-04-28 02:53 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-05-10 18:01 - 2017-04-28 02:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-05-10 18:01 - 2017-04-28 02:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2017-05-10 18:01 - 2017-04-28 02:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2017-05-10 18:01 - 2017-04-28 02:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-05-10 18:01 - 2017-04-28 02:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2017-05-10 18:01 - 2017-04-28 02:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2017-05-10 18:01 - 2017-04-28 02:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-05-10 18:01 - 2017-04-28 02:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-05-10 18:01 - 2017-04-28 02:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2017-05-10 18:01 - 2017-04-28 02:45 - 00781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-05-10 18:01 - 2017-04-28 02:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-05-10 18:01 - 2017-04-28 02:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-05-10 18:01 - 2017-04-28 02:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-05-10 18:01 - 2017-04-28 02:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2017-05-10 18:01 - 2017-04-28 02:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2017-05-10 18:01 - 2017-04-28 02:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2017-05-10 18:01 - 2017-04-28 02:42 - 00601952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-05-10 18:01 - 2017-04-28 02:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-05-10 18:01 - 2017-04-28 02:40 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-05-10 18:01 - 2017-04-28 02:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll 2017-05-10 18:01 - 2017-04-28 02:39 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-05-10 18:01 - 2017-04-28 02:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-05-10 18:01 - 2017-04-28 02:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-05-10 18:01 - 2017-04-28 02:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2017-05-10 18:01 - 2017-04-28 02:38 - 00847200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-05-10 18:01 - 2017-04-28 02:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2017-05-10 18:01 - 2017-04-28 02:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 01414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2017-05-10 18:01 - 2017-04-28 02:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll 2017-05-10 18:01 - 2017-04-28 02:34 - 22220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-05-10 18:01 - 2017-04-28 02:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-05-10 18:01 - 2017-04-28 02:29 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-05-10 18:01 - 2017-04-28 02:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-05-10 18:01 - 2017-04-28 02:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-05-10 18:01 - 2017-04-28 02:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-05-10 18:01 - 2017-04-28 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-05-10 18:01 - 2017-04-28 02:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2017-05-10 18:01 - 2017-04-28 02:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-05-10 18:01 - 2017-04-28 02:21 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2017-05-10 18:01 - 2017-04-28 02:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll 2017-05-10 18:01 - 2017-04-28 02:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll 2017-05-10 18:01 - 2017-04-28 02:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll 2017-05-10 18:01 - 2017-04-28 02:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2017-05-10 18:01 - 2017-04-28 02:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2017-05-10 18:01 - 2017-04-28 02:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-05-10 18:01 - 2017-04-28 02:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-05-10 18:01 - 2017-04-28 02:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2017-05-10 18:01 - 2017-04-28 02:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-05-10 18:01 - 2017-04-28 02:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll 2017-05-10 18:01 - 2017-04-28 02:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll 2017-05-10 18:01 - 2017-04-28 02:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2017-05-10 18:01 - 2017-04-28 02:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-05-10 18:01 - 2017-04-28 02:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2017-05-10 18:01 - 2017-04-28 02:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2017-05-10 18:01 - 2017-04-28 02:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll 2017-05-10 18:01 - 2017-04-28 02:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll 2017-05-10 18:01 - 2017-04-28 02:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll 2017-05-10 18:01 - 2017-04-28 02:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll 2017-05-10 18:01 - 2017-04-28 02:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-05-10 18:01 - 2017-04-28 02:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-05-10 18:01 - 2017-04-28 02:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2017-05-10 18:01 - 2017-04-28 02:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll 2017-05-10 18:01 - 2017-04-28 02:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2017-05-10 18:01 - 2017-04-28 02:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-05-10 18:01 - 2017-04-28 02:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll 2017-05-10 18:01 - 2017-04-28 02:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2017-05-10 18:01 - 2017-04-28 02:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll 2017-05-10 18:01 - 2017-04-28 02:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2017-05-10 18:01 - 2017-04-28 02:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2017-05-10 18:01 - 2017-04-28 02:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2017-05-10 18:01 - 2017-04-28 02:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll 2017-05-10 18:01 - 2017-04-28 02:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-05-10 18:01 - 2017-04-28 02:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-05-10 18:01 - 2017-04-28 02:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll 2017-05-10 18:01 - 2017-04-28 02:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-05-10 18:01 - 2017-04-28 02:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll 2017-05-10 18:01 - 2017-04-28 02:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2017-05-10 18:01 - 2017-04-28 02:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2017-05-10 18:01 - 2017-04-28 02:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll 2017-05-10 18:01 - 2017-04-28 02:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2017-05-10 18:01 - 2017-04-28 02:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2017-05-10 18:01 - 2017-04-28 02:07 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe 2017-05-10 18:01 - 2017-04-28 02:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2017-05-10 18:01 - 2017-04-28 02:07 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe 2017-05-10 18:01 - 2017-04-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll 2017-05-10 18:01 - 2017-04-28 02:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-05-10 18:01 - 2017-04-28 02:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2017-05-10 18:01 - 2017-04-28 02:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2017-05-10 18:01 - 2017-04-28 02:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2017-05-10 18:01 - 2017-04-28 02:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-05-10 18:01 - 2017-04-28 02:05 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-05-10 18:01 - 2017-04-28 02:05 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-05-10 18:01 - 2017-04-28 02:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2017-05-10 18:01 - 2017-04-28 02:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2017-05-10 18:01 - 2017-04-28 02:04 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll 2017-05-10 18:01 - 2017-04-28 02:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll 2017-05-10 18:01 - 2017-04-28 02:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-05-10 18:01 - 2017-04-28 02:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-05-10 18:01 - 2017-04-28 02:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2017-05-10 18:01 - 2017-04-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2017-05-10 18:01 - 2017-04-28 02:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2017-05-10 18:01 - 2017-04-28 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2017-05-10 18:01 - 2017-04-28 02:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2017-05-10 18:01 - 2017-04-28 02:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2017-05-10 18:01 - 2017-04-28 02:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2017-05-10 18:01 - 2017-04-28 02:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-05-10 18:01 - 2017-04-28 02:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll 2017-05-10 18:01 - 2017-04-28 02:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-05-10 18:01 - 2017-04-28 02:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-05-10 18:01 - 2017-04-28 02:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-05-10 18:01 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll 2017-05-10 18:01 - 2017-04-28 02:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll 2017-05-10 18:01 - 2017-04-28 01:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2017-05-10 18:01 - 2017-04-28 01:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2017-05-10 18:01 - 2017-04-28 01:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll 2017-05-10 18:01 - 2017-04-28 01:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2017-05-10 18:01 - 2017-04-28 01:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2017-05-10 18:01 - 2017-04-28 01:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-05-10 18:01 - 2017-04-28 01:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll 2017-05-10 18:01 - 2017-04-28 01:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2017-05-10 18:01 - 2017-04-28 01:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-05-10 18:01 - 2017-04-28 01:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-05-10 18:01 - 2017-04-28 01:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll 2017-05-10 18:01 - 2017-04-28 01:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll 2017-05-10 18:01 - 2017-04-28 01:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-05-10 18:01 - 2017-04-28 01:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll 2017-05-10 18:01 - 2017-04-28 01:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-05-10 18:01 - 2017-04-28 01:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-05-10 18:01 - 2017-04-28 01:52 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-05-10 18:01 - 2017-04-28 01:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-05-10 18:01 - 2017-04-28 01:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-05-10 18:01 - 2017-04-28 01:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2017-05-10 18:01 - 2017-04-28 01:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-05-10 18:01 - 2017-04-28 01:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-05-10 18:01 - 2017-04-28 01:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2017-05-10 18:01 - 2017-04-28 01:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2017-05-10 18:01 - 2017-04-28 01:48 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe 2017-05-10 18:01 - 2017-04-28 01:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-05-10 18:01 - 2017-04-28 01:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2017-05-10 18:01 - 2017-04-28 01:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll 2017-05-10 18:01 - 2017-04-28 01:45 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2017-05-10 18:01 - 2017-04-28 01:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2017-05-10 18:01 - 2017-04-28 01:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2017-05-10 18:01 - 2017-04-28 01:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2017-05-10 18:01 - 2017-04-28 01:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-05-10 18:01 - 2017-04-28 01:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2017-05-10 18:01 - 2017-04-28 01:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll 2017-05-10 18:01 - 2017-04-28 01:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2017-05-10 18:01 - 2017-04-28 01:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-05-10 18:01 - 2017-04-28 01:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-05-10 18:01 - 2017-04-28 01:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-05-10 18:01 - 2017-04-28 01:42 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll 2017-05-10 18:01 - 2017-04-28 01:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll 2017-05-10 18:01 - 2017-04-28 01:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-05-10 18:01 - 2017-04-28 01:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll 2017-05-10 18:01 - 2017-04-28 01:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2017-05-10 18:01 - 2017-04-28 01:40 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll 2017-05-10 18:01 - 2017-04-28 01:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-05-10 18:01 - 2017-04-28 01:39 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2017-05-10 18:01 - 2017-04-28 01:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2017-05-10 18:01 - 2017-04-28 01:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll 2017-05-10 18:01 - 2017-04-28 01:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2017-05-10 18:01 - 2017-04-28 01:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 04407808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe 2017-05-10 18:01 - 2017-04-28 01:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2017-05-10 18:01 - 2017-04-28 01:37 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-05-10 18:01 - 2017-04-28 01:36 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-05-10 18:01 - 2017-04-28 01:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-05-10 18:01 - 2017-04-28 01:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2017-05-10 18:01 - 2017-04-28 01:30 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-05-10 18:01 - 2017-03-04 09:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-05-10 18:01 - 2017-03-04 09:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2017-05-10 18:01 - 2017-03-04 08:27 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-05-10 18:01 - 2017-03-04 08:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2017-05-10 18:01 - 2017-03-04 08:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2017-05-10 18:01 - 2017-03-04 08:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll 2017-05-10 18:01 - 2017-03-04 08:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2017-05-10 18:01 - 2017-03-04 08:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2017-05-10 18:01 - 2017-03-04 08:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2017-05-10 18:01 - 2017-03-04 08:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll 2017-05-10 18:01 - 2017-03-04 08:05 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2017-05-10 18:01 - 2017-03-04 08:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-05-10 18:01 - 2017-03-04 08:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-05-10 18:00 - 2017-04-28 02:57 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll 2017-05-10 18:00 - 2017-04-28 02:57 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll 2017-05-10 18:00 - 2017-04-28 02:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2017-05-10 18:00 - 2017-04-28 02:57 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll 2017-05-10 18:00 - 2017-04-28 02:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-05-10 18:00 - 2017-04-28 02:53 - 07784288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-05-10 18:00 - 2017-04-28 02:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-05-10 18:00 - 2017-04-28 02:49 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-05-10 18:00 - 2017-04-28 02:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2017-05-10 18:00 - 2017-04-28 02:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2017-05-10 18:00 - 2017-04-28 02:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll 2017-05-10 18:00 - 2017-04-28 02:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2017-05-10 18:00 - 2017-04-28 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys 2017-05-10 18:00 - 2017-04-28 02:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2017-05-10 18:00 - 2017-04-28 02:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2017-05-10 18:00 - 2017-04-28 02:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-05-10 18:00 - 2017-04-28 02:40 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-05-10 18:00 - 2017-04-28 02:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2017-05-10 18:00 - 2017-04-28 02:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-05-10 18:00 - 2017-04-28 02:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-05-10 18:00 - 2017-04-28 02:40 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-05-10 18:00 - 2017-04-28 02:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-05-10 18:00 - 2017-04-28 02:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe 2017-05-10 18:00 - 2017-04-28 02:39 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-05-10 18:00 - 2017-04-28 02:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-05-10 18:00 - 2017-04-28 02:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2017-05-10 18:00 - 2017-04-28 02:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2017-05-10 18:00 - 2017-04-28 02:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2017-05-10 18:00 - 2017-04-28 02:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2017-05-10 18:00 - 2017-04-28 02:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2017-05-10 18:00 - 2017-04-28 02:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-05-10 18:00 - 2017-04-28 02:34 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-05-10 18:00 - 2017-04-28 02:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-05-10 18:00 - 2017-04-28 02:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll 2017-05-10 18:00 - 2017-04-28 02:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-05-10 18:00 - 2017-04-28 02:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2017-05-10 18:00 - 2017-04-28 02:30 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-05-10 18:00 - 2017-04-28 02:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll 2017-05-10 18:00 - 2017-04-28 02:28 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-05-10 18:00 - 2017-04-28 02:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2017-05-10 18:00 - 2017-04-28 02:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-05-10 18:00 - 2017-04-28 02:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-05-10 18:00 - 2017-04-28 02:15 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-05-10 18:00 - 2017-04-28 02:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-05-10 18:00 - 2017-04-28 02:14 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-05-10 18:00 - 2017-04-28 02:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-05-10 18:00 - 2017-04-28 02:12 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-05-10 18:00 - 2017-04-28 02:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-05-10 18:00 - 2017-04-28 02:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-05-10 18:00 - 2017-04-28 02:10 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-05-10 18:00 - 2017-04-28 02:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-05-10 18:00 - 2017-04-28 02:08 - 18365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-05-10 18:00 - 2017-04-28 02:06 - 22569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-05-10 18:00 - 2017-04-28 02:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-05-10 18:00 - 2017-04-28 02:05 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-05-10 18:00 - 2017-04-28 02:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-05-10 18:00 - 2017-04-28 02:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-05-10 18:00 - 2017-04-28 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2017-05-10 18:00 - 2017-04-28 02:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys 2017-05-10 18:00 - 2017-04-28 02:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll 2017-05-10 18:00 - 2017-04-28 02:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-05-10 18:00 - 2017-04-28 02:02 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll 2017-05-10 18:00 - 2017-04-28 02:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe 2017-05-10 18:00 - 2017-04-28 02:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll 2017-05-10 18:00 - 2017-04-28 02:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2017-05-10 18:00 - 2017-04-28 02:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll 2017-05-10 18:00 - 2017-04-28 02:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll 2017-05-10 18:00 - 2017-04-28 02:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll 2017-05-10 18:00 - 2017-04-28 02:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-05-10 18:00 - 2017-04-28 02:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2017-05-10 18:00 - 2017-04-28 01:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll 2017-05-10 18:00 - 2017-04-28 01:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-05-10 18:00 - 2017-04-28 01:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-05-10 18:00 - 2017-04-28 01:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll 2017-05-10 18:00 - 2017-04-28 01:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 01617920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys 2017-05-10 18:00 - 2017-04-28 01:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll 2017-05-10 18:00 - 2017-04-28 01:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2017-05-10 18:00 - 2017-04-28 01:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-05-10 18:00 - 2017-04-28 01:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2017-05-10 18:00 - 2017-04-28 01:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-05-10 18:00 - 2017-04-28 01:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2017-05-10 18:00 - 2017-04-28 01:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2017-05-10 18:00 - 2017-04-28 01:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll 2017-05-10 18:00 - 2017-04-28 01:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll 2017-05-10 18:00 - 2017-04-28 01:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-05-10 18:00 - 2017-04-28 01:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2017-05-10 18:00 - 2017-04-28 01:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2017-05-10 18:00 - 2017-04-28 01:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2017-05-10 18:00 - 2017-04-28 01:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll 2017-05-10 18:00 - 2017-04-28 01:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-05-10 18:00 - 2017-04-28 01:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2017-05-10 18:00 - 2017-04-28 01:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll 2017-05-10 18:00 - 2017-04-28 01:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2017-05-10 18:00 - 2017-04-28 01:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-05-10 18:00 - 2017-04-28 01:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2017-05-10 18:00 - 2017-04-28 01:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2017-05-10 18:00 - 2017-04-28 01:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-05-10 18:00 - 2017-04-28 01:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2017-05-10 18:00 - 2017-04-28 01:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 14423040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe 2017-05-10 18:00 - 2017-04-28 01:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-05-10 18:00 - 2017-04-28 01:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2017-05-10 18:00 - 2017-04-28 01:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2017-05-10 18:00 - 2017-04-28 01:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe 2017-05-10 18:00 - 2017-04-28 01:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2017-05-10 18:00 - 2017-04-28 01:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll 2017-05-10 18:00 - 2017-04-28 01:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2017-05-10 18:00 - 2017-04-28 01:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll 2017-05-10 18:00 - 2017-04-28 01:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 01934336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe 2017-05-10 18:00 - 2017-04-28 01:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll 2017-05-10 18:00 - 2017-04-28 01:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe 2017-05-10 18:00 - 2017-04-28 01:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 13091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-05-10 18:00 - 2017-04-28 01:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll 2017-05-10 18:00 - 2017-04-28 01:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-05-10 18:00 - 2017-04-28 01:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll 2017-05-10 18:00 - 2017-04-28 01:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll 2017-05-10 18:00 - 2017-04-28 01:42 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-05-10 18:00 - 2017-04-28 01:42 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe 2017-05-10 18:00 - 2017-04-28 01:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-05-10 18:00 - 2017-04-28 01:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2017-05-10 18:00 - 2017-04-28 01:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-05-10 18:00 - 2017-04-28 01:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2017-05-10 18:00 - 2017-04-28 01:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-05-10 18:00 - 2017-04-28 01:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-05-10 18:00 - 2017-04-28 01:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-05-10 18:00 - 2017-04-28 01:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-05-10 18:00 - 2017-04-28 01:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-05-10 18:00 - 2017-04-28 01:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2017-05-10 18:00 - 2017-04-28 01:38 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-05-10 18:00 - 2017-04-28 01:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 04744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 03613184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-05-10 18:00 - 2017-04-28 01:36 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 02478080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-05-10 18:00 - 2017-04-28 01:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2017-05-10 18:00 - 2017-04-28 01:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-05-10 18:00 - 2017-04-28 01:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2017-05-10 18:00 - 2017-04-28 01:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe 2017-05-10 18:00 - 2017-04-28 01:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe 2017-05-10 18:00 - 2017-04-28 01:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe 2017-05-10 18:00 - 2017-04-28 01:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-05-10 18:00 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2017-05-10 18:00 - 2017-03-04 08:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll 2017-05-10 18:00 - 2016-12-21 09:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll 2017-05-07 18:42 - 2017-05-22 22:26 - 00000000 ___RD C:\Users\Michael\Google Drive 2017-05-07 18:42 - 2017-05-07 18:42 - 00001813 _____ C:\Users\Michael\Desktop\Google Drive.lnk 2017-05-07 18:41 - 2017-05-07 18:41 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk 2017-05-07 18:41 - 2017-05-07 18:41 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2017-05-07 18:41 - 2017-05-07 18:41 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk 2017-05-07 18:41 - 2017-05-07 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-04-30 10:45 - 2017-04-30 11:05 - 00000000 ____D C:\WINDOWS\Panther 2017-04-25 21:10 - 2017-04-25 21:10 - 00001252 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk 2017-04-25 21:10 - 2017-04-25 21:10 - 00000000 ____D C:\Users\Michael\AppData\Local\UNP 2017-04-25 20:51 - 2017-04-25 20:52 - 00000000 ____D C:\Program Files\UNP 2017-04-25 20:51 - 2017-04-25 20:51 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-04-23 14:59 - 2017-04-23 14:59 - 00000000 ____D C:\Users\Michael\Documents\Faasoft Video Converter 2017-04-23 14:56 - 2017-04-23 14:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Faasoft Video Converter 2017-04-22 11:32 - 2017-04-22 11:32 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine 2017-04-22 11:32 - 2017-04-22 11:32 - 00000000 ____D C:\Users\Michael\AppData\Local\SwordWithSauce1_5 2017-04-22 10:14 - 2017-04-22 10:14 - 00000211 _____ C:\Users\Michael\Desktop\Sword With Sauce Alpha.url |
22.05.2017, 21:46 | #3 |
| Neues Log und der 2. Teil vom FRST.txt
__________________Code:
ATTFilter ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-22 22:35 - 2015-01-14 18:11 - 00000000 ____D C:\Users\Michael\AppData\Local\TSVNCache 2017-05-22 22:31 - 2016-08-22 22:08 - 04995490 _____ C:\WINDOWS\system32\perfh007.dat 2017-05-22 22:31 - 2016-08-22 22:08 - 01495244 _____ C:\WINDOWS\system32\perfc007.dat 2017-05-22 22:31 - 2016-08-22 12:13 - 10556036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-22 22:27 - 2016-09-14 17:31 - 00003456 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE 2017-05-22 22:27 - 2016-08-22 12:12 - 00000000 ____D C:\ProgramData\NVIDIA 2017-05-22 22:26 - 2017-02-22 21:26 - 00000000 ___RD C:\Users\Michael\iCloudDrive 2017-05-22 22:26 - 2016-11-20 14:14 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla 2017-05-22 22:26 - 2016-09-14 17:31 - 00000000 ____D C:\Users\Michael\Documents\temp 2017-05-22 22:26 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Michael 2017-05-22 22:26 - 2015-04-19 10:11 - 00000000 ____D C:\Users\Michael\AppData\Local\Apple 2017-05-22 22:25 - 2017-03-25 18:10 - 00000000 ____D C:\Program Files\UPDD 2017-05-22 22:25 - 2016-08-22 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-22 22:25 - 2015-01-06 20:01 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader v2.0 2017-05-22 22:25 - 2015-01-06 19:50 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles 2017-05-22 22:24 - 2016-07-16 08:04 - 03932160 _____ C:\WINDOWS\system32\config\BBI 2017-05-22 22:23 - 2016-08-22 12:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-22 20:36 - 2015-01-07 00:04 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe 2017-05-22 20:30 - 2017-01-15 01:10 - 00000000 ____D C:\Users\Michael\AppData\Local\CloudStation 2017-05-21 22:39 - 2016-03-13 17:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps 2017-05-21 21:56 - 2016-11-28 23:00 - 00000000 ____D C:\ProgramData\CrashPlan 2017-05-21 16:42 - 2016-08-22 12:14 - 00000000 ____D C:\Users\DefaultAppPool 2017-05-21 12:15 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WhatsApp 2017-05-21 00:37 - 2015-01-06 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\foobar2000 2017-05-20 22:45 - 2016-03-26 10:50 - 00121451 _____ C:\Users\Michael\Desktop\TNG+.mpcpl 2017-05-20 10:50 - 2015-06-19 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\Dropbox 2017-05-20 08:54 - 2015-01-06 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-19 22:23 - 2015-01-06 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-19 21:19 - 2015-01-06 20:20 - 00000000 ____D C:\ProgramData\APN 2017-05-19 21:15 - 2016-08-22 22:05 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-05-19 20:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-05-19 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-05-19 20:46 - 2016-10-18 20:18 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-19 20:46 - 2016-10-18 20:18 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-19 20:46 - 2016-10-18 20:18 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-19 20:46 - 2016-10-18 20:18 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-19 20:46 - 2016-10-18 20:18 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-19 20:45 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF 2017-05-18 21:48 - 2015-05-07 21:38 - 00000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics 2017-05-18 19:07 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-05-17 21:41 - 2015-01-06 02:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox 2017-05-17 00:03 - 2015-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-05-16 21:16 - 2015-01-08 21:02 - 00000000 ____D C:\Program Files (x86)\CheckPoint 2017-05-16 21:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-05-16 21:03 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-15 23:40 - 2015-01-06 02:11 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-15 22:14 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-05-15 22:13 - 2016-06-19 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-05-14 14:02 - 2015-01-21 01:04 - 00000000 ____D C:\Users\Michael\AppData\Local\Information Factory 2017-05-13 11:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache 2017-05-11 20:16 - 2015-09-11 23:36 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-05-11 19:52 - 2016-08-22 12:12 - 05023664 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-05-10 23:28 - 2016-08-22 22:05 - 00000000 ____D C:\Program Files\Hyper-V 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-05-10 23:28 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-05-10 18:05 - 2015-01-06 19:33 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-05-10 18:02 - 2015-01-06 19:33 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-05-10 17:45 - 2016-07-16 13:42 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll 2017-05-07 18:41 - 2015-01-06 02:11 - 00000000 ____D C:\Users\Michael\AppData\Local\Google 2017-05-07 18:41 - 2015-01-06 02:11 - 00000000 ____D C:\Program Files (x86)\Google 2017-05-07 17:26 - 2017-02-21 22:05 - 00000000 ____D C:\Users\Michael\AppData\Local\WhatsApp 2017-05-07 17:26 - 2017-02-07 19:50 - 00002285 _____ C:\Users\Michael\Desktop\WhatsApp.lnk 2017-05-07 17:26 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2017-05-07 17:26 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Local\SquirrelTemp 2017-05-07 15:27 - 2016-08-22 12:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2017-05-05 23:58 - 2015-01-06 19:28 - 00000000 ____D C:\ProgramData\Package Cache 2017-05-05 23:58 - 2015-01-06 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-05-04 22:38 - 2017-01-24 20:55 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-04 22:38 - 2016-10-18 20:18 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-05-04 22:38 - 2016-10-18 20:18 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk 2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-05-04 18:41 - 2015-09-11 23:36 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2017-05-03 22:21 - 2016-07-05 23:57 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2017-05-03 21:28 - 2017-01-24 20:55 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2017-05-03 17:41 - 2016-10-18 20:18 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2017-05-01 13:32 - 2015-02-03 00:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2017-04-30 10:55 - 2017-03-19 05:20 - 00000000 ___HD C:\$WINDOWS.~BT 2017-04-29 23:33 - 2016-08-22 12:36 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-29 23:33 - 2016-08-22 12:36 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-29 02:59 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-04-29 02:59 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-04-28 18:39 - 2016-10-15 23:46 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Nitro 2017-04-28 18:39 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-04-28 08:47 - 2015-12-16 19:40 - 00005864 __RSH C:\ProgramData\ntuser.pol 2017-04-28 08:42 - 2016-04-28 17:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0 2017-04-28 08:42 - 2016-04-28 17:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0 2017-04-28 08:42 - 2016-04-28 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0 2017-04-28 03:01 - 2016-08-22 12:12 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2017-04-26 22:23 - 2016-09-25 12:57 - 00000000 ____D C:\WINDOWS\Minidump 2017-04-26 22:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-04-26 07:40 - 2017-01-24 20:55 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-04-26 07:40 - 2016-09-14 17:12 - 01882048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2017-04-26 07:40 - 2016-09-14 17:12 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2017-04-26 07:40 - 2016-09-14 17:12 - 01472960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2017-04-26 07:40 - 2016-09-14 17:12 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2017-04-26 07:40 - 2016-09-14 17:12 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2017-04-25 20:53 - 2015-05-27 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Tax ==================== Files in the root of some directories ======= 2016-08-16 17:46 - 2016-08-16 17:46 - 0000077 _____ () C:\Users\Michael\AppData\Roaming\Camdata.ini 2016-08-16 17:46 - 2016-08-16 17:46 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamLayout.ini 2016-08-16 17:46 - 2016-08-16 17:46 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamShapes.ini 2016-08-16 17:46 - 2016-08-16 17:46 - 0004536 _____ () C:\Users\Michael\AppData\Roaming\CamStudio.cfg 2016-08-16 17:31 - 2016-08-16 17:31 - 0000096 _____ () C:\Users\Michael\AppData\Roaming\version2.xml 2016-07-02 10:07 - 2016-07-02 10:07 - 0361773 _____ () C:\Users\Michael\AppData\Local\debuggee.mdmp 2016-03-31 22:59 - 2017-03-23 22:01 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND 2017-04-20 20:29 - 2017-04-20 20:29 - 0003265 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2016-09-27 23:39 - 2016-09-27 23:39 - 0007601 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2016-08-22 13:45 - 2017-01-28 21:36 - 0000000 ____D () C:\Users\Michael\AppData\Local\Temp\avgnt.exe 2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 ____N () C:\Users\Michael\AppData\Local\Temp\proxy_vole5152704635647006300.dll 2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 ____N () C:\Users\Michael\AppData\Local\Temp\proxy_vole8510138313039682662.dll 2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 _____ () C:\Users\Michael\AppData\Local\Temp\proxy_vole9117567214597511199.dll 2017-01-29 21:20 - 2017-01-29 21:20 - 0000000 ____D () C:\Users\Michael\AppData\Local\Temp\SynciosTransfer.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-14 22:17 ==================== End of FRST.txt ============================ |
22.05.2017, 21:47 | #4 |
| Neues Log sowie Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017 Ran by Michael (22-05-2017 22:36:58) Running from H:\jDownloader Windows 10 Pro Version 1607 (X64) (2016-08-22 10:37:51) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1783363258-1944623717-140360357-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1783363258-1944623717-140360357-503 - Limited - Disabled) Guest (S-1-5-21-1783363258-1944623717-140360357-501 - Limited - Disabled) Michael (S-1-5-21-1783363258-1944623717-140360357-1000 - Administrator - Enabled) => C:\Users\Michael ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.) Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated) Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.0 - Adobe Systems Incorporated) Alien: Isolation (HKLM\...\Steam App 214490) (Version: - Creative Assembly) Altium Designer 17 (HKLM-x32\...\Altium Designer {18A9D362-7BAB-46B7-8088-3F339B6C8DDF}) (Version: 17.0.10.617 - Altium Limited) Amazon Music (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC) Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.) Ansel (Version: 381.65 - NVIDIA Corporation) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.) Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett) Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.18.170105 - ) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM-x32\...\{897e4d08-9554-48e9-ba07-ce6040867fa3}) (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Hidden Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden Batman - The Telltale Series - Episode 1 (HKLM\...\Steam App 543830) (Version: - Telltale Games) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Build Tools - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden Build Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden CodedUITest81 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden CodedUITestUAP (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden CopyTrans Control Center deinstallieren (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios) Dishonored 2 (HKLM\...\Steam App 403640) (Version: - Arkane Studios) DisplayLink Graphics Driver (HKLM\...\{128986C9-B03C-45AC-8E24-F7CB694E798E}) (Version: 8.1.848.0 - DisplayLink Corp.) Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon) DOOM (HKLM\...\Steam App 379720) (Version: - id Software) DOOM 3: BFG Edition (HKLM\...\Steam App 208200) (Version: - id Software) Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden Dropbox (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.) Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation) F.E.A.R. (HKLM\...\Steam App 21090) (Version: - Monolith Productions, Inc.) F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version: - Day 1 Studios) Fallout 4 (HKLM\...\Steam App 377160) (Version: - Bethesda Game Studios) FileBox eXtender (Version: 2.1.0 - Hyperionics Technology LLC) Hidden foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Earth Pro (HKLM-x32\...\{6D5E5B27-D872-4A5F-A1D9-CE681DB7B96A}) (Version: 7.1.7.2606 - Google) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.) GPAC (remove only) (HKLM-x32\...\GPAC) (Version: - ) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.) Hitman GO: Definitive Edition (HKLM\...\Steam App 427820) (Version: - Square Enix Montréal) HITMAN™ (HKLM\...\Steam App 236870) (Version: - Io-Interactive) iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.) IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden IDE Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Imadio's Fisheye-Hemi Plug-In 1.3.2 (HKLM-x32\...\{138BAF26-9911-4C6D-9A24-D8ADE6C36718}) (Version: 1.3.2 - Imadio LLC) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.) Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation) Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden LenovoUsbDriver 1.0.16 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.16 - Lenovo) LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation) Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment) LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation) Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation) Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7967.2161 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio Tools for Apache Cordova (HKLM-x32\...\{c74f8058-96e2-4e64-97ed-2784129c858d}) (Version: 14.0.60401.1 - Microsoft Corporation) Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation) Mirror's Edge (HKLM\...\Steam App 17410) (Version: - DICE) MKVToolNix 7.7.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.7.0 - Moritz Bunkus) Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla) Mozilla Thunderbird 45.8.0 (x86 de) (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla) MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden MyHarmony (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google) Nitro Pro (HKLM\...\{B4DD03BC-F7FE-4983-BCBC-47BA91E4128F}) (Version: 11.0.1.16 - Nitro) Node.js (HKLM-x32\...\{69735668-F8BC-4E9A-839A-4006FDFDD5AC}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation) NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation) NVIDIA Grafiktreiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation) NvNodejs (Version: 3.5.0.76 - NVIDIA Corporation) Hidden NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation) Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF Compressor (HKLM-x32\...\{74CB4E29-732C-47A6-B9C6-790EC768FCBA}) (Version: 2.7.0.0 - iWesoft) PDF2Text Pilot (HKLM-x32\...\{EAA1CA7B-A804-4743-9DF0-31F470444756}) (Version: 3.0.1 - Two Pilots) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC) PDF-XChange Editor (HKLM-x32\...\{2ffd0690-7fdd-401d-b6a4-5351e54879e8}) (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.) PDF-XChange Editor (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.) Hidden Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version: - Prism Studios) PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation) Prey (HKLM\...\Steam App 480490) (Version: - Arkane Studios) Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software) Private Tax 2014 1.4.0 (HKLM-x32\...\3690-0225-9329-1026) (Version: 1.4.0 - Information Factory AG) Private Tax 2015 1.1.0 (HKLM-x32\...\6588-3357-8633-9771) (Version: 1.1.0 - Information Factory AG) Private Tax 2016 1.4.0 (HKLM-x32\...\5175-4634-8645-0854) (Version: 1.4.0 - Information Factory AG) Project and Item Templates for Visual Studio Community 2015 - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden PTLens (HKLM\...\{0910F62D-459A-45AD-8A6C-10E93125C345}) (Version: 3.0.911 - ePaperPress) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.2 r2609 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Redie (HKLM\...\Steam App 536990) (Version: - Rückert Broductions) Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version: - Capcom) Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden Roslyn Language Services - x86 (x32 Version: 14.0.25126 - Microsoft Corporation) Hidden Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - ) Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 3.5.0.76 - NVIDIA Corporation) Hidden Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games) Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Starcraft (HKLM-x32\...\Starcraft) (Version: - ) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERHOT (HKLM\...\Steam App 322500) (Version: - SUPERHOT Team) Sword With Sauce: Alpha (HKLM\...\Steam App 581630) (Version: - Diatomic Games) Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.2.2.4379 - Synology, Inc.) Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) TeighaX 3.09 (HKLM-x32\...\{3D63579F-2398-418B-9227-A852FB201D2D}) (Version: 3.9.0 - Open Design Alliance) Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Evil Within (HKLM\...\Steam App 268050) (Version: - Tango Gameworks) The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version: - CD PROJEKT RED) The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED) This War of Mine (HKLM\...\Steam App 282070) (Version: - 11 bit studios) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Tom Clancy's Splinter Cell Anthology Edition 1.0 (HKLM-x32\...\Tom Clancy's Splinter Cell Anthology Edition 1.0) (Version: - ) TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.30.0 - Microsoft Corporation) Hidden Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal CRT Redistributable (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal CRT Tools x64 (Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal CRT Tools x86 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Universal Pointer Device Driver (HKLM\...\TBUPDDV4) (Version: 05.00.02-0346 - Touch-Base Ltd) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation) Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation) Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation) Vivaldi (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Vivaldi) (Version: 1.2.490.43 - Vivaldi) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.) WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WhatsApp (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\WhatsApp) (Version: 0.2.4240 - WhatsApp) WinAppDeploy (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17353 - Microsoft Corporation) Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation) Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden Wireshark 2.2.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org) Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version: - id Software) Wolfenstein 3D: Spear of Destiny (HKLM-x32\...\Steam App 9000) (Version: - id Software) ZoneAlarm Firewall (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point) ZoneAlarm Security (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F80F7FC2945}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll () CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03F647F4-8303-4FAA-93DD-59B202A5860C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000UA1d23747e716dc7b => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {0448D563-22ED-44BF-A985-8943C2C6031C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.) Task: {059BCFBE-4B32-4FC3-B423-ACF29D17FEC5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) Task: {0AE30D9C-BAB5-40B1-9E82-64AA4247EEC1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation) Task: {0D96694F-06D2-42BC-8153-755FCFA64C9B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {12569FA6-C543-4658-A04D-46B66BD40EDE} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe Task: {136E6B25-26CD-40A5-B0EC-62C76D0ACA1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {1D8022F2-D132-483F-B188-BA40AC014439} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {1D8CA53B-2208-4DA5-B86A-3F0A860CBE65} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {1E2C561A-CFF4-4FA8-80E6-9BE63B0AD700} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {1E7E4713-242D-439D-AC1C-BF34FFB045EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2375DFBB-4057-4071-9CBA-75A73CCB7684} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {2AE43B01-7879-4C79-8FAC-3A6D55AAE7DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {2DBE6CA3-1F0C-42BE-9722-84A59F76A77F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2FD2A3AB-2590-4384-85A7-51F5D502871A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {3118AA9B-998A-4065-8AF6-44140C166F99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {4A82421F-B040-4BFC-9344-E9340E2FEA6D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {4CB0F5D2-89A2-4A29-A800-DB2E1A5A913F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {51A43766-923E-4518-8678-AE0253727A8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-15] (Microsoft Corporation) Task: {53899A2D-F217-4DC7-A1C2-7C9A2E321D7E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {59952C6F-1BFD-4D93-B2EA-BE01C50F30B2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation) Task: {5D474024-B6DB-46CB-A0A3-4E01070EDFBA} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [2016-09-07] (GIGABYTE Technology Co.,Ltd.) Task: {62893A99-0222-48AC-AE91-24F2950F4B1F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000Core1d23747e711faa5 => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {64B40378-E4EB-47A7-9690-6D4FEC63DDF1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {6749F777-AB34-464D-B630-602778E042EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {74408695-3B25-4E92-96F1-D6211289DFC0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {7A8D4F2F-5080-43EB-8FF3-4D4DB8ECD878} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {830F0FA1-3D06-449C-8477-1CFE44A54CF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-15] (Microsoft Corporation) Task: {87B72F43-AE8F-4292-9E9B-8D7BADA25F52} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {882555C2-8DE1-4609-AB57-4BBF2F6AF49B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {8BC508ED-2A4F-4E87-AF51-29C55DE28897} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {8CF3527D-32D9-46D9-8147-3363F7324027} - System32\Tasks\{A8533624-3469-4C15-909E-86228908CD48} => pcalua.exe -a C:\Users\Michael\AppData\Local\Adobe\OOBE\PDApp\DECore\Setup.exe -d C:\Users\Michael\AppData\Local\Adobe\OOBE\PDApp\core\..\D6\..\DECore -c --deploymentFile="C:\Users\Michael\AppData\Local\Temp\{8D6B5DD7-1AB8-4F92-8F6E-3000D625BFEA}\deploy.xml" --userASUPath="C:\Users\Michael\AppData\Local\Adobe\ (the data entry has 27 more characters). <==== ATTENTION Task: {9324DD03-0021-4823-92BE-9231A4AEC89E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {93656C3E-9B64-41E0-BBE6-2B317CC5FB83} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {99D3057B-C1A5-46C0-8DBD-C455DCBCEFF0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {9BE54479-1468-4AD1-82C2-CCA21480B8EF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {A5F0E4D4-6444-493E-9A68-C40EA60099EF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {ABD8921B-8921-4C62-9CD5-0722FB4A28BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {ACFBAC1E-A9D1-4C1A-9488-6FEC557DDDDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {AE78B9E4-7CF9-440A-AAA3-F23F01EE7052} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {AEB392E5-4007-4E17-908A-EFC678864F68} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-04-26] (NVIDIA Corporation) Task: {C088409E-13A5-459D-AE1A-21AC071CAB1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-10] (Microsoft Corporation) Task: {C2D571DA-B0A7-42A3-A4B8-FD6CAA551118} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {C6074259-EE72-41B7-8F0F-9B35A15C886B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C696447C-D317-4AA2-96FB-F5440BB74EB6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {C7987C25-00C9-4E73-B742-768DCE4FEEF0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {CBBD0B51-6667-4D72-9131-2720BD202037} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation) Task: {CF387A49-63F3-4EDF-B2AC-6AFCCD6BBBD7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation) Task: {D8551303-1E83-4208-8BE3-D00263DEE2E7} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation) Task: {D92F14A6-DA6F-4D92-B166-E764A1D10639} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {DC3EFEBB-4441-4064-BD41-017BB8FD7942} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation) Task: {DC6D392A-5C0A-47BC-9AA2-C55FAE9DA880} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {E5D29950-AEFB-4A91-8BC0-B66A81C44691} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {ECA96BC7-329E-4E5C-B85A-A084D0F7EF21} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {ED386E5D-1FF1-4D51-B126-4E27391860E4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation) Task: {FBAA2600-6BA6-42C8-82FB-38B1D1AFA01B} - System32\Tasks\AdobeAAMUpdater-1.0-Phantom-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000Core1d23747e711faa5.job => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000UA1d23747e716dc7b.job => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Compressor\PDF Compressor Website.lnk -> hxxp://www.pdfcompressor.org ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat" ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-25 18:10 - 2012-10-10 13:35 - 01059096 _____ () C:\Program Files\UPDD\tbupddwu.exe 2017-03-25 18:10 - 2012-01-19 15:22 - 01987584 _____ () C:\Program Files\UPDD\ACE_updd_5.6.2.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2017-05-19 21:11 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-28 14:31 - 2016-12-28 14:31 - 00287256 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe 2016-09-14 15:35 - 2016-09-14 15:35 - 00418496 _____ () C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe 2016-09-14 15:35 - 2016-09-14 15:35 - 02735296 _____ () C:\Program Files\Nitro\Pro 11\Nitro_KissMetrics.dll 2016-10-18 20:18 - 2017-04-26 07:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-01-08 23:23 - 2005-04-22 06:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2017-03-25 18:10 - 2012-10-09 16:27 - 00041984 _____ () C:\Program Files\UPDD\tbhook.dll 2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-15 18:55 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 19:58 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-14 19:57 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 19:57 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 19:57 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-05-10 18:00 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-05-10 18:00 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-05-09 17:19 - 2017-05-09 17:19 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-05-09 17:19 - 2017-05-09 17:19 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-05-09 17:19 - 2017-05-09 17:19 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-05-09 17:19 - 2017-05-09 17:19 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll 2017-05-22 22:25 - 2017-05-22 22:25 - 00566439 _____ () C:\Users\Michael\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll 2017-05-22 22:25 - 2017-05-22 22:25 - 04078962 _____ () C:\Users\Michael\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll 2015-01-06 19:19 - 2013-05-28 16:56 - 00151552 _____ () C:\Windows\System\3DG4me.exe 2017-03-25 18:10 - 2012-10-10 13:33 - 00676352 _____ () C:\Program Files\UPDD\TBDAEMON.EXE 2017-03-25 18:10 - 2011-10-11 15:27 - 06642688 _____ () C:\Program Files\UPDD\qt-mt336.dll 2017-03-25 18:10 - 2012-10-10 13:33 - 00524288 _____ () C:\Program Files\UPDD\AIDAEMON.EXE 2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll 2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-12-17 22:31 - 2014-12-17 22:31 - 00076032 _____ () D:\Programs\TortoiseSVN\bin\TortoiseStub.dll 2014-12-17 22:30 - 2014-12-17 22:30 - 00088832 _____ () D:\Programs\TortoiseSVN\bin\libsasl.dll 2015-01-06 19:17 - 2011-11-19 02:12 - 00129536 _____ () D:\Programs\AudioSwitcher\switcher.exe 2017-05-15 23:40 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll 2017-05-15 23:40 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll 2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2016-01-02 14:21 - 2017-01-20 11:44 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll 2016-01-02 14:21 - 2015-12-28 11:19 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll 2016-01-02 14:21 - 2017-01-20 11:44 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll 2016-01-02 14:21 - 2017-01-20 11:44 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll 2016-01-02 14:21 - 2015-12-28 11:19 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll 2017-03-23 19:10 - 2017-03-23 10:26 - 00068744 _____ () c:\program files (x86)\ostotosoft\drivertalent\DTLPlugs\InstallPlugV2\InstallPlugV2.dll 2017-05-20 10:51 - 2014-05-13 12:04 - 00109400 _____ () d:\Programs\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2017-05-20 10:51 - 2014-05-13 12:04 - 00167768 _____ () d:\Programs\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2017-05-20 10:51 - 2014-05-13 12:04 - 00416600 _____ () d:\Programs\Spybot - Search & Destroy 2\DEC150.bpl 2017-05-20 10:51 - 2012-08-23 10:38 - 00574840 _____ () d:\Programs\Spybot - Search & Destroy 2\sqlite3.dll 2017-05-20 10:51 - 2012-04-03 17:06 - 00565640 _____ () d:\Programs\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2016-10-18 20:18 - 2017-04-26 07:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2015-01-06 19:19 - 2012-06-06 09:56 - 00143360 _____ () C:\Windows\System\3DG4me.dll 2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2017-05-22 22:26 - 2017-05-22 22:26 - 00098816 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32api.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00110080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pywintypes27.dll 2017-05-22 22:26 - 2017-05-22 22:26 - 00364544 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pythoncom27.dll 2017-05-22 22:26 - 2017-05-22 22:26 - 00320512 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32com.shell.shell.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00914432 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_hashlib.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 01176576 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._core_.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00806400 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._gdi_.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00816128 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._windows_.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 01067008 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._controls_.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00733184 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._misc_.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00682496 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pysqlite2._sqlite.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00088064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_ctypes.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00686080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\unicodedata.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00119808 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32file.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00108544 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32security.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00007168 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\hashobjs_ext.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00017920 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\thumbnails_ext.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00088064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\usb_ext.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00012800 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\common.time34.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00018432 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32event.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00167936 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32gui.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00046080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_socket.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 01303552 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_ssl.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00128512 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_elementtree.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00127488 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pyexpat.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00038912 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32inet.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00036864 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_psutil_windows.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00524248 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\windows._lib_cacheinvalidation.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00011264 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32crypt.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00123392 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._wizard.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00077312 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._html2.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00027648 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_multiprocessing.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00020480 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_yappi.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00035840 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32process.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00078848 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._animate.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00024064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32pipe.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00010240 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\select.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00025600 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32pdh.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00017408 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32profile.pyd 2017-05-22 22:26 - 2017-05-22 22:26 - 00022528 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32ts.pyd 2015-01-06 19:17 - 2011-11-18 18:32 - 00029184 _____ () D:\Programs\AudioSwitcher\EndPointController.dll 2015-01-06 02:14 - 2011-05-04 17:32 - 00094208 ____N () C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll 2017-05-17 21:41 - 2017-05-16 22:55 - 00871744 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-05-17 21:41 - 2017-05-16 22:55 - 01787200 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll 2015-12-12 12:47 - 2017-04-26 02:38 - 00035792 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2015-12-12 12:47 - 2017-04-26 02:38 - 00100296 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2015-12-12 12:47 - 2017-04-26 02:38 - 00018888 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\select.pyd 2015-12-12 12:47 - 2017-05-16 23:00 - 00019776 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00020824 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2015-12-12 12:47 - 2017-04-26 02:39 - 00123856 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2015-12-12 12:47 - 2017-04-26 02:38 - 00694224 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 01729360 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00020816 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-05-17 21:41 - 2017-04-26 02:38 - 00145864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-05-17 21:41 - 2017-04-26 02:39 - 00019408 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-05-17 21:41 - 2017-04-26 02:38 - 00116688 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2015-12-12 12:47 - 2017-04-26 02:40 - 00105928 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-08-16 09:16 - 2017-05-16 23:01 - 00022864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00060736 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00038712 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\fastpath.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00024528 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-05-17 21:41 - 2017-04-26 02:38 - 00392656 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-05-17 21:41 - 2017-04-26 02:40 - 00020936 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00116176 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32security.pyd 2015-12-12 12:47 - 2017-05-16 23:00 - 00392512 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00124880 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-08-16 09:16 - 2017-05-16 23:01 - 00026456 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00024016 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00175560 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32gui.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00030160 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00043472 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32process.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00048592 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32service.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00057808 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00024016 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00246608 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00027488 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00022336 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-05-15 21:30 - 2017-05-16 23:01 - 00082264 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd 2015-12-12 12:47 - 2017-05-16 23:01 - 00025432 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00028616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 01826104 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2015-12-12 12:47 - 2017-04-26 02:39 - 00083912 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\sip.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 01972024 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 03928896 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00171336 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00042816 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00531264 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00133432 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00224064 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00207680 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00060880 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-02-27 21:31 - 2017-05-16 23:01 - 00054608 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-01-23 23:02 - 2017-05-16 23:01 - 00022864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2016-04-15 22:40 - 2017-05-16 23:01 - 00069968 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd 2017-01-23 23:02 - 2017-05-16 23:01 - 00022872 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-01-23 23:02 - 2017-05-16 23:01 - 00021848 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-01-23 23:02 - 2017-05-16 23:01 - 00022872 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2015-12-12 12:47 - 2017-04-26 02:40 - 00349128 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00103232 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd 2016-02-19 22:24 - 2017-05-16 23:01 - 00023896 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00025936 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-05-17 21:41 - 2017-04-26 02:34 - 00036296 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\librsync.dll 2017-05-17 21:41 - 2017-05-16 23:00 - 00033112 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd 2017-05-17 21:41 - 2017-03-22 12:07 - 00293392 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll 2017-05-17 21:41 - 2017-05-16 23:00 - 00084288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-07-08 20:55 - 2017-05-16 23:01 - 00030536 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd 2017-05-17 21:41 - 2017-04-26 02:43 - 00017864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-05-17 21:41 - 2017-04-26 02:43 - 01631184 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2016-08-16 09:16 - 2017-05-16 23:01 - 00026456 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-04-07 20:31 - 2017-05-16 23:01 - 00023368 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00546104 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2017-05-17 21:41 - 2017-05-16 23:00 - 00357688 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-09-14 17:31 - 2016-08-18 20:26 - 00225792 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll 2016-09-14 17:31 - 2014-05-01 02:49 - 00025088 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\BSL430.dll 2015-01-08 23:23 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00123918 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 01026062 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00524460 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 03036430 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 01798570 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 03095505 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00115214 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 21565192 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00712704 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00031744 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00046080 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00032768 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00516608 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00243200 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll 2017-03-08 20:17 - 2017-03-08 20:17 - 00431616 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll 2017-05-20 10:51 - 2014-05-13 12:04 - 00109400 _____ () D:\Programs\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2017-05-20 10:51 - 2014-05-13 12:04 - 00167768 _____ () D:\Programs\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2017-05-20 10:51 - 2014-05-13 12:04 - 00416600 _____ () D:\Programs\Spybot - Search & Destroy 2\DEC150.bpl 2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll 2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2015-01-06 23:25 - 2017-03-10 02:13 - 00674592 _____ () D:\Programs\Steam\SDL2.dll 2015-01-21 00:13 - 2016-09-01 03:02 - 04969248 _____ () D:\Programs\Steam\v8.dll 2015-01-06 23:25 - 2017-04-26 01:55 - 02465056 _____ () D:\Programs\Steam\video.dll 2015-01-06 23:25 - 2016-01-27 09:49 - 02549760 _____ () D:\Programs\Steam\libavcodec-56.dll 2015-01-06 23:25 - 2016-01-27 09:49 - 00491008 _____ () D:\Programs\Steam\libavformat-56.dll 2015-01-06 23:25 - 2016-01-27 09:49 - 00332800 _____ () D:\Programs\Steam\libavresample-2.dll 2015-01-06 23:25 - 2016-01-27 09:49 - 00442880 _____ () D:\Programs\Steam\libavutil-54.dll 2015-01-06 23:25 - 2016-01-27 09:49 - 00485888 _____ () D:\Programs\Steam\libswscale-3.dll 2015-01-21 00:13 - 2016-09-01 03:02 - 01563936 _____ () D:\Programs\Steam\icui18n.dll 2015-01-21 00:13 - 2016-09-01 03:02 - 01195296 _____ () D:\Programs\Steam\icuuc.dll 2015-01-06 23:25 - 2017-04-26 01:55 - 00848672 _____ () D:\Programs\Steam\bin\chromehtml.DLL 2016-03-09 19:53 - 2016-07-05 00:17 - 00266560 _____ () D:\Programs\Steam\openvr_api.dll 2016-12-13 18:52 - 2017-01-30 23:41 - 68875552 _____ () D:\Programs\Steam\bin\cef\cef.win7\libcef.dll 2015-01-06 23:25 - 2017-04-26 01:55 - 00383776 _____ () D:\Programs\Steam\steam.dll 2015-01-21 00:13 - 2015-09-25 01:52 - 00119208 _____ () D:\Programs\Steam\winh264.dll 2016-10-18 20:18 - 2017-04-26 07:03 - 02442360 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2016-10-18 20:18 - 2017-04-26 07:03 - 00361920 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2016-10-18 20:18 - 2017-04-26 07:03 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2016-10-18 20:18 - 2017-04-26 07:03 - 00384120 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2016-10-18 20:18 - 2017-04-26 07:03 - 00467392 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2016-10-18 20:18 - 2017-04-26 07:03 - 00572024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Software\Classes\.com: => <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2017-05-21 22:02 - 00001077 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\Documents\tardis_wallpaper___dw_by_vampiric_time_lord-d5luyi7.png DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Avira.ServiceHost => 2 MSCONFIG\Services: BrYNSvc => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: GfExperienceService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: igfxCUIService1.0.0.0 => 2 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: WTabletServiceCon => 2 MSCONFIG\Services: ZAPrivacyService => 2 MSCONFIG\startupreg: CheckManager => C:\Incasolution\Checkmanager\CheckManagerRun.exe HKLM\...\StartupApproved\StartupFolder: => "FileBox eXtender.lnk" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\StartupApproved\StartupFolder: => "startup-monitor-timeout.lnk" HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\StartupApproved\StartupFolder: => "Rainmeter.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [{955B74C1-33F7-45D6-AD5F-98C2C16937A5}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe FirewallRules: [{7D7F4C28-8D12-4997-9632-061C396DE7FD}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe FirewallRules: [{2E9FADA1-EFCA-437C-8B77-85CF50F9E4B2}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe FirewallRules: [{F6DA3110-D1B2-499C-9E8E-4E9594C3F6EE}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe FirewallRules: [{4A551D9B-2B42-45D9-A533-B150FDCD8A6D}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe FirewallRules: [{C9146A9A-7681-4C6A-A0A9-A7C33DFF6BB4}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe FirewallRules: [{F9717377-651A-4EAF-AD26-03D8B2633911}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe FirewallRules: [{53F8F870-D058-474F-81C9-4A9286905917}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe FirewallRules: [UDP Query User{2A6AC553-1AFB-4043-B2AA-D12E1E2D0096}E:\tmnationsforever\tmforever.exe] => (Allow) E:\tmnationsforever\tmforever.exe FirewallRules: [TCP Query User{3B60553F-43B9-4E81-97E3-6CD6DEB1D6C7}E:\tmnationsforever\tmforever.exe] => (Allow) E:\tmnationsforever\tmforever.exe FirewallRules: [{53943896-F8ED-4E47-B870-2FAF543D2836}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{35394F4C-CA8C-4C04-B3CC-10C9B8129F44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6AB151CC-A7A5-45F4-B348-6DDE222B23EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{F9C05C63-1961-493B-A8A7-A4992558C69A}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe FirewallRules: [TCP Query User{D2EFF52C-DA64-4893-8905-CF0C15BE0AEE}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe FirewallRules: [{3FF192BE-4F83-4525-86B1-F00740BEB58A}] => (Allow) D:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe FirewallRules: [UDP Query User{A6F115DC-2C2F-4391-BABC-923644435628}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell pandora tomorrow\pandora.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell pandora tomorrow\pandora.exe FirewallRules: [TCP Query User{52AC7088-093C-43FD-B960-13BCE020A8E0}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell pandora tomorrow\pandora.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell pandora tomorrow\pandora.exe FirewallRules: [{555D07CC-8705-4BE6-9FB6-7FBCE6227799}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe FirewallRules: [{FA2ACA2F-666A-4AD4-96CF-D36332DF588B}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe FirewallRules: [{D34398DC-5025-4DED-8FF8-1BA0BCAF9282}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe FirewallRules: [{3021B711-EAB8-4AC5-A5C5-B8E16AE12403}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe FirewallRules: [{6F9A9248-EBE7-4CC4-9CAB-D629218BA2B7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe FirewallRules: [UDP Query User{8C214CAC-48AA-43B8-A677-485E59B225B5}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [TCP Query User{9EC1E6F0-41B0-40A6-842B-D43883B20519}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe FirewallRules: [UDP Query User{7D789ECC-A756-44EF-B7B3-478D6F5F95B2}D:\programs\foobar2000\foobar2000.exe] => (Block) D:\programs\foobar2000\foobar2000.exe FirewallRules: [TCP Query User{5E667F31-36CC-4426-84C1-F68CCEF66A2A}D:\programs\foobar2000\foobar2000.exe] => (Block) D:\programs\foobar2000\foobar2000.exe FirewallRules: [{57C5828B-C9E5-4DB8-A9FB-3F98BFD52224}] => (Allow) G:\Steam\steamapps\common\Resident Evil 6\BH6.exe FirewallRules: [{9731ABFB-465D-49EC-A1D6-3A89C391ADA2}] => (Allow) G:\Steam\steamapps\common\Resident Evil 6\BH6.exe FirewallRules: [UDP Query User{D6D7C7D7-3F70-46FD-8AC8-C9DF6255B97E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{DC96E293-2BB2-4CEF-9CF6-B120AD1B8290}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{2242B5CD-2921-4799-905C-356CDAE0AF29}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe FirewallRules: [TCP Query User{96EBBC58-8C15-468E-A63A-BE28762B7437}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe FirewallRules: [{CF8F04DA-B812-4C90-A895-B66031D4A639}] => (Allow) D:\Programs\Steam\steamapps\common\Spear of Destiny\base\dosbox.exe FirewallRules: [{95338DE0-FE41-47BE-B151-767AA1180A89}] => (Allow) D:\Programs\Steam\steamapps\common\Spear of Destiny\base\dosbox.exe FirewallRules: [{08AA2AC6-0C70-43C8-9639-4E93E87ABB5A}] => (Allow) D:\Programs\Steam\steamapps\common\Wolfenstein 3D\base\dosbox.exe FirewallRules: [{F95DFE2E-99B2-4263-BD45-A953E837D57E}] => (Allow) D:\Programs\Steam\steamapps\common\Wolfenstein 3D\base\dosbox.exe FirewallRules: [{D4ED68FA-74E4-4E96-BF36-1C875B097BCF}] => (Allow) D:\Programs\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{51A123A1-FB52-429D-881A-3B2796EEEA79}] => (Allow) D:\Programs\Steam\steamapps\common\Portal 2\portal2.exe FirewallRules: [{56BD6AE2-7182-4584-AAB4-CF2AD25FCC7C}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [{96B03758-8C41-461A-B6DD-9FD56563D46B}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe FirewallRules: [UDP Query User{0BC58C2B-9E78-4110-94E4-39A7858A77C5}H:\games\dying light\dyinglightgame.exe] => (Block) H:\games\dying light\dyinglightgame.exe FirewallRules: [TCP Query User{5EB5B183-FE73-45E5-9860-D385BEC7D5B4}H:\games\dying light\dyinglightgame.exe] => (Block) H:\games\dying light\dyinglightgame.exe FirewallRules: [UDP Query User{879C58DF-C067-4A38-A9D6-27B2FE0A0A21}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe FirewallRules: [TCP Query User{838D2167-8748-4C2D-A33D-F436BC919383}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe FirewallRules: [{BE43F635-BA04-4CAC-A310-38CF722049E5}] => (Allow) D:\Games\Steam\SteamApps\common\Metro 2033 Redux\metro.exe FirewallRules: [{B3A4CC42-BD0C-4024-8194-9062962571EF}] => (Allow) D:\Games\Steam\SteamApps\common\Metro 2033 Redux\metro.exe FirewallRules: [{4B3A379A-7100-4E17-BF49-EC6AD32984BE}] => (Allow) G:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe FirewallRules: [{D4B37A53-6A9D-4911-AAC6-28FEDBD5AD39}] => (Allow) G:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe FirewallRules: [{6D4E7E3D-31B6-445E-B5F8-FB890317C1A7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{C47B4151-BC3F-4B28-A5CE-5BFBC87783BA}] => (Allow) LPort=54925 FirewallRules: [{7004C489-DB6A-4B50-8321-DD09AD71EDD5}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{38256FFF-56BD-458B-A2AE-984332EF3E56}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{6B24788A-6C6D-4177-A3C9-473787F69470}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{67D55BB8-0DB9-4A6A-80F4-91BC562B7AAC}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{55F33EB0-2C34-4106-BBCF-C4E79936D7CC}] => (Allow) D:\Programs\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe FirewallRules: [UDP Query User{8E9DD929-DFC0-415E-83A6-5F786033887E}D:\programs\foobar2000\foobar2000.exe] => (Allow) D:\programs\foobar2000\foobar2000.exe FirewallRules: [TCP Query User{FFFC5B9A-A353-4734-BC7C-F7F463BE489F}D:\programs\foobar2000\foobar2000.exe] => (Allow) D:\programs\foobar2000\foobar2000.exe FirewallRules: [{6623C922-4F21-4696-AF7D-35067405AC5D}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe FirewallRules: [{8367A874-2822-4D8B-8908-DD9A6D166559}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe FirewallRules: [{FAAB3F45-15BA-442C-B926-BB1CFFCF2124}] => (Allow) D:\Programs\Steam\Steam.exe FirewallRules: [{243C3603-844F-4C92-8870-3BFD9B1BEDBB}] => (Allow) D:\Programs\Steam\Steam.exe FirewallRules: [{72534F44-C789-447A-9732-866905A11746}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D07EB507-4344-4C9B-ADC3-F25121CAE88B}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{89C1F102-DAED-40E7-9E60-8BF31586E87C}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{EB84C45E-A501-4C7C-9C81-61C9B43A78C7}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{70ED136F-D934-4203-8B00-EBE9E813EC4F}] => (Allow) H:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{043F22C9-3D05-4702-94B5-83D6D4706CEF}] => (Allow) H:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe FirewallRules: [{779B07EE-2FA0-4618-ABD6-00745748EB5B}] => (Allow) H:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [{151298FA-BE85-4551-981D-F5AFF0C7DE64}] => (Allow) H:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe FirewallRules: [{5888DE07-A1AA-4BDE-BF57-E5C571A17559}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{CDE4BE0C-0E93-4826-A28A-9C901B9C0133}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe FirewallRules: [{B35E2C7B-F909-485C-A69C-ADE634FAC284}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe FirewallRules: [{38FFCDB9-0DCB-4E7A-A23A-48EC1A5B840E}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe FirewallRules: [{2360F18C-8C8E-4F47-A3D4-425B81510932}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe FirewallRules: [{C9789B73-CFD2-4BC0-BC89-C8EE7D908FF7}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe FirewallRules: [{FC49070F-5FDB-4234-843B-5600679BF73B}] => (Allow) F:\Games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{AD11315D-33F6-4637-82AD-E7793AC1F808}] => (Allow) F:\Games\The Crew (Worldwide)\TheCrew.exe FirewallRules: [{5E1AC82E-AD2C-4285-BE4B-EDBBA5B1E836}] => (Allow) H:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe FirewallRules: [{7F715553-FD09-40D4-B918-6B46B948F941}] => (Allow) H:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe FirewallRules: [{C35A98E9-BB18-41DE-9715-6C6E7C083072}] => (Allow) H:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe FirewallRules: [{E113E15A-489B-4244-8C15-DE2F507CD651}] => (Allow) H:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe FirewallRules: [{7C314EEA-E84A-460C-B94F-955195B7B230}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ACAA0BAF-FF9A-4242-A4BF-BE471956E955}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{574F5A68-C7FC-4C1B-91E4-A5BDE63CF8A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{3C3AE875-699D-45D6-AE83-974F98C242BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8D26C63D-6AA6-49CD-80E9-D5BA9BD5F828}] => (Allow) I:\Games\Steam\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{1BA9D80D-9432-45D3-8806-0A67946445F6}] => (Allow) I:\Games\Steam\steamapps\common\Hitman™\Launcher.exe FirewallRules: [{294FBA59-6CE2-4BF4-8FC2-86BA4C3CD38F}] => (Allow) I:\Games\Steam\steamapps\common\DOOM\DOOMx64.exe FirewallRules: [{71D90140-EF1F-40D5-B80E-19CCF8FA3983}] => (Allow) I:\Games\Steam\steamapps\common\DOOM\DOOMx64.exe FirewallRules: [TCP Query User{863A29BC-23D6-45DB-A418-EA9E5A390896}D:\programs\altium\dxp.exe] => (Block) D:\programs\altium\dxp.exe FirewallRules: [UDP Query User{92047B1B-BD16-4F3E-B170-711F344EA367}D:\programs\altium\dxp.exe] => (Block) D:\programs\altium\dxp.exe FirewallRules: [{0C1AB8F9-4778-40B3-96A1-486AB3F923B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{ADAA8C40-6142-48D6-BECC-92225A111BA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{1E39741F-C28B-4F32-91B8-335C2CAEC6A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EACCD66A-2224-4159-A37B-5F73277AB303}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4C0DEB67-DFA2-4B3B-8397-10BDCA6A6857}] => (Allow) I:\Games\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe FirewallRules: [{B99BFA50-1C68-4ECC-B46B-0E0A71F052BF}] => (Allow) I:\Games\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe FirewallRules: [{B3886132-92B6-4CCF-9155-1E1B9B19403B}] => (Allow) D:\Programs\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe FirewallRules: [{798C2EB8-6E0F-4942-87F3-A7673925FF31}] => (Allow) D:\Programs\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe FirewallRules: [{B8F991F1-3B34-4B1B-ACDD-E1E5D6CA12F5}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe FirewallRules: [{1414331D-C47E-411F-A2BC-E4ACCB543BAC}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe FirewallRules: [{04529D6F-4AC2-4C5C-9C34-20FDE3FB87A0}] => (Allow) I:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe FirewallRules: [{836E4648-91DE-4625-A4CA-5EA3B2A9A4DC}] => (Allow) I:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe FirewallRules: [{491C7DFC-FF42-489E-AB05-36BEAE4C8D61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{2EC81DA8-69F7-44AC-A969-376C64FF0CFF}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{C16EBEA5-C50D-4439-AAD4-27FF98CAEAF1}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{7DC2E662-0E9D-40E9-B3A5-1EABC599A07A}] => (Allow) I:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe FirewallRules: [{96BAE599-96E3-43FC-99BB-EDDCB7653D31}] => (Allow) I:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe FirewallRules: [TCP Query User{1C8F6E1E-D4CA-4DBB-B04F-4F118FAFC386}D:\programs\altium\ad17\dxp.exe] => (Allow) D:\programs\altium\ad17\dxp.exe FirewallRules: [UDP Query User{6F48A20F-F3EE-4C03-ADEF-B628C337F02E}D:\programs\altium\ad17\dxp.exe] => (Allow) D:\programs\altium\ad17\dxp.exe FirewallRules: [{8CFD0B45-98A9-46EE-BE85-E1084B565286}] => (Allow) D:\Programs\Steam\steamapps\common\Hitman GO\HitmanGo.exe FirewallRules: [{BB35EFF7-CE88-46CD-958D-117114AE780C}] => (Allow) D:\Programs\Steam\steamapps\common\Hitman GO\HitmanGo.exe FirewallRules: [{033C7ECB-BEA4-4275-8441-3CB7D00BF98A}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored2\Dishonored2.exe FirewallRules: [{0AF2C5D0-E0C6-4951-AC6A-36D1AE81B5D7}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored2\Dishonored2.exe FirewallRules: [{09F98C06-5433-4828-AD68-3F4BC820DBD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{3B6DA8FF-B5D5-4245-B674-8E6215E19440}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F818E25D-273A-489F-B555-CE9BEE4AF8C2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D50F8D53-AEE5-4FED-A965-AC3F23498D0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{3A13B96D-578F-4BA5-964C-13923A8BC001}] => (Allow) D:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [{BCF755E3-AFDE-4CBB-8C23-9EFD3F193DE9}] => (Allow) D:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe FirewallRules: [TCP Query User{02FD20CB-33F4-4265-8A29-18C68B580890}C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe FirewallRules: [UDP Query User{E99049C8-84E9-4463-B540-B54505A762D4}C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe FirewallRules: [{08C7B5C2-59FF-40D4-ACFF-4058D7A9A4E7}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe FirewallRules: [{99F00DF3-3245-4980-80DB-6D5912FCA1ED}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe FirewallRules: [{64AFFE18-8C36-410F-8480-2D0A647FD66A}] => (Allow) D:\Programs\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{FD41FED3-E906-4E46-A921-A168C47DA7F0}] => (Allow) D:\Programs\Steam\steamapps\common\Alien Isolation\AI.exe FirewallRules: [{95AA1533-0445-4233-B590-AFC843BB03EE}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win8.exe FirewallRules: [{09A276AB-5706-47E6-9A18-0608EB3B0B22}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win8.exe FirewallRules: [{93584101-2795-4F70-9393-89B25039DB9B}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win7.exe FirewallRules: [{9FC8EB2E-DDDE-4939-9204-5ECAE7CD46B0}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win7.exe FirewallRules: [{7317A101-1F03-41FB-933B-EAE59F1EDEB4}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{0A6B5AC1-234D-4305-A659-166EAF6B0F4A}] => (Allow) D:\Programs\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe FirewallRules: [{C79C37C6-8DE9-4CFA-BC5A-807CE64F0F3D}] => (Allow) D:\Programs\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe FirewallRules: [TCP Query User{519FAD81-CDE7-443F-A175-7462F0D00172}D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe] => (Allow) D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe FirewallRules: [UDP Query User{11E8EF7A-EC5C-4AD1-89C5-234514BC4028}D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe] => (Allow) D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe FirewallRules: [{D1D00F8C-9527-463C-A07F-01C39AEB67E7}] => (Allow) I:\Games\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe FirewallRules: [{A1E9EEB6-CC41-49D7-8B2E-8448B0C5D87A}] => (Allow) I:\Games\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe FirewallRules: [{89E16C7C-CDA4-456C-B018-34CB91C21B85}] => (Allow) I:\Games\Steam\steamapps\common\Redie\launcher.exe FirewallRules: [{92955C8D-89A5-408A-B543-558C9C4DEE19}] => (Allow) I:\Games\Steam\steamapps\common\Redie\launcher.exe FirewallRules: [{8AB9ECA7-42BF-4D96-B737-2D4FF4C69B19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{144D07F9-DFB1-48E3-99CD-EA0FC83788F7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{6F75BCDF-C62E-44E8-AD11-39FCFF1795BF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{65DB9264-7C95-4F8B-8E17-F0340BBBE7D2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{9C4E4CA7-56A9-468B-8E16-90CAF993B0B8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe FirewallRules: [{0BD09A37-030D-424B-9109-C322EE3FE282}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{10012684-2306-4C20-A2B1-6A48A8C78910}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe FirewallRules: [{92FBBED3-8A4F-462C-AD56-9843EA4105EB}] => (Block) LPort=445 FirewallRules: [{147818E4-58BD-442F-B55D-3FA319DFE9B2}] => (Block) LPort=445 StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: USB Touchpanel Description: USB Touchpanel Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.) Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard-USB-Hostcontroller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (05/22/2017 10:25:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY) Description: Vom Ereignisanbieter "VmmsWmiEventProvider" wurde versucht, die Abfrage "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA "Msvm_ContainerSystem"" zu registrieren, deren Zielklasse "Msvm_ContainerSystem" im Namespace "//./root/virtualization/v2" nicht vorhanden ist. Die Abfrage wird ignoriert. Error: (05/22/2017 09:13:00 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode. Error: (05/22/2017 08:42:15 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest. Error: (05/22/2017 08:41:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:41:28 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest". Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:40:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:40:10 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:38:08 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "D:\Programs\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:37:09 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\14.0\Debugger\target\armv4i\vsgraphicsremoteengine.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (05/22/2017 08:36:34 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. System errors: ============= Error: (05/22/2017 10:25:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. Error: (05/22/2017 10:25:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 10:24:09 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 10:24:09 PM) (Source: DCOM) (EventID: 10010) (User: Phantom) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (05/22/2017 08:29:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} und der APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden. |
22.05.2017, 21:48 | #5 |
| Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?Code:
ATTFilter Error: (05/22/2017 08:29:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden. CodeIntegrity: =================================== Date: 2017-05-21 21:49:05.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-21 21:49:02.210 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-21 16:46:24.223 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-21 16:46:24.221 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-21 16:46:24.219 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-21 16:46:24.218 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-21 13:57:12.067 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-21 13:53:16.645 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-21 13:53:14.188 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements. Date: 2017-05-21 13:41:55.380 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Percentage of memory in use: 25% Total physical RAM: 32663.03 MB Available physical RAM: 24185.21 MB Total Virtual: 33663.03 MB Available Virtual: 23390.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.35 GB) (Free:7.84 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:14.56 GB) NTFS Drive e: (Games) (Fixed) (Total:48.83 GB) (Free:22.54 GB) NTFS Drive f: (Daten) (Fixed) (Total:368.1 GB) (Free:291.41 GB) NTFS Drive g: (Games2) (Fixed) (Total:50 GB) (Free:5.96 GB) NTFS Drive h: (Multimedia) (Fixed) (Total:931.51 GB) (Free:225.6 GB) NTFS Drive i: (Downloads) (Fixed) (Total:1813.01 GB) (Free:97.21 GB) NTFS Drive n: (BIRD_OF_PREY_VOL_01) (CDROM) (Total:7.11 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11F42019) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 6FD9C0EF) Partition 1: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1813 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4832A475) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBA2BBA2) Partition 1: (Not Active) - (Size=993 KB) - (Type=42) Partition 2: (Active) - (Size=48.8 GB) - (Type=42) Partition 3: (Not Active) - (Size=416.9 GB) - (Type=42) ======================================================== Disk: 4 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4EC3CCFA) Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ==================== End of Addition.txt ============================ |
24.05.2017, 22:02 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? hi, Zitat:
Bitte nachreichen. In code-tags.
__________________ --> Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? |
25.05.2017, 09:16 | #7 |
| logs malware+virenscanner Die Logfiles sind im Anhang. Gestern konnte ich folgendes Verhalten feststellen: wenn das Problem auftritt - stürzt Chrome ab, der Task lässt sich nicht mehr beenden - aktionen wie das öffnen des taskmanagers oder des startmenus gehen nicht mehr Ich hatte zum Glück schon einen Taskmanager geöffnet und habe dann wahllos Prozesse abgeschossen und irgendwann lief das System und die Internetverbindung wieder. Ich versuche beim nächsten Auftreten systematischer vorzugehen um den Übeltäter zu identifizieren. |
26.05.2017, 06:30 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? |
adobe, antivir, avg, avira, bho, bonjour, browser, defender, desktop, excel, explorer, firefox, google, hijack, internet explorer, logfile, malware, nvcontainer, nvidia, opera, security, server, software, system, usb, windows |